Mobile Credit Card Reader Security
All of the companies selling mobile credit card readers will say their product is perfectly secure, but are they really? While some hungry customers at a food truck will react with glee that it accepts credit cards, others react with dread when they see their card swiped into a stranger's personal phone. Identity theft and card fraud are major concerns, and some technology experts say certain readers are more secure than others.
First, let's examine the security features that mobile credit card readers claim. Companies say their devices don't store card information on the merchant's phone. Some like to point out that it's safer than other point-of-sale exchanges like sit-down restaurants, because the card never leaves the customer's sight, whereas card information could be copied by hand. Companies also like to note that their software or device complies with Payment Card Industry Data Security Standard (PCI-DSS) by meeting requirements like encryption of card data.
Despite such precautions, some say your card information is still at risk, and that mobile credit card readers open opportunities for hackers and criminals. For instance, in March 2011, VeriFone publicly attacked Square for a security flaw. VeriFone's CEO claimed that the Square reader didn't encrypt card information immediately, making it easy for hackers to develop an application that would store the unencrypted card information [source: Bergeron].
Square's CEO didn't dispute the claim outright, but he called it unfair, saying it overlooked "protections already built into your credit card." He also claimed anyone can easily steal card data and that card companies don't hold consumers responsible for fraudulent charges [source: Rao]. Some responded that this still entails hassles for the consumer. Notably, Square announced plans to add encryption to the reader a month after VeriFone's attack. Meanwhile, other competitors spoke up, like MagTek's CEO, who claimed neither Square nor VeriFone's readers are secure because they lack authentication mechanisms [source: Hart]. RoamData's CEO touted his device's security features and called on regulators to tighten standards [source: Graylin].
So, it seems that consumers could be taking risks by allowing their cards to be swiped into mobile credit card readers. But it's a matter of debate whether these risks are enough to be alarming or even significantly different from those risks associated with any other card transaction.
- Bergeron, Douglas G. "An Open Letter to the Industry and Consumers." VeriFone. (Oct. 7, 2011) http://sq-skim.com/
- Graylin, Will Wang. "ROAM Data CEO REsponds to VeriFone's Open Letter about Square." PYMNTS.com. April 4, 2011. (Oct. 7, 2011) http://pymnts.com/roam-data-ceo-responds-to-verifone-s-open-letter-about-square/
- Kincaid, Jason. "Square to Beef Up Card REader Security This Summer (And VeriFone Wasn't So Wrong, After All)." TechCrunch. April 28, 2011. (Oct. 7, 2011) http://techcrunch.com/2011/04/28/square-to-beef-up-card-reader-security-this-summer-and-verifone-wasnt-so-wrong-after-all/
- Hart, Annmarie D. "An Open Letter to The Payment Industry." MagTek.com. (Oct. 7, 2011) http://www.magtek.com/V2/an-open-letter-to-the-payment-industry/
- Honig, Zach. "Square to Add Encryption to Mobile Card Reader, Skimmers Put on Notice." Engaget. April 29, 2011. (Oct. 7, 2011) http://www.engadget.com/2011/04/29/square-to-add-encryption-to-mobile-card-reader-skimmers-put-on/
- Langley, Monica. "Square Snags Big Value: $1 Billion." Wall Street Journal. June 29, 2011. (Oct. 7, 2011) http://online.wsj.com/article/SB10001424052702304665904576383813592144744.html
- Moscaritolo, Angela. "VeriFone, Square at Odds Over Refuted Security Flaw." SC Magazine. March 10, 2011. (Oct. 7, 2011) http://www.scmagazineus.com/verifone-square-at-odds-over-refuted-security-flaw/article/198100/
- Rao, Leena. "Security Hole Allegation "Is Not a Fair or Accurate Claim." TechCrunch. March 9, 2011. (Oct. 7, 2011) http://techcrunch.com/2011/03/09/squares-jack-dorsey-verifones-security-hole-allegation-is-not-a-fair-or-accurate-claim/
- Stern, Zack. "Process Credit Cards Anwhere: 5 Smartphone Alternatives." PC World. Dec. 1, 2010. (Oct. 7, 2011) http://www.pcworld.com/businesscenter/article/211924/process_credit_cards_anywhere_5_smartphone_alternatives.html