VeriFone, which amongst many services provides security for credit card transactions has claimed that there is a serious security flaw at start-up mobile credit card transaction processor, Square.
The start-up offers a credit card swipe device that plugs into smartphones. Then, an application in the handset manages the transaction which is confirmed over the cellular network.
VeriFone is claiming that it is possible to develop a rogue application that would allow someone to swipe cards through the reader and store the information from the credit card swipe. The company claims that Square’s hardware is poorly constructed and lacks all ability to encrypt consumers’ data, creating a window for criminals to turn the device into a skimming machine in a matter of minutes.
The exploit requires the customer’s credit card and that would only be handed over in the expectation of a transaction. The exploit is in practical terms, no more serious than handing over a credit card in a restaurant or shop for a transaction to be processed. There will always be an opportunity for someone to record the card details and misuse them.
According to VeriFone, it is contacting Visa, MasterCard, Discover, American Express, and JP Morgan Chase (Square’s credit card processor) to warn them of the problem, and presumably hope that a commercial rival is put out of business.