What a day at the ole' payments corral in the "square off" initiated by VeriFone's CEO, Mr. Doug Bergeron.

While people in our industry can be and should be very passionate about payments and security, there is a line where the message gets lost and all that's seen is something other than reason. I must admit that I was waiting to see an effigy of Mr. Dorsey being burnt at the conclusion of the now-infamous video or the camera being toppled by a flying drop kick.

Emotions aside, let's get to the real issues. The claim levied against Square is that it is not secure and a skimming device which needs to be immediately recalled. Can Square do things in a more secure, PCI Compliant manner? I do believe so. Does VeriFone live up to the standard of clean hands when it comes to security and do they see Square as a threat to their business model? I believe the answer is "yes".

The root of the security problems that both organizations are either contending with or claim to have solved really revolve around the antiquated magnetic stripe credit card itself. Let's face it , this form factor has changed little in the past thirty or so years and we probably won't see any changes to this form factor because of the millions of magnetic stripe point of sale systems which are in market and will be for some time to come. There is a lot of talk about payments moving to the phone tomorrow using the NFC protocol. There are a few large problems with this thinking - there are not the 13 million+ NFC equipped terminals in the marketplace to take these transactions and security should be a major concern.  There is no incentive for the consumer to to "tap" versus "swipe". There is little incentive for merchants to pay to upgrade to NFC equipped terminals in order to take "card not present" payments via the phone which will end up costing merchants a higher transaction fee. This may happen, with many of the hurdles overcome, in the years ahead but that time vacuum also allows for yet-to-be-released technologies to challenge or surpass NFC.

What really needs to occur is to make the magnetic stripe card itself more secure. Anyone can freely buy a magnetic stripe reader online for $99, plug it in to a usb port and use TextEdit or Word to read the track data on a magnetic stripe. The introduction of Square into the market has not caused this; it's been there for years.

True security means tying the individual to the payment method (card) itself. In an unabashed plug, I invite readers to look at the iCache solution (www.icache.com). Our digital wallet, built to exceed CAST and PCI standards generates a card that is tied to the user, thereby assuring that the card that is presented for use (online and offline) is owned by that individual and that individual only. This occurs for brick and mortar and online transactions. The iCache solution also incorporates many other value added features to include issuance of dynamic CVV numbers. The iCache solution can be used anywhere in the world, without POS modification, delivering value to issuers, merchants and consumers - today.

Now that we are back from the iCache commercial, let's analyze the real issues with Square and VeriFone.

To understand Square is to realize that Square is more about the easy on-boarding of merchants and the processing of transactions than it is about the card reader itself. The Square "dongle" is a conduit to something much bigger which is the empowerment of every consumer to become a merchant without laying out a lot of money for expensive hardware, excessive processing fees and being locked into multi year contracts with hefty termination costs. Innovation and empowerment is a wonderful thing yet it does challenge established players. With every evolution there is the possibility of a counter-revolution when another's bottom line is threatened.

In all fairness, I do believe that Square can do more in the area of security and PCI compliance and I am hopefully sure that they will. There was not a great deal of information that I could find on the Square website which gave me complete confidence that  all of the components of the PCI DSS standards were being followed. This could be intentional as the average consumer does not probably care to read all of the technical nuances of these standards.  If the true debate is about security, it might be fair for each organization to release a table of all of the payment standards for all of their products and state their compliance for each. I do believe that today's event is not so much about security as it is about revenue lines and the simple fact that a less expensive, easier to implement solution is gaining a foothold in the payment acceptance space and payment acceptance hardware market.

If we look at some of the VeriFone devices, as advertised on the Company's website, the Side Swipe product line (which connects to a mobile phone for payment processing) does not appear to fully conform to PCI DSS standards for the same or similar reasons Mr. Bergeron calls for the removal of Square from the marketplace. The VeriFone Side Swipe works  "with the simple swipe of a card, data is stored directly on application software resident in the smartphone". I am further confused by Mr. Bergeron's statement about Square that "the issue is not whether Square's application security is sound", yet a case was vehemently made that Square be emasculated for security reasons.

I do believe that more truth was revealed in the comments that "....what matters is they [Square] are freely distributing...." and that the "problem is growing hourly". What could the true problem be?

The Square hardware costs $0 while, from my research, VeriFone's PAYware Mobile hardware sells for roughly $139+. The issue appears to further extend into the area of other fees (source: www.vantagecard.com/solutions/wireless.html). Square's "card present" processing fee is 2.75%. Square's termination fee is $0. To sign up for a PAYware mobile for 24 months, there is a "Boarding Fee" of $49, a "Monthly Service Fee" of $11, a "Per Transaction Fee" of $0.11 and an "Early Termination Fee" of $199. This fee structure is highly reminiscent of my landline phone bill from 10 years ago!

It is also a bit concerning that at the conclusion of the educational website established by VeriFone to inform us about Square and educate consumers about payment security that in the bottom right is a nice big button where one can sign up for PAYware - not to mention the irony of a Twitter button in the upper left!

At the end of the day, evolution is healthy, innovation has brought us out of the dark ages and competition forces us all to do things better. In competing, let's compete hard while remembering the high road. In our industry, let's do our best to make sure that the payment system is secure and available for all who desire to transact. The movement of value across all modes of secure rails is of paramount importance to our free market system, our economy and all those in it.

Executive Bio

Jonathan E. Ramaci – CEO and Founder, iCache Incorporated
Jon has been an innovator and entrepreneur in the IT Industry for the last 15 years.  He is the founder and CEO of iCache and has taken iCache from a concept through to a working product. He has also led the business development efforts of the Company and established excellent relationships for iCache at the “C” level with many of the world’s leading banking and financial services organizations.

Formerly a Consulting Director with Oracle Corporation, Jon founded the first remote database and systems administration company in 1997. He was instrumental in the creation of the Managed Services Model and an early pioneer in the area of Cloud Computing. Jon later sold the company and became CTO for the parent organization where he was instrumental in driving the acquisition of five other companies for a rollup and IPO. Read More

Related Content

Inside VeriFone’s Latest Mobile Payment Products

Transcript: Twitter Vet Jack Dorsey on How Square Redesigns the Payment Process

iPhone Payments Smackdown: Square vs. VeriFone

Will Twitter Founder's Square Make the Payments World Go Round?

Square vs. VeriFone: Who Will Win?

Square Aims at Mobilizing Payments