Square’s mobile credit card reader easily hacked, says VeriFone


This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Using a smartphone to process a credit card payment, especially Square’s card reader, may not be safe for consumers, according to an open letter posted Wednesday by VeriFone.

The letter alleges that the Square setup is easily hacked and calls on the San Francisco company to recall the small phone attachment that can read card data. Perhaps unsurprisingly, VeriFone’s line of work is secure payment systems.


VeriFone’s Chief Executive Doug Bergeron wrote that the note was a “wake-up call to consumers and the payments industry.” He said criminals could easily create an application to steal financial and personal information from credit cards run through the Square device — known as a ‘dongle.’

“The issue is that Square’s hardware is poorly constructed and lacks all ability to encrypt consumers’ data, creating a window for criminals to turn the device into a skimming machine in a matter of minutes,” Bergeron wrote.

VeriFone posted a sample skimming application and a demonstration video online and also notified Visa, MasterCard, Discover, American Express and JP Morgan Chase.


Square, Twitter founder Jack Dorsey’s mobile payments start-up, may be worth $200 million in new funding round

AT&T, T-Mobile and Verizon partner on Isis mobile payment project


— Tiffany Hsu [follow]