Square answers VeriFone's accusations on security of mobile credit card reader
On Wednesday, VeriFone posted an open letter stating that Square's mobile credit card reader -- which pairs a mobile app with a small square-plastic card reader that plugs into the headphone jack of smart phones or Apple's iPad and iPod Touch -- was easily exploitable.
"In less than an hour, any reasonably skilled programmer can write an application that will 'skim' –- or steal –- a consumer's financial and personal information right off the card utilizing an easily obtained Square card reader," VeriFone's Chief Executive Douglas G. Bergeron wrote in the letter. "How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this."
Jack Dorsey, Square's CEO, responded with a letter of his own stating that VeriFone's claims were off base.
"One of our competitors alleged that the Square card reader is insecure," wrote Dorsey, who is co-founder and chairman of Twitter. "This is not a fair or accurate claim, and it overlooks all of the protections already built into your credit card.
"Any technology — an encrypted card reader, phone camera, or plain old pen and paper — can be used to 'skim' or copy numbers from a credit card. The waiter you hand your credit card to at a restaurant, for example, could easily steal your card details if he wanted to — no technology required. If you provide your credit card to someone who intends to steal from you, they already have everything they need: the information on the front of your card."
Dorsey pointed out that the banks that issue credit cards acknowledge how easy it is to acquire and misuse such information and, for that reason, don't hold consumers responsible for fraudulent charges.
"When they are alerted to odd activity, they simply give you a call and will reverse the transaction," he wrote.
"With Square, your credit card is designed to be used without worry, in more places than ever before."
Square is also "constantly improving the payment experience to enhance security," Dorsey said.
"For instance, you can request an instant text message or e-mail receipt delivered from our secure squareup.com server after every transaction."
JPMorgan Chase & Co., one of the banks VeriFone mentioned in its letter, processes payments made using Square's products. Dorsey said JPMorgan Chase backs up the company's technology and "continually reviews, verifies and stands behind every aspect of our service, including our Square card reader."
-- Nathan Olivarez-Giles
Photo: A consumer uses a Square mobile card reader, plugged into an iPod Touch, to pay for an item in December 2009. Credit: Robert Andersen / Square Inc.