Square Says VeriFone's Accusations are Not "Fair or Accurate"

It took all day to formulate a response, but Square’s CEO Jack Dorsey has responded to claims by VeriFone that its mobile payment services are insecure.

“Today one of our competitors alleged that the Square card reader is insecure. This is not a fair or accurate claim and it overlooks all of the protections already built into your credit card,” he writes in a letter on their web site.

VeriFone’s CEO Doug Bergeron wrote a letter of his own this morning, saying that Square has a serious security flaw that places consumers in dire risk.

Dorsey had two response to the claims:

First, he said that credit cards are inherently not secure. “The waiter you hand your credit card to at a restaurant, for example, could easily steal your card details if he wanted to–no technology required,” he argued.

Second, and likely more importantly, he said its partner, “JPMorgan Chase, continually reviews, verifies, and stands behind every aspect of our service, including our Square card reader.”

In addition, he said one method that ensures a transaction is secure is that you can request the merchant send you an instant text message or email receipt that’s delivered from Square’s server after every transaction.

VeriFone went to the fairly extraordinary step this morning of demonstrating on a video how easy it is to turn Square’s dongle, which plugs into the headset jack of a smartphone, can be used to steal credit card information. To do so, it developed an app that could steal financial and personal information using Square’s card reader, and made it available on its web site.

VeriFone said the heart of the matter is that there’s no security built inside the dongle to verify that its connecting with the real Square application–and not some knock-off. VeriFone requested that Square recall the dongles from the market.