Mobile Credit Card Reader Security: Risks & Best Practices
Is there anything you can do to secure credit card transactions made over a smartphone?
In March 2011, the CEO of VeriFone launched a bold assault -- some might call it a smear campaign -- against his company's competitor, Square. Both companies sell devices and services that allow individuals to take credit card payments from others through a smartphone. VeriFone's Douglas Bergeron claimed that the Square was not encrypting credit card information before transmitting it into a smartphone. In essence, claimed Bergeron, the Square device, which was being given away for free with the service, put credit card information into the hands of skimmers. All a hacker had to do was develop an application that would receive the unencrypted data, scan your card and then use the information to make fraudulent purchases.
Whether this attack was legitimate is a matter of debate. Square claimed to have met the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of criteria designed to protect cardholder data. But some say these criteria aren't enough to protect consumers and that they need significant improvement.
In fact, when Jack Dorsey, the CEO of Square, responded, he didn't dispute the claim about encryption, but rather brought up points about how card information is already insecure. It doesn't take designing a special application, for instance, for a waiter to copy down card information when he walks away to run your card at a restaurant. Despite Dorsey's defense of Square, his company soon after announced plans to add an encryption feature to its reader. Dorsey did also bring up, however, that cards have additional protections built into them, and that financial organizations don't hold consumers responsible for fraudulent charges [source: Rao]. But, when the CEO of ROAMData chimed in, he pointed out that both consumers and merchants deal with hassles and extra costs thanks to rampant card fraud [source: Graylin]. And the CEO of MagTek even threw his two cents in, arguing that without an authentication mechanism, both Square and VeriFone's products lacked adequate security features [source: Hart].
Security is a legitimate concern for consumers and merchants. But the problem runs deeper than mobile readers. The founder of security consulting firm iSEC Partners, Alex Stamos, says the problem really comes down to outdated magstripe credit card technology [source: Moscaritolo].
-
Unlock Benefits: The Advantages of Using a Credit Card
Credit cards can help expand your purchasing power. As part of a personal money management plan, credit cards can offer a wealth of benefits and options. Some of these benefits include produc
-
Understanding Credit Card BINs & IINs: Issuer Identification Explained
A BIN tells you what institution issued a credit card. On a credit card, BIN is the Bank Identification Number. The BIN is embedded within the credit card number and tells which financial ins
Business
- Understanding Credit Card Pending Charges: What You Need to Know
- Credit Card Dimensions & Security: Everything You Need to Know
- Credit Card ABS: Understanding Asset-Backed Securities
- Authorized Users on Credit Cards: Liability & Benefits
- Understanding Credit Card Blocks: 3 Common Reasons & Solutions
- Understanding Credit Card Float: Risks & How to Avoid Them
- Square: How It Works & Why It's Revolutionizing Payments
- Mobile Credit Card Readers: A Comprehensive Guide for Businesses
- Joint Credit Cards: Benefits, Risks & How to Decide
-
Credit Card Dumps: Understanding the Risks and IllegalityThe credit card dump contains private financial information. A credit card dump refers to an illegal commodity that an unauthorized person can use to obtain the protected data of a credit car...
-
Understanding Credit Card CVN: What It Is & Why It's ImportantCVN is an acronym for "card verification number" used to assist merchants with fraud prevention. The credit card CVN is a three-digit number on the back of the credit card for MasterCard and...