In an act of sour grapes/competitive positioning/questionable altruism Doug Bergeron, the CEO of VeriFone (a point-of-sale machine vendor) has released an exposé video unearthing a security breach in Square, a brand of mobile credit card reader.
Square’s main function is to allow anyone with a smartphone to be able to accept credit card payments. This usage would be ideal for a small store owner or street vendor who would typically only accept cash. Or, if you’re out with friends and one of them has a credit card and everyone else has cash (we’ve all been there), that person can transfer money directly to the person from whom they’re borrowing, and not owe them later on.
Bergeron’s video explains how Square’s app can be easily replicated and hacked, so when a victim’s card is swiped, the information, which is typically encryped, is stored on the phone for later use.
“The glass blower who just stole your credit card is now going to buy a big screen TV online in your name,” Bergeron says in the video.
Anyone who has a Square reader can install the hacked app and start using it to skim credit card information immediately.
While the unwitting consumer should be grateful to Bergeron for the heads up on this issue, it’s a bit hard to take the source as anything but dubious (after all, VeriFone does sell this). Regardless of the motive we advise that, if you’re going to pay someone using the Square reader, make sure they’re a trusted source.