Square’s credit card reader for iOS/Android devices is pretty awesome – it lets anybody quickly and easily start taking credit payments. But according to Douglass Bergeron, the CEO of competing company Verifone, the device itself isn’t hardware-encrypted, meaning anyone could write an app that strips unprotected info from your card.
Verifone’s smear campaign is impressive, to say the least. They’ve launched a site dedicated to attacking Square and released, for anyone to download, a demo version of a Square skimming app their own engineers developed. (Without the skimming abilities actually built in.) Somehow they fail to mention they’ve got their own competing product in the mobile payments space.
Here’s the reality: In order for your card to get “skimmed” by a fake Square reader, you’d have to hand over your card to the fraudster in the first place to allow it to be scanned. Would you really hand over your credit card to somebody you didn’t trust in the first place? And even if you do get scammed that way, how is it so different from a situation where, you hand a credit card over to a waiter in a restaurant and they secretly skim it in the back? It’s the human element that’s the real problem.
Bergeron thinks Square should recall all their readers until they find a way to secure the device. Square should definitely do everything it can to make the service and devices as secure as possible, but you can keep swiping at places you trust without freaking out, despite Verifone’s best efforts to make that happen.[Verifone via GigaOM]