Written by Scott FairWednesday, 20 April 2011 16:18
Questions on the software? Call us at 800-609-0788.
Browsing through the web, I came across an entry from the CEO of VeriFone. They have their own cellular credit card processing system, and have been in direct contention with both GoPayment and Square. The point they raised is disconcerting, and contrary to some other blog entries, it is quite valid.
I have been involved with tax, accounting software, network security, and Point of Sale systems for quite a number of years. I was there when Online Banking started at Intuit, when the first versions of QuickBooks Point of Sale were released, and supported the Merchant Services from Intuit ( and Wells Fargo when they had the Point of Sale contract).
One thing that was paramount to us from a support stand point- A Customers credit card info must be guarded at all costs! You did not let that info out. Period! Anyone who has been unexpectedly contacted by their card company and told that someone was trying to purchase plane and train tickets in Europe, using their card numbers, knows the feeling of having their personal lives compromised. It is a nightmare, and one which no person should have to endure.
The credit card industry and banks have spent an enormous sum of money to enact safeguards to make sure that your information is protected from the time the card is swiped till the money is deposited into the bank.
Suddenly, we are finding out that the credit card readers supplied by Square, do NOT encrypt the card information. Wait a minute here guys..
First, we find out that there is no credit check done by Square. Instead, they perform a type of “Data Mining”, locating every entry you have ever made on social media and the web, to try to determine if you are fraudulent. Intuit will run a standard credit check, and this is an area where you have control over the accuracy of the information on the reports. If the information is incorrect, you have it removed. You can’t do that on social media sites. Anyone can pretend to be you, and you can’t stop it, or correct invalid information.
Now we are finding out that when your card is swiped through the card reader from Square, it is not encrypted! It can be fed to ANY application. As the VeriFone engineers demonstrated, they created a fake Square-like application in less than an hour. Now, while you think the person is using a legitimate account, they are just taking your card info!
There are reasons that credit card terminals and swipes from most companies only work with their systems. They are programmed to hide the credit card data in code from the time they read the card until it is sent into the software. Each company has a different code they use for this, and that is why one terminal does not work with another company unless it is reprogrammed. Every reputable company does this. It is not only wise, but required as a part of the guidelines.
Now, we find that Square has been shipping these card readers all over. There is no accountability for them, they have no real idea who has them, and because they are unencrypted, no control over how they are used. I am sorry, but this is just a complete disregard for the safety of our information. While Square and others can try to claim that this is not a valid concern, I disagree! There is a reason that credit cards hold their information buried in data tracks in the magnetic stripes on the card! If it was not a security concern, they would just print it all out on the back!
So the next time you are out, and you are going to pay by credit card, and that person brings out their little Square card reader, you might really want to think twice!
I think I will hold my credit cards for the Half-moon shaped readers from GoPayment!
|< Prev||Next >|