Verifone and Square debate on transaction security
Von a specially designed website (www.sq-skim.com), VeriFone is claiming that it is possible to develop a rogue app that would allow someone to swipe cards through the reader and store the information from the credit card stripe. Verifone says that Square's hardware is poorly constructed and lacks all ability to encrypt consumers' data, creating a window for criminals to turn the device into a skimming machine in a matter of minutes.
“In less than an hour, any reasonably skilled programmer can write an application that will "skim" – or steal – a consumer's financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this”, the company said, in creating a site with an exploit demo.
VeriFone says that it is contacting Visa, MasterCard, Discover, American Express, and JP Morgan Chase (Square's credit card processor) to warn them of the problem, and presumably hope that a commercial rival is put out of business.
In a statement posted on Square's Web site, Jack Dorsey, who is also the founder of Twitter, said the claims overlook all of the protections already built into credit cards. Dorsey's message did not mention VeriFone by name but noted that the concerns raised by its rival were misplaced.
"Any technology - an encrypted card reader, phone camera, or plain old pen and paper - can be used to 'skim' or copy numbers from a credit card," Dorsey said. "If you provide your credit card to someone who intends to steal from you, they already have everything they need." Dorsey said credit-card-issuing banks also recognize the issue, which is why consumers are not held responsible for fraudulent charges. "When they are alerted to odd activity, they simply give you a call and will reverse the transaction," he said.
Dorsey noted that Square's cards and service are backed by JPMorgan Chase, which he said "continually reviews, verifies, and stands behind every aspect of our service, including our Square card reader."