You may have heard of Square, a new mobile payment solution from Twitter founder Jack Dorsey. Essentially Square is attempting to make traditional point-of-sale services and hardware obsolete, by using a smart phone and a free card reader that plugs into a headphone jack. It’s a smart plan, and Square is already seeing huge growth, recently announcing it crossed the $1 million-processed-per-day mark.
Unfortunately, Square has now rattled the cage of one of its established competitors, VeriFone Systems Inc. You probably use its products every day without even realizing – it manufactures PoS terminals and card readers. Today the company released a pretty unequivocal video in which CEO Doug Bergeron labels Square an entirely different PoS.
In the remarkably scathing video, Bergeron points out that by knocking up a fake Square app, would-be fraudsters can steal the card details simply by swiping their card with the Square reader. VeriFone’s beef becomes pretty obvious around 30Â seconds into the video.
“The problem here isn’t whether Square’s application security is sound, what matters is that they are freely distributing devices that anyone can use to steal your credit card information, at any time, in any place, and anywhere.”
We’d call that a bit on the strong side, given you still have to physically hand over your card for the scam to work. Bergeron goes on:
“They have lost complete control of the dongles they have deployed, and the problem is growing hourly.”
Gosh, this really sounds serious, huh?
Slapping Square around apparently isn’t enough for VeriFone; it also made its own card-skimming app, and is distributing it on a specially made website. So not only is it identifying the problem, it also is helping people exploit it. Classy.
VeriFone sent a copy of its app to Visa, Mastercard and the rest of Square’s card service providers highlighting what it sees as “Square recklessly enabling criminals to steal your credit card information. […] Unlike VeriFone and other reputable vendors, Square chose to cut corners and not to implement [a] very obvious hardware security option.”
There may well be a legitimate problem here, but come on VeriFone – if you want to shut them down at least try to be subtle about it.
