Blogger Rod Begbie points out some blatant hypocrisy from mobile payments company Verifone.Verifone sells card readers to merchants who use them to accept debit card transactions. In 2007, a security researcher found that it would be fairly easy for a hacker to add code to Verifone’s card readers and collect users’ PIN data as they entered it. They also found similar vulnerabilities in card readers from other companies.
When the researcher contacted Verifone for a response, the company got a bit huffy, saying “We believe it is not in the best interest of the consumers, merchants and overall payment industry to publish the details of product designs describing potential attacks however remote those might be”
Fast forward four years. Earlier today, Square dramatically lowered its prices for its mobile payment service, dropping its $0.15 per-use service charge and simply charging a flat 2.75% rate per transaction. Square’s technology lets merchants accept credit card payments with a simple reader that attaches to their cell phones. Verifone introduced similar technology last year.
So what did Verifone do to counter this threat from Square?
Posted an impassioned note explaining why Square’s technology is insecure…and released a “sample skimming application” and encouraged users to download it and test it against Square’s devices.