Like HowStuffWorks on Facebook!

How Mobile Credit Card Readers Work

        Money | Online Banking

Mobile Credit Card Reader Security

All of the companies selling mobile credit card readers will say their product is perfectly secure, but are they really? While some hungry customers at a food truck will react with glee that it accepts credit cards, others react with dread when they see their card swiped into a stranger's personal phone. Identity theft and card fraud are major concerns, and some technology experts say certain readers are more secure than others.

First, let's examine the security features that mobile credit card readers claim. Companies say their devices don't store card information on the merchant's phone. Some like to point out that it's safer than other point-of-sale exchanges like sit-down restaurants, because the card never leaves the customer's sight, whereas card information could be copied by hand. Companies also like to note that their software or device complies with Payment Card Industry Data Security Standard (PCI-DSS) by meeting requirements like encryption of card data.

Despite such precautions, some say your card information is still at risk, and that mobile credit card readers open opportunities for hackers and criminals. For instance, in March 2011, VeriFone publicly attacked Square for a security flaw. VeriFone's CEO claimed that the Square reader didn't encrypt card information immediately, making it easy for hackers to develop an application that would store the unencrypted card information [source: Bergeron].

Square's CEO didn't dispute the claim outright, but he called it unfair, saying it overlooked "protections already built into your credit card." He also claimed anyone can easily steal card data and that card companies don't hold consumers responsible for fraudulent charges [source: Rao]. Some responded that this still entails hassles for the consumer. Notably, Square announced plans to add encryption to the reader a month after VeriFone's attack. Meanwhile, other competitors spoke up, like MagTek's CEO, who claimed neither Square nor VeriFone's readers are secure because they lack authentication mechanisms [source: Hart]. RoamData's CEO touted his device's security features and called on regulators to tighten standards [source: Graylin].

So, it seems that consumers could be taking risks by allowing their cards to be swiped into mobile credit card readers. But it's a matter of debate whether these risks are enough to be alarming or even significantly different from those risks associated with any other card transaction.