The CEO of mobile payment service startup Square called accusations that the company was distributing credit-card skimming devices inaccurate and unfair.
In a statement posted on Square's Web site Wednesday evening, Jack Dorsey, who is also the founder of Twitter, said the claims, which were made by rival Verifone overlook all of the protections already built into credit cards. Dorsey's message did not mention VeriFone by name, but noted that the concerns raised by its rival were misplaced.
"Any technology -- an encrypted card reader, phone camera, or plain old pen and paper -- can be used to "skim" or copy numbers from a credit card," Dorsey said. "If you provide your credit card to someone who intends to steal from you, they already have everything they need," he said.
Square is a startup that aims to enable anyone, including street vendors, taxi drivers and even individuals to easily accept credit card transactions with minimal cost and effort. The company distributes a small, free dongle that customers can plug into the headphone jacks of their iPhone , iPad or Android devices and start using instantly to accept credit card payments.
Since launching its service last October, Square has signed up more than 165,000 accounts and processes between $2 million and $10 million in transactions daily, according to Gartner.
On Wednesday, VeriFone CEO Doug Bergeron claimed that the lack of encryption support on Square's card readers makes it very easy for someone to use it to steal cardholder data. In a YouTube video that appears to have been taken down, Bergeron demonstrated a card skimming application that he said VeriFone had written in less than an hour, for stealing cardholder data using a Square card reader.
Bergeron labeled Square's card readers as card skimming devices that needed to be recalled.
However, some, including Gartner, question whether VeriFone's claim is motivated as much by competitive pressure as by security concerns. Like Dorsey, they have noted that the kind of skimming risk highlighted by VeriFone this week exists with or without a Square card reader.
In his message, Dorsey said credit-card issuing banks also recognize the issue, which is why consumers are not held responsible for fraudulent charges. "When they are alerted to odd activity, they simply give you a call and will reverse the transaction," he said.
Dorsey noted that Square's cards and service are backed by JPMorgan Chase, which he said "continually reviews, verifies, and stands behind every aspect of our service, including our Square card reader."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about security in Computerworld's Security Topic Center.