Today is a wake-up call to consumers and the payments industry. Last year, a start-up named Square introduced a credit card reader for smartphones with the goal of making it very easy for anyone to accept credit cards through a mobile device. Seems like a great idea, but there is a serious security flaw that Square has overlooked that places consumers in dire risk.
In less than an hour, any reasonably skilled programmer can write an application that will "skim" – or steal – a consumer’s financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.
Let me explain how easy it is to exploit the vulnerability.
via VeriFone – VeriFone Releases Open Letter to the Industry and Consumers. Let me explain how easy it is to get this same information had you card over to a waiter like you do everywhere. The information contained in the magnetic strips is the same as what is on the card itself. What a bunch of FUD from VeriFone because Square is cheaper and a more awesome mobile point of sale system. Square responds beautifully calling them out and detailing just how secure their system is.