Payment processor Verifone has issued a very public warning about the security of competitor Square’s card reader, stating that it could be used for credit card skimming.
In an open letter and video (below), Verifone have requested a recall of Square’s card readers whilst they fix the flaw:
Today is a wake-up call to consumers and the payments industry. Last year, a start-up named Square introduced a credit card reader for smartphones with the goal of making it very easy for anyone to accept credit cards through a mobile device. Seems like a great idea, but there is a serious security flaw that Square has overlooked that places consumers in dire risk.
In less than an hour, any reasonably skilled programmer can write an application that will “skim” – or steal – a consumer’s financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.
Whilst Square naturally have to find an answer to this problem, the way Verifone has gone about this announcement suggests they’re actually a little worried by the competition Square presents them with.
This is not a friendly message from one payment processor to another; the smartly produced video and open letter hosted on a specially registered URL (sq-skim.com) which lists other security problems faced by Square, and the fact they’ve gone to the trouble of developing the skimming software to demonstrate the flaw make it look more of a PR exercise than a real concern for consumers.
As of writing, we’re yet to see a response from Square.
- iZettle Celebrates 5th Birthday, Drops Transaction Fees (June 8, 2016)
- MotionCode: “High-Tech” Credit Card Launched To Combat Fraud (September 28, 2016)
- 10% Of Card Payments Are Now Contactless (December 31, 2015)
- iZettle Launches Card Reader to Support Apple Pay & Contactless Payments (May 19, 2015)
- Contactless Cards Can Be Used Months After Cancellation (September 9, 2016)