Square's mobile credit card reader easily hacked, says VeriFone
Using a smartphone to process a credit card payment, especially Square’s card reader, may not be safe for consumers, according to an open letter posted Wednesday by VeriFone.
The letter alleges that the Square setup is easily hacked and calls on the San Francisco company to recall the small phone attachment that can read card data. Perhaps unsurprisingly, VeriFone’s line of work is secure payment systems.
VeriFone’s Chief Executive Doug Bergeron wrote that the note was a “wake-up call to consumers and the payments industry.” He said criminals could easily create an application to steal financial and personal information from credit cards run through the Square device — known as a "dongle."
“The issue is that Square’s hardware is poorly constructed and lacks all ability to encrypt consumers’ data, creating a window for criminals to turn the device into a skimming machine in a matter of minutes,” Bergeron wrote.
VeriFone posted a sample skimming application and a demonstration video online and also notified Visa, MasterCard, Discover, American Express and JP Morgan Chase.
— Tiffany Hsu [follow]
Photo: Square's card reader "dongle". Credit: Square