Concerns Over Square's Credit Card Processing

Square is a company that wants to bring the ability to process credit and debit cards to anyone with a smartphone. While that has the potential to make transactions more secure, Square's implementation is just as bad as handing your credit card to a stranger charges payment technology provider VeriFone.

Ed Hansberry, Contributor

March 10, 2011

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Square is a company that wants to bring the ability to process credit and debit cards to anyone with a smartphone. While that has the potential to make transactions more secure, Square's implementation is just as bad as handing your credit card to a stranger charges payment technology provider VeriFone.While online credit card theft is a serious issue, your card is more likely to be "stolen" by someone you hand it to in the normal course of business. When you give your card to that nice waitress that has been so attentive to your needs at dinner to pay the bill, you have no idea who is actually going to run that charge through. You are trusting that they are only going to run the card through the machine and bring the bill back to you for signing. The unfortunate reality is, after running the card to pay for the meal, they may run it through a skimmer that copies all of the data from your card's magnetic strip and store it in a local database with everyone else's data from that evening.

Have you ever left your credit card at the counter so you could pump gas when the pump's reader is broken? Do you really trust that guy inside to not make a copy of your card with a skimmer?

This is the problem with the way Square has implemented their product. They give you a dongle for your phone that will read credit and debit cards on your smartphone and allow you to ring up transactions immediately. That is good in that more companies will be able to afford to have mobile readers allowing them to process your card in front of you rather than taking it to the back room.

The problem is, Square's dongle doesn't use hardware encryption. The data is plain text. If someone wants to write their own app to interface with the dongle, they can come right to your table, scan and skim in one swipe.

VeriFone has put together a video, free sample app and more information at their site Sq-Skim. If nothing else, you'll be able to readily identify what the scanner looks like and then decide for yourself, do you trust the person you are about to hand your card to with your card.

Hopefully, Square will fix this issue and release new scanners that are visually distinctive from the old ones that you'll be able to trust are only sending encrypted data through the phone and on to the payment provider at the bank.

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights