VeriFone accuses Square of offering an insecure card skimming device

first_imgIn January of last year we reported on a new startup founded by Twitter co-founder Jack Dorsey called Square which promises to turn your smartphone into a credit card terminal. The solution consists of an application and a small credit card reader, supplied for free, that brings the convenience of selling services and products via credit card transactions to small businesses and individuals.The attraction of Square is that its fees are simplified compared to traditional credit card terminal providers, and there is no long-term commitment required. The service charges a flat rate of 2.75% per transaction, a recent change to the pricing model that makes it even more attractive to small business users.One of Square’s competitors, VeriFone, which offers a traditional credit card terminal for businesses in addition to its own mobile solution, is on a campaign to point out what it believes to be a serious security flaw when using Square. VeriFone challenges that in less than an hour a fake Square application can be written that utilizes the free credit card reader to “skim” or steal personal financial information right off a credit card. VeriFone states that the culprit seems to be the “poorly constructed” credit card reader provided by Square as it has no ability to encrypt the customer’s information.To help spread the message of what VeriFone calls a consumer alert, and to demonstrate this skimming application, the company has created a YouTube video:In addition to its consumer directed marketing, which includes a special website, VeriFone has also stated that it will be sending a copy of the sample skimming application to Visa, MasterCard, Discover, American Express, and JP Morgan Chase. All of which are used by Square as a credit card processor. VeriFone has also called on Square to recall its free “card skimming devices” from the market.On the same website that VeriFone calls out Square on security, the company offers a link to its own mobile solution for processing credit card transactions using a smartphone called PAYware Mobile. Of course, it offers encrypted credit card transactions.In response to the accusations made against it, Square has issued a letter entitled “A letter on credit card security and Square“. In it CEO Jack Dorsey points out that VeriFone is overlooking all the protection mechanisms already built into our credit cards. He compares the lack of security VeriFone refers to as someone writing down your card details on a piece of paper, which of course anyone can do.Read more at the VeriFone websiteBrian’s OpinionVeriFone may have indeed pointed out a security flaw it sees with Square’s credit card reader, but the campaign around this flaw is leaving a bad taste in my mouth. I believe some of VeriFone’s legitimacy in bringing this security issue to light is in question based on the aggressiveness of this campaign and the fact that a special website, which hopes to spread the word about the danger of Square’s credit card reader, also includes a link to VeriFone’s own competing service.Let me be clear. I am not stating that VeriFone’s claim against Square’s credit card reader is without merit. I’m simply saying the way that VeriFone is bringing attention to it, which even includes a campaign against the credit card companies and processor Square is in business with, seems to be over the top. The impression I take away is less of a concern about consumers and more of an attempt by VeriFone to use this opportunity to completely crush Square’s business. Based on the number of dislikes registered for VeriFone’s posted YouTube video I think there are other people out there with the same feeling I have.last_img

Leave your comment