GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

The economy in recovery

News

Industry Update

Senators, coalition say whoa! to Durbin Amendment

House hears how Dodd-Frank may affect small businesses

Square gaining momentum despite security concerns

Is 2011 a transitional year for financial services?

Features

New card fee rules could swell ranks of America's unbanked

Patti Murphy
Inside Microfinance

ISOMetrics:
Gen Y purchasing preference

Selling Prepaid

Prepaid in brief

Expo features pivotal moments in prepaid

'Sea change' in banking to benefit prepaid

Views

VeriFone, Square and the market

Patti Murphy
The Takoma Grop

Sell electronic payments to sectors that shy away from them

Tim Brinkman
ChargeSmart

Education

Street SmartsSM:
Finding opportunity in an altered business environment

Ken Musante
Eureka Payments LLC

Are you missing the mobile payment train?

Nicholas Cucci
Network Merchants Inc.

IRS filing fees: Revenue and contractual shakeup

Adam Atlas
Attorney at Law

Value: Not always in the cards

Dale S. Laszig
Castles Technology Co. Ltd.

Company Profile

insideVirtual LLC

New Products

The check's not in the mail

Intrix Electronic Bill/Invoice Presentment & Payment
Intrix Technology Inc.

Inspiration

Change minds, change behaviors

Departments

10 Years ago in
The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

March 28, 2011  •  Issue 11:03:02

previous next

Square gaining momentum despite security concerns

Twitter Inc. creator Jack Dorsey released in a statement on Twitter that his mobile payment startup, Square Inc., had reached a milestone. On March 2, 2011, Dorsey tweeted that Square is processing more than $1 million in transactions daily and that the company is signing as many as 100,000 new merchants each month. Dorsey serves as Chief Executive Officer of San Francisco-based Square, which he co-founded in 2009.

Square's platform for credit and debit card acceptance uses a mini square-shaped credit card reader that plugs into the headphone jack of a smart phone or electronic tablet, which it offers free to users of Apple Inc. iOS and Google Inc. Android devices.

To operate the service, users download an application and pay a flat fee of 2.75 percent for swiped transactions, and 3.5 percent plus 15 cents for keyed-in transactions, which Square deducts when transactions occur.

Brandes Elitch, Director of Partner Acquisitions for CrossCheck Inc., said that when the card is swiped through the Square device, it reads the data and converts it to an audio signal, which the phone's microphone picks up and transmits to processors.

"They send it through the processor, and then it's routed to Square's software application on the iPhone," he said. "The encrypted data is then transmitted using either Wi-Fi for the iPod Touch or 3G Internet to back-end servers, and then they communicate with the payment network to complete the transaction."

Square doesn't suit all merchants

"While it's clear that that's the correct approach right now, it's certainly not a viable long-term approach, because there is enormous fraud in the payment system," Elitch said. "The mag stripe is a vulnerable technology, which is why people are talking about migrating to what is called chip and PIN. It's not entirely secure technology either; it can be hacked as well."

However, chip and PIN adoption in the United States is not expected in the immediate future. "I've actually had discussions with Visa, and they have been consistently clear that it will take them five years to convert to chip and PIN, so that isn't going to happen anytime soon," Elitch said.

Elitch believes that in the interim, Square's model will continue to serve certain types of merchants, particularly smaller merchants who operate in the person-to-person (P2P) sphere. "I don't see it as a solution for top 200 retailers or POS for that matter," he said.

Elitch also expects newer technologies to make inroads in both processing and security, including radio frequency identification, hardware security tokens and biometric authentication, among others.

Elitch also indicated that larger payment processors, such as Chase Paymentech Solutions LLC, which processed 18 billion transactions in 2009, may be better equipped to handle merchant support issues. "Maybe only 1 percent of those are going to come back with chargebacks, but 1 percent of 18 billion is a big number, and that requires a lot of people on the phone to deal with," he said. In the Internet world, customer service is frequently lacking, he added.

Square defends its security

Concerned about potential security risks associated with use of the Square device, VeriFone Inc. Chief Executive Officer Douglas Bergeron issued an open letter on March 9, warning the industry and consumers of "a serious security flaw that Square has overlooked that places consumers in dire risk." He cited flaws in Square's hardware, which he said is "poorly constructed and lacks all ability to encrypt consumers' data," and this creates a window for skimmers.

In his letter, Bergeron stated that a skilled programmer can write an application that skims personal information from the device and that VeriFone "wrote an application in less than an hour that did exactly that."

According to Paul Rasori, VeriFone Senior Vice President, Global Marketing, "Square disregards the core issue of encryption and acknowledges their devices have no layer of security to protect mag-stripe data on consumer credit cards," he said. "They are deflecting responsibility and are solely relying on card issuers to protect consumers."

In response to VeriFone's accusations, Square's Dorsey issued a letter to dispel allegations that the device is not secure.

"This not a fair or accurate claim, and it overlooks all of the protections already built into your credit card," Dorsey stated. "Any technology - an encrypted card reader, phone camera, or plain old pen and paper - can be used to 'skim' or copy numbers from a credit card.

"Our partner, JP Morgan Chase, continually reviews, verifies and stands behind every aspect of our service, including our Square reader. And we are constantly improving the payment experience to enhance security. For instance, you can request an instant text message or email receipt delivered from our secure squareup.com server after every transaction."

Despite the debate between Square and VeriFone over security issues, both companies appear to be faring well. VeriFone just posted a 27 percent year-over-year increase in net revenues for the first quarter of 2011.

"It's a big world out there, so for some types of P2P transactions, where you don't need Windows Mobile, and the person already has an iPhone, [and you have] a small merchant who doesn't want to pay for hardware, it could be a viable device," Elitch said.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.