GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Oct. 1, 2011: D-Day for debit cards?


Industry Update

New Visa, MasterCard rates take effect

Heartland offers Durbin impact insights

Operation Swiper succeeds, cyber theft continues

World payments growing in recession

Trade Association News


An interview with Douglas Bergeron

Ken Musante
Eureka Payments LLC

Underbanked in America

Patti Murphy
ProScribes Inc.

Research Rundown

Helping to expand services while minimizing costs

Square versus the payments world

Tim McWeeney

Payroll and gen Y

Excelling at social media marketing

Selling Prepaid

Prepaid in brief

First Data powers prepaid for Google Wallet

Prepaid spot-on for incentives


Merchants lack focus, fraud eats profits

Patti Murphy
ProScribes Inc.


Street SmartsSM:
Vertical market tradeshows hold many helpful surprises

Bill Pirtle
MPCT Publishing Co.

Fraud's twists and turns in 2011

Nicholas Cucci
Network Merchants Inc.

Customer longevity in the new commerce chain

Dale S. Laszig
Castles Technology Co. Ltd.

Steps toward efficient IRS 1099-K reporting

Troy Thibodeau
Convey Compliance Systems Inc.

Company Profile

Lead Source Call Center

New Products

A complete online payment center

Transaction Express
TransFirst LLC

Cloud-based POS comes in three flavors

Moneris Solutions Inc.


It really is about you



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

October 24, 2011  •  Issue 11:10:02

previous next

Square versus the payments world

By Tim McWeeney

Earlier this year, VeriFone Inc. Chief Executive Officer Douglas Bergeron posted a video on the Internet showing how easily the Square Inc. reader could be compromised. In fact, Bergeron's own staff did it with less than an hour of effort.

Normally, this would have generated an outcry from all members of the electronic payments community, including the card brands themselves, demanding the removal of such an unsecure device from the market, but we don't live in normal times.

What reaction there was came, mostly, from the world of blogs, and mostly the reaction condemned VeriFone for piling on poor little Square. That's right, most of the reaction came down against the organization that "outed" Square as an unsecure device subject to easy hacking and theft of credit card information.

Recently, at another conference, Square's vulnerability was demonstrated again, not by VeriFone but by nonpartisan individuals who, once again, hacked the Square reader.

Square responded to the VeriFone video by saying, essentially, that hacking credit cards is a way of life, and the server Square uses is secure. The problem Square CEO Jack Dorsey conveniently ignored was that the compromise happens long before the transaction ever hits the server. The data is stolen at the point of the swipe.

Unsettling contradictions

With the exception of a few mobile payments industry leaders, our side of the industry has been quiet about the lack of security in the Square reader. And what was Visa Inc.'s reaction to all this? Outrage? Demands for the removal of all unsecure Square devices in the market? Immediately shutting down of Square's ability to process credit cards?

No, Visa invested an undisclosed amount in Square; venture capital firm Kleiner, Perkins, Caufield & Byers subsequently invested a paltry $100 million. Toto, I have a feeling we're not in Kansas anymore.

While not formally endorsing Square at the May 2011 Electronic Transactions Association Annual Meeting & Expo, Steve Wozniak (Woz) told a group of listeners that he liked the device and appreciated the simplicity of it. Woz did not address the security concerns because, seemingly, he did not care about them. ... They would get worked out somehow.

All Woz cared about was simplicity. And why not? He helped launch a company with open architecture that redefined the word: Simple.

Dorsey said after the VeriFone assault that Square was coming out with a secure reader, but Dorsey has never promised to remove all the unsecure readers the company has flooded the market with thus far. This leaves a significant vulnerability Square must correct.

We are left to one conclusion: no matter what Visa has said about how it frowns on aggregation and demands security, clearly, in the case of Square, the rules do not apply. The question is why?

Forgotten merchants

Think about it: micro merchants processing less than $500 a month. These are people who would never have signed up for a legitimate merchant account in the first place. Square has created a new level of merchant ("Level 5") and the numbers are in the millions. These people don't care how long it takes to get their money or the discount fees associated with it. They want it free and simple to get started.

Historically, these "merchants" have been of little interest to the ISO or banking community unless fees were associated with the account to make it profitable - statement fees, monthly minimums, etc. Square has blown that model to smithereens.

No equipment to buy, rent or lease and no monthly fees, but the company isn't stopping there. Square is now moving into traditional spaces for legitimate merchant accounts.

The big question on everyone's mind: Is the Square model sustainable? I know many experts who work in the mobile payments industry, and each one believes it is not. The fees collected are too small, and the merchant acquisition expense is too high. It is bound to crash like so many other Silicon Valley startups.

Add to this the flood of competitors who use mobile payments as an ancillary product to their existing, profitable lines of business, and you have a waiting game being played on the Indianapolis 500 speedway because the mobile payments sphere is moving at the speed of light.

Those of us who still believe security is important and merchants ought to have more invested in their businesses than a smart phone and an unsecure reader will continue to build business safely and effectively.

Square continues to operate on its own, completely independent of the traditional payments industry. Time will tell if its model will sustain.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios