Square Faces a New Security Concern
Visa Inc. has invested an undisclosed amount of money in Square Inc., the start-up company that lets merchants accept card payments through a small square-shaped device that plugs into smartphones.
Square Inc.'s mobile card reader is under fire again for its security.
The most recent attack may not be particularly troubling for Square and its users, in that it simply shows that Square's payment system can be used to handle payments from magnetic-stripe cards without the square-shaped card reader that the San Francisco company distributes.
"This hack doesn't really demonstrate a weakness with Square," PC Magazine wrote in a Thursday story on the new attack. "The real problem is in the mag stripe concept itself. Using the Square reader simply lets people skim credit card data with no special knowledge or hardware."
The article also said that the hack, which was demonstrated at the Black Hat Conference in Las Vegas, may not be effective for very long, since Square has already committed to building a more secure reader.
A Square representative did not immediately return a request for comment Friday morning. The vulnerability was demonstrated at the conference by researchers Adam Laurie and Zac Franken of Aperture Labs.
Square has come under fire for its device's simplicity ever since the company debuted the product, which allows consumers and business owners to accept card payments using a reader that attaches to a smartphone's headphone jack, in 2009.
In its early days, Square had to address concerns about whether its product met the payment industry's security standards.
This year, the payment terminal maker VeriFone Systems Inc. said that Square's hardware could be adapted by fraudsters to become a card-skimming device. To prove its allegation, the San Jose company distributed software that lets people to test this vulnerability.
In April, after receiving an investment from Visa Inc., Square began talking openly about its plans to add encryption to its hardware.