Beware of Square
Verifone's CEO Douglas G. Bergeron recently announced in a letter that the Square dongle mag stripe reader does not encrypt card data. While the software is encrypted, the card data is compromised because it is not encrypted from end to end. In short, the card data is exposed on the users device (i.e. smart phone) and is not encrypted until the card data is transmitted to the processor.
Data Security is no joke. Square is acting irresponsible by not encrypting card data information end to end. Card Data Breaches are most commonly caused by hackers who have been able to install malware on a system that stores, processes, or exposes unencrypted card data (just like Square). The industry has recently been under intense scrutiny for not having high enough security standards (www.pcisecuritystandards.org), and Square's irresponsible action and blatant disregard of the consumer's privacy fly in the face of all the security standards and protocols that cost banks, processors, merchants, and consumers millions of dollars a year. Jack Dorsey's (Square CEO) response to Verifone's allegations seemed even more irresponsible...
"The bank that issues your credit card recognizes this and does not hold you responsible for fraudulent charges. When they are alerted to odd activity, they simply give you a call and will reverse the transaction. With Square, your credit card is designed to be used without worry, in more places than ever before."
Credit and debit card issuers spent an estimated $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches. Do you honestly think the banks are picking up the tab? It is the merchant and consumer that ultimately pay. As a consumer I want to know that the merchant is doing all that they can to protect my card data, and that is why I would never allow my card to be swiped on Square's dongle, until they encrypt it end to end.
Last but not least... Ask yourself who will be profiting the most from all of the unsecure transactions? It will be Organized Crime and Terrorist who fund their operations on stolen card information.
