Comment
Tweet
Share
Share
Digg
You may have heard of Square, a new mobile payment solution from Twitter founder Jack Dorsey. Essentially Square is attempting to make traditional point-of-sale services and hardware obsolete, by using a smart phone and a free card reader that plugs into a headphone jack. It’s a smart plan, and Square is already seeing huge growth, recently announcing it crossed the $1 million-processed-per-day mark.
Unfortunately, Square has now rattled the cage of one of its established competitors, VeriFone Systems Inc. You probably use its products every day without even realizing – it manufactures PoS terminals and card readers. Today the company released a pretty unequivocal video in which CEO Doug Bergeron labels Square an entirely different PoS.
In the remarkably scathing video, Bergeron points out that by knocking up a fake Square app, would-be fraudsters can steal the card details simply by swiping their card with the Square reader. VeriFone’s beef becomes pretty obvious around 30 seconds into the video.
“The problem here isn’t whether Square’s application security is sound, what matters is that they are freely distributing devices that anyone can use to steal your credit card information, at any time, in any place, and anywhere.”
We’d call that a bit on the strong side, given you still have to physically hand over your card for the scam to work. Bergeron goes on:
“They have lost complete control of the dongles they have deployed, and the problem is growing hourly.”
Gosh, this really sounds serious, huh?
Slapping Square around apparently isn’t enough for VeriFone; it also made its own card-skimming app, and is distributing it on a specially made website. So not only is it identifying the problem, it also is helping people exploit it. Classy.
VeriFone sent a copy of its app to Visa, Mastercard and the rest of Square’s card service providers highlighting what it sees as “Square recklessly enabling criminals to steal your credit card information. [...] Unlike VeriFone and other reputable vendors, Square chose to cut corners and not to implement [a] very obvious hardware security option.”
There may well be a legitimate problem here, but come on VeriFone – if you want to shut them down at least try to be subtle about it.
Loading ...
It seems D.B. forgot to check with his security department how many products manufactured by VeriFone have been compromised over the years (take a look to few examples here:
http://usa.visa.com/download/merchants/bulletin_compromised_ped_listing_mandatory_sunset_dates.pdf).
This is not to mention the uncountable number of Vx510 which are potential target of attacks due to the irresponsible way that tools for unlocking terminal after tampering attempts were distributed.
Anyone that have worked in Verifone repair facilities can confirm this.
This guys sucks!
The fact that Square got beat down on by a company that has no secrutiy is pretty bad. Verifone might not have good practices but for them to point out the fact that square is not secure means 1. they leaned thier lesson. 2. maybe square should learn one before it is to late for all the customers using square!
MJ