Skip to main content

Credit card processor VeriFone challenges Square

Image used with permission by copyright holder

Credit card processor VeriFone has released an open letter to both consumers and the card processing industry claiming that an smartphone-based credit card reader being marketed by start-up Square is plagued by a “serious security flaw” that puts users’ data at risk. According to VeriFone, the problem lies in the Square card reader dongle that connects to an iPhone, iPad, or Android device’s headphone connector: the dongle reads information off the card’s magnetic strip and sends it to the device unencrypted. The result, according to VeriFone, is that anyone could write a bogus skimming application that collected card information off the Square card reader, and experts could do it from scratch in under an hour. How do they know? They did it.

“In less than an hour, any reasonably skilled programmer can write an application that will “skim”—or steal—a consumer’s financial and personal information right off the card utilizing an easily obtained Square card reader,” VeriFone’s CEO Douglas G. Bergeron wrote in the latter. “How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.”

Recommended Videos

The idea behind Square is to enable anyone to accept payments using credit cards using just an smartphone, the Square dongle reader, and Square’s software—of course, users will also need to have a verified, non-prepaid bank account to accept credit card payments. However, VeriFone’s argument is that because the data read off the card is transmitted to the device unencrypted, anyone could write a bogus “Square” application and use it to skim credit card information from unsuspecting credit card users.

VeriFone is demanding Square recall all its card-reading devices, and notes it is handing its application over to the likes of Visa, MasterCard, Discover, American Express, and JP Morgan chase for their examination, urging them to stop accepting payments processed via Square. “If the industry allows Square and other similar attempts to short-circuit security best practices, it will seriously jeopardize the integrity and security of the payment infrastructure and financial systems developed over the last three decades.”

Industry watchers have generally greeted VeriFone’s accusations and open letter with a healthy degree of skepticism. Some have accused VeriFone of having a blatant conflict of interest, since Square’s business model directly undercuts VeriFone’s own business for expensive credit card readers. In that context, VeriFone’s open letter can be viewed an attempt to spread fear, uncertainty, and doubt (FUD) about a competitor’s product. Others have noted that, with the exception of a CVV1 number, the data on a credit card’s magnetic strip is exactly the same as the information printed on the credit card itself: skimmers need only take a decent picture of a credit card in order to “skim” the data off it—and they might get the user’s legal signature too.

[Updated 09-Mar-2011: Original text stated Square operated only with merchant accounts.]

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Hyundai Ioniq 5 sets world record for greatest altitude change
hyundai ioniq 5 world record altitude change mk02 detail kv

When the Guinness World Records (GWR) book was launched in 1955, the idea was to compile facts and figures that could finally settle often endless arguments in the U.K.’s many pubs.

It quickly evolved into a yearly compilation of world records, big and small, including last year's largest grilled cheese sandwich in the world.

Read more
Global EV sales expected to rise 30% in 2025, S&P Global says
ev sales up 30 percent 2025 byd sealion 7 1stbanner l

While trade wars, tariffs, and wavering subsidies are very much in the cards for the auto industry in 2025, global sales of electric vehicles (EVs) are still expected to rise substantially next year, according to S&P Global Mobility.

"2025 is shaping up to be ultra-challenging for the auto industry, as key regional demand factors limit demand potential and the new U.S. administration adds fresh uncertainty from day one," says Colin Couchman, executive director of global light vehicle forecasting for S&P Global Mobility.

Read more
Faraday Future could unveil lowest-priced EV yet at CES 2025
Faraday Future FF 91

Given existing tariffs and what’s in store from the Trump administration, you’d be forgiven for thinking the global race toward lower electric vehicle (EV) prices will not reach U.S. shores in 2025.

After all, Chinese manufacturers, who sell the least expensive EVs globally, have shelved plans to enter the U.S. market after 100% tariffs were imposed on China-made EVs in September.

Read more