Skip to main content
  1. Home
  2. Emerging Tech
  3. Mobile
  4. Legacy Archives

Credit card processor VeriFone challenges Square

Add as a preferred source on Google
Image used with permission by copyright holder

Credit card processor VeriFone has released an open letter to both consumers and the card processing industry claiming that an smartphone-based credit card reader being marketed by start-up Square is plagued by a “serious security flaw” that puts users’ data at risk. According to VeriFone, the problem lies in the Square card reader dongle that connects to an iPhone, iPad, or Android device’s headphone connector: the dongle reads information off the card’s magnetic strip and sends it to the device unencrypted. The result, according to VeriFone, is that anyone could write a bogus skimming application that collected card information off the Square card reader, and experts could do it from scratch in under an hour. How do they know? They did it.

“In less than an hour, any reasonably skilled programmer can write an application that will “skim”—or steal—a consumer’s financial and personal information right off the card utilizing an easily obtained Square card reader,” VeriFone’s CEO Douglas G. Bergeron wrote in the latter. “How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.”

Recommended Videos

The idea behind Square is to enable anyone to accept payments using credit cards using just an smartphone, the Square dongle reader, and Square’s software—of course, users will also need to have a verified, non-prepaid bank account to accept credit card payments. However, VeriFone’s argument is that because the data read off the card is transmitted to the device unencrypted, anyone could write a bogus “Square” application and use it to skim credit card information from unsuspecting credit card users.

VeriFone is demanding Square recall all its card-reading devices, and notes it is handing its application over to the likes of Visa, MasterCard, Discover, American Express, and JP Morgan chase for their examination, urging them to stop accepting payments processed via Square. “If the industry allows Square and other similar attempts to short-circuit security best practices, it will seriously jeopardize the integrity and security of the payment infrastructure and financial systems developed over the last three decades.”

Industry watchers have generally greeted VeriFone’s accusations and open letter with a healthy degree of skepticism. Some have accused VeriFone of having a blatant conflict of interest, since Square’s business model directly undercuts VeriFone’s own business for expensive credit card readers. In that context, VeriFone’s open letter can be viewed an attempt to spread fear, uncertainty, and doubt (FUD) about a competitor’s product. Others have noted that, with the exception of a CVV1 number, the data on a credit card’s magnetic strip is exactly the same as the information printed on the credit card itself: skimmers need only take a decent picture of a credit card in order to “skim” the data off it—and they might get the user’s legal signature too.

[Updated 09-Mar-2011: Original text stated Square operated only with merchant accounts.]

Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Starlink V5 is here, and it’s lighter, smarter, and far more efficient
The next-generation satellite internet kit promises improved efficiency while maintaining high-speed connectivity.
Starlink V4 vs V5

Not every hardware upgrade needs to be about speed. With Starlink V5, SpaceX is betting that a lighter design and lower power consumption matter just as much. The company has officially introduced its next-generation Starlink V5 kit, featuring a smaller and lighter design with significantly improved power efficiency.

Smaller, lighter, and far more efficient

Read more
Frontier joins the Starlink club with high-speed in-flight internet
The carrier plans to roll out SpaceX's satellite-powered Wi-Fi across its fleet starting in 2027.
Frontier Starlink partnership featured

If there's one thing budget airlines aren't exactly known for, it's great onboard Wi-Fi. In Frontier Airlines' case, it hasn't offered in-flight internet at all. That's about to change. Frontier Airlines has announced a partnership with SpaceX's Starlink to bring high-speed, low-latency internet across its fleet. Installations will begin in early 2027, making Frontier the first ultra-low-cost carrier in the United States to adopt Starlink's satellite-powered connectivity.

Streaming, browsing, and even gaming at 35,000 feet

Read more
OpenAI’s first hardware product sounds more like a companion than a speaker
The AI company is reportedly building a mobile home device that understands context and proactively helps users.
OpenAI press image

For months, rumors have suggested that OpenAI's first hardware product could be a wearable AI device, or perhaps even the beginning of its long-term smartphone ambitions. As it turns out, the company's first gadget may be something far simpler, yet arguably far more ambitious. It will help control smart-home appliances, play media, answer questions, respond to messages, and tap into the range of capabilities offered by OpenAI's ChatGPT, according to people familiar with the matter.

OpenAI's first AI device could end up being a speaker, following plenty of hype that the company is actually working on a wearable AI device and might even launch a smartphone down the road. According to a Bloomberg report, the speaker will serve as a human-like AI companion that will integrate directly with the smart home ecosystem.

Read more