VeriFone, a large payment processing corporation, has launched a full-on hit job against Square:
Today is a wake-up call to consumers and the payments industry.
Last year, a start-up named Square introduced a credit card reader
for smartphones with the goal of making it very easy for anyone to
accept credit cards through a mobile device. Seems like a great
idea, but there is a serious security flaw that Square has
overlooked that places consumers in dire risk.
In less than an hour, any reasonably skilled programmer can write
an application that will “skim” — or steal — a consumer’s
financial and personal information right off the card utilizing an
easily obtained Square card reader. How do we know? We did it.
Tested on sample Square card readers with our own personal credit
cards, we wrote an application in less than an hour that did
This is pure, unadulterated FUD. When you swipe a U.S. credit card, the magnetic strip only contains the information printed on the card itself: the card number, the expiration date, your name, etc. Nothing can be “stolen” using Square’s card readers that cannot be stolen by simply looking at the card with your eyes or a camera. Nothing.
Update: The magnetic strip contains a CVV1 number that isn’t printed on the card (it’s the CVV2 number that’s printed, for verifying online purchases), but still, the overall point stands: VeriFone’s attack against Square is FUD.
★ Wednesday, 9 March 2011