VeriFone Claims Victory Now That Square Is Adding Encryption to Its Card Readers

A day after Square announced it had received an investment from Visa, it said it would be adding an additional level of encryption into the card reader that plugs into smartphones.

But don’t read too much into that.

The decision has everything to do with obeying Visa’s best practices and nothing to do with the accusations of security flaws raised last month by VeriFone, the 900-pound gorilla in the space.

Does it mean VeriFone’s concerns are just a teeny-weeny bit valid?

“Absolutely not,” said a Square spokesperson. “Of course, Square meets or exceeds all current industry standards. We are confident that Square already reduces the overall risk in the payments ecosystem….As Square is everywhere, we wanted to work with Visa to raise the bar on security for the next decade.”

The feather-ruffling started last month when VeriFone issued a fairly bold attack on Square, the San Francisco venture-based company founded by Twitter co-founder Jack Dorsey. VeriFone wrote an open letter to the industry alleging security flaws in the product and also produced a video detailing how easy it would be to steal a cardholder’s information using a Square card reader.

Square’s response was that the claims were not fair or accurate and that they overlooked all of the protections already built into your credit card.

A lot of comments on this site and others felt the attack was unnecessarily harsh and pointed to VeriFone’s insecurity with their position in the market. While admittedly unconventional, VeriFone’s CEO Doug Bergeron explained his reasons in a lengthy interview. “We collectively need to create new technology to reduce fraud, whether you are a venture-backed business or a big business. We are both responsible for our own decisions and should be able to fend for ourselves,” he said.

Now, Square seems to be caving on the core issues of that debate. And VeriFone is claiming victory. Of course.

In a statement, Paul Rasori, VeriFone’s SVP of marketing, said: “It appears that Visa’s investment in Square would not have happened without a commitment from Square to address the lack of security of their payment card readers. The industry heard our concern, and Square finally decided to take security into consideration by including encryption on their mobile payment device later this year.”

The security concerns were addressed yesterday in a blog post by Visa and another by Square’s COO Keith Rabois.

In Visa’s post, it announced that it had come up with its own best practices for the mobile industry for merchants, software developers and device manufacturers to follow. One of the many things it called for was encryption of cardholder data at the the card reader. “We are pleased that Square, the Jack Dorsey start-up that enables small businesses to accept card payments through mobile devices, has expressed its support of Visa’s best practices and its intent to adopt them.”

Rabois wrote: “The adoption of best practices will help increase trust in innovative payment solutions. Of course, Square complies with all current industry standards, and we are committed to meeting or exceeding industry guidelines as they evolve–all while keeping our card reader free.”

Latest Video

View all videos »

Search »

There was a worry before I started this that I was going to burn every bridge I had. But I realize now that there are some bridges that are worth burning.

— Valleywag editor Sam Biddle