Mobile credit card readers: good for small business but questions raised about security
April 14, 2011
In a day and age when we pay for almost everything with a credit card or debit card, it's not surprising that one of the fastest-growing areas of credit card technology is mobile payments. And one of the fastest growing applications in that field of on-the-go transactions is Square, the mobile phone attachment dreamed up by Twitter co-founder Jack Dorsey.
Square is a simple way for small businesses or individuals to take credit card payments without setting up a complex merchant account with a bank and credit card company. A user simply sets up a free Square account, links it to their bank account and plugs a small, free Square card swiper into the headphone jack of the smart phone.
Once the Square app is installed, you simply swipe a card, get a fingertip signature on the screen and the money goes screaming into your bank account, minus a 2.75 percent fee. According to the St. Paul Pioneer Press, the San Francisco-based Square company is processing more than $1 million in transactions a day.
Competitor raises security questions
Many of those transactions are coming from small businesses which have trouble getting set up to take credit cards. Square, on the other hand, is easy to set up and works with the iPhone, iPod Touch, iPad and Android-powered phones - without the monthly fees and contracts required by credit card companies.
But one of Square's biggest competitors, VeriFone, which has its own PAYware Mobile application, fired a volley across Square's bow last week when it posted an open letter saying Square should recall its products because the application is easily hacked and could compromise a cardholder's security. VeriFone claimed that it would be easy to steal a person's financial and personal information.
VeriFone noted that its own PAYware product encrypts cardholder data when a card is swiped through a mobile card reader and can't be intercepted by credit card pirates.
Square responded by noting that your credit card's information can be hijacked with ease in any number of situations--such as when you give it to the waiter in a restaurant. That's why banks don't hold consumers responsible for fraudulent charges. Square also noted that JPMorgan Chase & Co., which processes payments made use Square, backs the company's technology and constantly reviews and verifies its safety.
Supporters like Square's simplicity
So far, it sounds like VeriFone's scare tactics aren't working. Square is a big hit with small merchants, who like the simplicity and like to avoid fees from credit card companies. Artists who sell their wares in the studio, crafts people selling their creations at open-air markets and in-laws paying each other back for small loans are all using the convenient device and they are crowing about it in the media.
Blogger David Greenbaum, for instance, said that when he tried to set up a credit card account for his computer repair business, he found the process to be full of questions and complexity. He eventually turned to Square and hasn't looked back.
"Square is doing to the credit card industry what Apple has done for mobile computing--making cutting edge technology simple and accessible," he said. "VeriFone's concern isn't about protecting customers, but rather about protecting VeriFone's business model."
It's also unlikely that the VeriFone complaint will lead to any new industry safety standards. According to the daily American Banker newsletter, even the PCI Security Standards Council, a consortium that manages security requirements for the four payment card networks, said mobile payment applications are so varied that there is no industry-wide standard that can be established.