VeriFone CEO slams mobile payments startup over security concerns [video]

VeriFone’s CEO, Douglas G. Bergeron, has taken to the Internet to publicly voice his company’s concern with a mobile payments startup named Square. Via a YouTube video and an open letter, Bergeron explains that Square’s reader has a “serious security flaw” that “places consumers in dire risk.” Bergeron and VeriFone’s beef stems from the fact that Square’s reader does not utilize any type of hardware encryption schema when scanning cards. What does this mean? If you were to use a VeriFone card scanner, the information scanned off of a credit card’s magnetic stripe would be encrypted, stored, and transmitted to the desired payment agency for processing. Square’s scanners attach to the 3.5mm audio jack of an iPhone, iPad, or iPod touch, and scan/store the read credit card information in plain text — making it later viewable by a person(s) running a skimming scam.

“A criminal signs up with Square, obtains the dongle for free and creates a fake Square app on his smartphone,” writes Bergeron. “Insert the dongle into the audio jack of a smartphone or iPad, and you’ve got a mobile skimming device that fits in your pocket that can be used to illegally collect personal and financial data from the magnetic stripe of a payment card.”

The information on a credit card’s magnetic stripe isn’t really all that top-secret — since it is also printed on the front of the card, unencrypted — but the CEO’s point about plain-text card-data being stored on a mobile device is certainly valid.

“We take security very seriously,” continues Bergeron. “Securing payment transactions is what we do.”

The company has made a proof-of-concept iOS skimming application for Square’s reader that, along with Bergeron’s open letter, is available via the website sq-skim.com. The YouTube video and custom website, created solely to attack the small startup, does seem a little unorthodox — especially from a multi-billion dollar, publicly traded company — but it certainly has gotten people talking about the perceived issue. Square did not respond to BGR’s request for comment on Bergeron’s statments.

Hit the jump to watch VeriFone’s CEO slam the competition.

Read

blog comments powered by Disqus