Beware of anyone using a Square credit card reader
The Square credit card reader is a piece of hardware that attaches to smart phones and tablets that allows merchants to accept credit card payments.
It was announced that the Square credit card reader can easily be used to skim credit card information from unsuspecting customers. The issue is centered around the fact that the Square credit card reader does not encrypt the credit card information before it is sent to the device it is attached to. The fact that the credit card information is not encrypted allows anyone that is swiping the card to store the information for their own use.
The scenario can play out like this. The criminal orders a Square credit card reader from Square’s website. In a matter of less than an hour the criminal can develop an application for their smart phone or tablet. The application has the ability to store the card information that is normally encrypted and sent to the bank for authorization. You hand your card over to purchase an item from the criminal. They now have the card number, expiration, CVV code and all your personal information stored on their device. That information can be sold or used for their own purchases at a later time.
Most if not all credit card swipe devices for smart phones and tablets have encryption built into the device’s hardware. This is a critical as it maintains the trust of consumer that their credit card information is safe when the credit card is handed over for purchases. Square has effectively undermined that trust and should be held accountable.
Do not purchase from merchants using the Square credit card reader. If you are a merchant using the Square credit card reader you should switch immediately. The device is not PCI compliant (to put it lightly) and you could be held responsible for breach of card holder data.