One of the advantages to the Square Reader is that it turns devices into mobile payment stations, where you can swipe a credit card on the device and have it charge you like you would have expected from a regular credit card machine. However it seems that despite its convenience, it has the potential to be a huge security flaw as well.
According to recent research conducted by three grad students from Boston University, they have found that the Square Reader can be turned into a credit card skimming device with a little bit of modification. Basically what they found out that is that the device can be physically tampered with and have its encryption disabled.
The encryption basically protects credit card data while it is being transferred to the smartphone it is being used on. In the end it can be passed off as a regular Square Reader, thus leading customers to believe that they’re swiping on a genuine device as opposed to having their details stolen. That being said, the folks at Square have reassured that the tampered device won’t work with the Square app.
However the researchers claim that even so, it can be used as a regular credit card skimmer. While chances of you encountering such a device is unlikely, especially if you choose to shop in more established locations, it’s still worth keeping an eye on all the same.
Editor’s note, story update 08/04/2015 – A Square spokesperson has contacted us today to provide an official statement regarding this article “This story is about issues with magnetic-stripe credit cards, not Square. In 2015, it should not surprise us that a system using essentially the same technology as cassette tapes is vulnerable. That is why major credit card companies, lenders, and businesses are now embracing new, more secure, authenticated payment technologies. Square is helping to lead the way with our own card readers for chip cards and contactless payments. Any card reader on the market can be deconstructed. The chip could be crushed and then reassembled by using the undamaged shell of the reader. At Square, we have processes in place to prevent malicious behavior on damaged readers. Our Square Register software contains a number of security precautions that protect cards that are swiped on unencrypted readers. If our encrypted readers are damaged, they will not work with Square.”