The Overblown Square Credit Card Reader Security Disaster

Square's credit card reader for iOS/Android devices is pretty awesome—it lets anybody quickly and easily start taking credit payments. But according to Douglass Bergeron, the CEO of competing company Verifone, the device itself isn't hardware-encrypted, meaning anyone could write an app that strips unprotected info from your card.

Verifone's smear campaign is impressive, to say the least. They've launched a site dedicated to attacking Square and released, for anyone to download, a demo version of a Square skimming app their own engineers developed. (Without the skimming abilities actually built in.) They're also sending everything to all of the major credit companies, like Visa, Mastercard and others. Somehow Verifone fails to mention though they've got their own competing product in the mobile payments space.

Here's the reality: In order for your card to get "skimmed" by a fake Square reader, you'd have to hand over your card to the fraudster in the first place to allow it to be scanned. Would you really hand over your credit card to somebody you didn't trust (at least enough to pay them for goods or services) in the first place? And if that vendor is scamming you, how is it so different from a situation where, you hand a credit card over to a waiter in a restaurant and they secretly skim it in the back? As to making potential skimming devices widely available, there's this other thing that does that called the internet.

Bergeron thinks Square should recall all their readers until they find a way to secure the device. Square should definitely do everything it can to make the devices as secure as possible (encryption is never a bad thing), but you can probably keep swiping at places you trust without freaking out for now, despite Verifone's best efforts to make that happen. [Verifone via GigaOM]