Following yesterday’s public warning about the security of Square’s card reader by Verifone, Square have posted a rather understated response on their website.
Today one of our competitors alleged that the Square card reader is insecure. This is not a fair or accurate claim and it overlooks all of the protections already built into your credit card.
Any technology—an encrypted card reader, phone camera, or plain old pen and paper—can be used to “skim†or copy numbers from a credit card… If you provide your credit card to someone who intends to steal from you, they already have everything they need: the information on the front of your card.
The bank that issues your credit card recognizes this and does not hold you responsible for fraudulent charges. When they are alerted to odd activity, they simply give you a call and will reverse the transaction.
Meanwhile, the backlash against Verifone seems to be continuing, with many saying that this looks like the move of a desperate company, worried about the young upstart Square. They’ve also shot themselves in the foot; in publicising its concerns it has probably done more to advertise Square than Square has done itself.
Perhaps next time Verifone should read Square’s security page which recognizes the important contributions that its users and the security research community can make:
