VeriFone's CEO Doug Bergeron Defends Actions Against Square: "It’s a Competitive World."
VeriFone, the publicly held company that makes cash registers and other payment processing devices, issued a scathing open letter about Square last week, claiming the San Francisco start-up has serious security flaws in its product.
In response, Square’s CEO Jack Dorsey said the claims weren’t “fair or accurate,” and that VeriFone was overlooking all of the protections already built into your credit card.
VeriFone’s awareness campaign may be considered a little unconventional.
The company went as far as to launch a web site, record a video, and develop a mock-iPhone app that demonstrates how easy it was to use Square’s dongle to skim information off of a credit card.
Reactions to VeriFone’s approach largely sided with Square.
In comments on our site and on other venues, including Twitter, respondents mostly waived off the concerns, saying that VeriFone was feeling threatened by Square’s progress in the market.
In an exclusive interview, VeriFone’s CEO Doug Bergeron explained why the company felt it was necessary to launch the campaign.
Actually, the interview was positioned as a way to “clear the air,” although as you’ll see, those were not his words, but rather the phrase his public relations people chose to use in pitching us.
Here is our conversation, which has been edited for length and some context, but is largely as it happened.
Duryee: I was told you want to “clear the air” about VeriFone’s actions last week.
No, I don’t think that’s the way I would put it.
I believe that’s a direct quote from your PR person.
Well, I can’t help what they say.
But this is a very interesting time in mobile commerce. There’s a lot of things happening, and a lot of innovation that is happening, and yet, and yet a lot of historical issues that haven’t gone away.
[Skipping ahead in the interview] How is your smartphone product different than Square’s?
We’ve been selling PAYware Mobile for about a year, and it is selling well. Square is the only one that I know of that doesn’t encrypt their data.
We don’t use a dongle. We use a sleeve, or basically it’s a small cradle that the phone sits in. What’s different is that we encrypt the data, which means it costs $25 to $35 more to provide that technology. We aren’t creating fraud. We want consumers to be able to accept credit cards. But if you cut corners it causes problems.
We’ve been mentioning it for awhile, but we thought we needed to be heard.
Did you approach Square directly?
We’ve been in several conversations–not just with Square–but with the industry, and not just about Square, but about hypothetical devices.
We don’t want an industry that’s been moving toward simplicity, which we think is good, to move toward technology that’s allowing fraud. We don’t want it to go in wrong direction.
Did you give Square a heads-up that you were going to do what you did?
I don’t know who our PR folks talked to or didn’t.
Your PR folks told me that you had a meeting with Square’s CEO Jack Dorsey the week before.
I did see him in New York. We were at a similar meeting. I brought up the security issue, and asked him how are you addressing security? The answer was still, the networks will take care of it.
That’s not the way the rest of the world is treating this.
Networks have programs that monitor transactions, and they’ll call you if you are traveling, and there’s systems that can identify things post-facto, but that’s after the fact. The rest of the world has used smart cards and other mechanisms to stop fraud where it happens.
So, the networks can take care of it?
It’s not good enough. We should be joined arm-and-arm to make sure customers trust these systems and make sure that fraud goes down. I don’t think retailers like paying the highest interchange rates in the world, that’s not fair.
Was your open letter fair to Square?
[He laughs.] Listen it’s a competitive world. We take our role as a leader in the industry seriously. We gave them a heads up and free advice that you shouldn’t be allowing systems out there, unencrypted. If that’s fair or not, it’s not the issue here. We collectively need to create new technology to reduce fraud, whether you are a venture-backed business or a big businesses. We are both responsible for our own decisions and should be able to fend for ourselves.
Were you worried they were gaining traction in the market?
No, not at all. We don’t know what traction they’ve seen. We might be doing more than them. I have no idea. It is worth noting that we do less than a couple of million dollars a year with micro-merchants, such as garage sales or Girl Scout cookies. But that’s not the essence of VeriFone. This is not our massive attempt to protect two million in revenue. If that’s what you think, you are missing the point.
We are not worried about competition in one of our $2 million segments, but we are worried about the industry not being concerned about the third rail of skimming, which is smartphones not using encrypted data.
Still, a lot of the feedback in the comments on our site and on Twitter was that you felt threatened by Square.
I notice Verizon and AT&T advertise whose systems don’t work. Oracle advertises against HP, by saying their systems have more processing power. I’m not quite sure how this is different. We have a solution that encrypts data and reduces fraud. If that’s not worthy of identifying and knowing, what’s wrong with that?
Well, maybe you went too far by making the faux iPhone application available for download on the site?
If we didn’t, we would have been accused of blowing smoke. The fact that we could do it [build one] in an hour demonstrates how serious of a problem it is.
[NOTE: PR jumps into the conversation, adding that the application on its site was only for demonstration purposes. No one could actually download it and skim credit card information with it. It was only to show it was possible, but there was no actual risk.]
You really believe that the Square dongle will be used for harm?
They certainly could. It’s a skimmer that doesn’t look like a skimmer. You might be using a merchant that you trust, and they are skimming right in front of you and don’t even have to go in the back room.
Now that you’ve voiced your concerns, what happens?
I don’t know. We all continue to go along our paths and try to improve paying at the pumps, and paying at the table, and try to continue to promote that smartphones are great and that the data should be encrypted…
We have a competitive reason to do so, and we believe we have a differentiated product. This can be solved. This isn’t rocket science. They can add encryption and they’d be done.
There is no next step. We’ll continue to sell the most robust in the industry, and reduce fraud and feel good about it, and they’ll continue to do what they do.
[From earlier in the interview. Bergeron provided the company's historical context in the industry, which led them to the decision to write the open letter last week.]
Without the benefit of 30 years of watching historical issues, it’s easy to see how our campaign last week was considered unconventional. But the reality is we are speaking to a very seirous issue here.
The first has to do with the ongoing concern–even worry–that retailers large and small are having with conventional card brands.
It plays out like this: I see you give me a lot of value to accept debit and credit because customers like it, but this notion that I’m paying the highest interchange rates in the world in America–15 to 25 percentage points of my revenue. Whereas, the rest of the world on average pays 10 percent. As a retailer, I’d say I’m just not getting how the 25 percent that I’m giving up to the card ecosystem is valuable.
The response is: The reason you pay the highest interchange rates in the world is because there’s a lot of fraud in the system.
Some of it goes to profits and managing the network, but a big piece of it is a pooled risk to cover the fraud in the system. The reason European retailers pay significantly less is because there’s a lot less fraud in the system. Ditto Canada and Australia.
Every other country has taken technology to eliminate or reduce the incidence of fraud and skimming. Therefore there’s less fraud and interchange rates come down.
Every day of the week, I hear them [retailers] complaining about interchange. I defend it. We are what we are, and there’s fraud in the system–that is what it is. We have made it our mission to go after the sources of fraud.
There’s two big areas of fraud, and the unregulated smartphone dongle is creating the third.
What are the two big sources?
The two biggest sources, which Forrester, IDC and NPD would all agree, is gas pumps and restaurants.
And there’s a reason for that.
Gas pumps received a waiver from Visa and other card companies.
They were leaned on by the oil companies, which claimed that meeting PCI compliance at each gas pump would have been really painful for the gas stations. And therefore at the 800,000 pumps today, unlike most stores you go to which use compliant technology sold by VeriFone or others, there’s nothing protecting your data there.
These pumps are serviced in the middle of the night by independent operators. It turns out that there’s a few master keys running around, which open up hundreds of thousands gas pumps, and then skimmers are inserted in the pumps and the data is captured.
Fraud gets created, and interchange has to stay high.
I thought gas stations experienced high fraud because the credit card has already been stolen, and can easily be used at the pump?
No, the signature doesn’t act as a deterrent. There’s a lot of unattended systems, where there’s not a person there, and they are all compliant and are encrypted. Only in America do these pumps exist.
And, what about restaurants?
The second area where there is a lot of fraud happening is in restaurants. You give your card up to the waiter, and they copy it. We agree [with Square] that copying cards down is a form of skimming.
Restaurants are the last frontier. Restaurants are the only place, where you give your card to a stranger and they go in the back room. So much happens in restaurants. They can get the number on the back, or run it through a skimmer, which are commonly available.
We have tech solutions to solve the two big problems, which would go a long way to reducing fraud, and probably reducing interchange.
Which leads us to how you believe Square is creating a new unencrypted point of sale?
We fear it is the third place, where data is being transmitted through a non-payment device without encrypting it before it goes in.
We have an iPhone product called PAYware Mobile.
We are on a mission here to reduce interchange for retailers by increasing the use of technology at the point of sale. We’ve been telling the story to card associations, customers and major retailers for the past year…It’s not just about reducing interchange for retailers when customers get their identity stolen, it’s a major pain in the you-know-what.
We think we are on the cusp of mobile payments, and there’s going to be more and more done with the phone. We want to make sure it is done securely because if there’s a major pandemic of fraud using cellphones, it’s going to slow the adoption.
We not only support mobile payments fully, we were great proponents of the use of smartphone as credit cards and acceptance systems–our point is let’s be consistent with the rest of the industry.