US payment systems vendor VeriFone’s CEO has
blasted its start-up rival Square for overlooking a “serious
security flaw” that places consumers in “dire risk”.
Douglas G Bergeron claims that during an
investigation into the security of Square’s card readers, VeriFone
found that a ‘reasonably’ skilled programmer can write an
application in less than an hour that can skim a consumer’s
financial and personal information off their cards using Square’s
POS equipment.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
He claims that a fraudster can sign up with
Square, obtain a dongle for free and create a ‘fake’ Square app on
his/her smartphone. If they then insert the dongle into the audio
jack of a smartphone or iPad, they have created a portable mobile
skimming device that fits in their pocket.
Bergeron argues that it is “shockingly simple”
for a criminal to fraudulently obtain this data.
“The issue is that Square’s hardware is poorly
constructed and lacks all ability to encrypt consumers’ data,
creating a window for criminals to turn the device into a skimming
machine in a matter of minutes,” he said.
Jack Dorsey, the founder of both Twitter
and Square argues in an open letter posted on its website
that VeriFone’s claim is neither fair nor accurate as it overlooks
the protections built into a credit card.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“Any technology—an encrypted card reader, phone camera, or plain
old pen and paper—can be used to “skim” or copy numbers from a
credit card,” said Dorsey.
“The waiter you hand your credit card to at a restaurant, for
example, could easily steal your card details if he wanted to—no
technology required. If you provide your credit card to someone who
intends to steal from you, they already have everything they need:
the information on the front of your card.”
The announcement is described by Bergeron as a
wake-up call to consumers and the payments industry. He argues that
if the industry allows Square and other similar companies to
‘short-circuit’ security best practices, it will seriously
jeopardise the integrity and security of the payment infrastructure
and financial systems developed over the last three decades.
VeriFone will hand over their findings to the
four major card schemes Visa, MasterCard, Discover and American
Express, as well as Square’s credit card processor JP Morgan
Chase.
Bergeron calls on Square to recall their
devices from the market as he claims consumers who hand over their
cards to merchants using Square devices are unwittingly putting
themselves in danger.
