VeriFone Systems, an electronic payment service, boldly established what amounts to a technological "no-fly zone" against one of its competitors this week, claiming its rival Square produces a credit card reader that can be turned into a skimming machine by criminals in less than an hour.
Douglas Bergeron, VeriFone's CEO, announced Tuesday in a YouTube video and in an open letter to businesses, the merchant card processing community and the public, that Square, a rival San Francisco-based mobile payments company, should recall its credit card readers due to what Bergeron calls a "serious security flaw" that poses a risk to consumers who unwittingly hand over their plastic to merchants using the Square devices.
Bergeron also vowed to hand over a copy of its findings against Square to Visa, MasterCard, Discover, American Express and JP Morgan Chase.
Square responded to VeriFone's charges late last night, claiming that any technology can be used to "skim" or copy numbers from a credit card, using as examples an encrypted card reader, a phone camera or just a pen and paper. Square claims that if you hand your credit card over to someone who is intent on stealing your information, that information is already available -- on the front of your card.
On the surface, Square appears to be the perfect credit card payment system for those who sell merchandise or services outside of a traditional brick-and-mortar setting or even walk dogs and coordinate church bake sales. Created by Twitter co-founder Jack Dorsey, the Square system enables iPhones, the iPad, and some Android-powered devices to accept credit card payments by swiping a customer's card over a small, portable magnetic stripe reader that plugs into the device. Square says its product requires no merchant signup, no monthly fees and no contract to accept and process credit card payments. When you swipe a card with Square, there's a 2.75 percent transaction fee. That's it. You're done.
But it's in that simplicity that VeriFone sees a huge security risk. It accuses Square of having a poorly constructed device that is not capable of encrypting a cardholder's data, and, in the wrong hands, could quickly be used to steal credit card information. In fact, VeriFone claims its own technicians wrote an application in under an hour that enabled them to use the Square card reader to "skim" personal and financial information right off their own company executives' credit cards.
Though compelling, VeriFone's "call to arms" is overblown. It overlooks the protections already built into credit cards. Banks recognize this and, if you'll recall, won't hold you responsible for charges that are fraudulently placed on your card.
That holds true whether your card was run through a high-tech payment system at Sears or off an iPhone containing a quarter-sized plastic magnetic card reader at a thrift store in a bad part of town.