VeriFone Dubiously Exposes Security Breach in Square Mobile Credit Card Reader

In an act of sour grapes/competitive positioning/questionable altruism Doug Bergeron, the CEO of VeriFone (a point-of-sale machine vendor) has released an exposé video unearthing a security breach in Square, a brand of mobile credit card reader.

Square’s main function is to allow anyone with a smartphone to be able to accept credit card payments. This usage would be ideal for a small store owner or street vendor who would typically only accept cash. Or, if you’re out with friends and one of them has a credit card and everyone else has cash (we’ve all been there), that person can transfer money directly to the person from whom they’re borrowing, and not owe them later on.

Bergeron’s video explains how Square’s app can be easily replicated and hacked, so when a victim’s card is swiped, the information, which is typically encryped, is stored on the phone for later use.

“The glass blower who just stole your credit card is now going to buy a big screen TV online in your name,” Bergeron says in the video.

Anyone who has a Square reader can install the hacked app and start using it to skim credit card information immediately.

While the unwitting consumer should be grateful to Bergeron for the heads up on this issue, it’s a bit hard to take the source as anything but dubious (after all, VeriFone does sell this). Regardless of the motive we advise that, if you’re going to pay someone using the Square reader, make sure they’re a trusted source.

(Via Engadget) / (Image by Chris Harrison, licensed under Creative Commons)

About the author  ⁄ BrickHouse Security

BrickHouse Security is the industry's premier supplier of security and surveillance solutions. As a recognized authority in GPS tracking, hidden cameras, cell phone/PC monitoring, video surveillance and counter surveillance, we help our customers use technology to get the clarity they need. We proudly serve consumers, businesses of all sizes and the law enforcement community. When you need to know, BrickHouse has the answers.

  • Paul Wren

    Verifone should also issue a warning that the internet has a huge security breach! I just discovered that a skilled programmer can, in minutes, create a fake website, pose as a merchant, and when you enter your credit card number to buy blown glass, the software she writes can actually CAPTURE YOUR CREDIT CARD NUMBER when you type it in!

  • Greg

    They should also mention the restaurant security breach, where the waiter snaps a photo of each card they pick up from a table, then uses the captured card numbers/exp dates/CVV codes to order some sweet merchandise.