/commentary

PYMNTS Voice

Square vs. VeriFone: Mobile Payments 'Square' Off In Security Showdown

Posted by Jonathan Ramaci on 10 March 2011 | 5 Comments

Tags: , , , ,

What a day at the ole' payments corral in the "square off" initiated by VeriFone's CEO, Mr. Doug Bergeron.

While people in our industry can be and should be very passionate about payments and security, there is a line where the message gets lost and all that's seen is something other than reason. I must admit that I was waiting to see an effigy of Mr. Dorsey being burnt at the conclusion of the now-infamous video or the camera being toppled by a flying drop kick.

Emotions aside, let's get to the real issues. The claim levied against Square is that it is not secure and a skimming device which needs to be immediately recalled. Can Square do things in a more secure, PCI Compliant manner? I do believe so. Does VeriFone live up to the standard of clean hands when it comes to security and do they see Square as a threat to their business model? I believe the answer is "yes".

The root of the security problems that both organizations are either contending with or claim to have solved really revolve around the antiquated magnetic stripe credit card itself. Let's face it , this form factor has changed little in the past thirty or so years and we probably won't see any changes to this form factor because of the millions of magnetic stripe point of sale systems which are in market and will be for some time to come. There is a lot of talk about payments moving to the phone tomorrow using the NFC protocol. There are a few large problems with this thinking - there are not the 13 million+ NFC equipped terminals in the marketplace to take these transactions and security should be a major concern.  There is no incentive for the consumer to to "tap" versus "swipe". There is little incentive for merchants to pay to upgrade to NFC equipped terminals in order to take "card not present" payments via the phone which will end up costing merchants a higher transaction fee. This may happen, with many of the hurdles overcome, in the years ahead but that time vacuum also allows for yet-to-be-released technologies to challenge or surpass NFC.

What really needs to occur is to make the magnetic stripe card itself more secure. Anyone can freely buy a magnetic stripe reader online for $99, plug it in to a usb port and use TextEdit or Word to read the track data on a magnetic stripe. The introduction of Square into the market has not caused this; it's been there for years.

True security means tying the individual to the payment method (card) itself. In an unabashed plug, I invite readers to look at the iCache solution (www.icache.com). Our digital wallet, built to exceed CAST and PCI standards generates a card that is tied to the user, thereby assuring that the card that is presented for use (online and offline) is owned by that individual and that individual only. This occurs for brick and mortar and online transactions. The iCache solution also incorporates many other value added features to include issuance of dynamic CVV numbers. The iCache solution can be used anywhere in the world, without POS modification, delivering value to issuers, merchants and consumers - today.

Now that we are back from the iCache commercial, let's analyze the real issues with Square and VeriFone.

To understand Square is to realize that Square is more about the easy on-boarding of merchants and the processing of transactions than it is about the card reader itself. The Square "dongle" is a conduit to something much bigger which is the empowerment of every consumer to become a merchant without laying out a lot of money for expensive hardware, excessive processing fees and being locked into multi year contracts with hefty termination costs. Innovation and empowerment is a wonderful thing yet it does challenge established players. With every evolution there is the possibility of a counter-revolution when another's bottom line is threatened.

In all fairness, I do believe that Square can do more in the area of security and PCI compliance and I am hopefully sure that they will. There was not a great deal of information that I could find on the Square website which gave me complete confidence that  all of the components of the PCI DSS standards were being followed. This could be intentional as the average consumer does not probably care to read all of the technical nuances of these standards.  If the true debate is about security, it might be fair for each organization to release a table of all of the payment standards for all of their products and state their compliance for each. I do believe that today's event is not so much about security as it is about revenue lines and the simple fact that a less expensive, easier to implement solution is gaining a foothold in the payment acceptance space and payment acceptance hardware market.

If we look at some of the VeriFone devices, as advertised on the Company's website, the Side Swipe product line (which connects to a mobile phone for payment processing) does not appear to fully conform to PCI DSS standards for the same or similar reasons Mr. Bergeron calls for the removal of Square from the marketplace. The VeriFone Side Swipe works  "with the simple swipe of a card, data is stored directly on application software resident in the smartphone". I am further confused by Mr. Bergeron's statement about Square that "the issue is not whether Square's application security is sound", yet a case was vehemently made that Square be emasculated for security reasons.

I do believe that more truth was revealed in the comments that "....what matters is they [Square] are freely distributing...." and that the "problem is growing hourly". What could the true problem be?

The Square hardware costs $0 while, from my research, VeriFone's PAYware Mobile hardware sells for roughly $139+. The issue appears to further extend into the area of other fees (source: www.vantagecard.com/solutions/wireless.html). Square's "card present" processing fee is 2.75%. Square's termination fee is $0. To sign up for a PAYware mobile for 24 months, there is a "Boarding Fee" of $49, a "Monthly Service Fee" of $11, a "Per Transaction Fee" of $0.11 and an "Early Termination Fee" of $199. This fee structure is highly reminiscent of my landline phone bill from 10 years ago!

It is also a bit concerning that at the conclusion of the educational website established by VeriFone to inform us about Square and educate consumers about payment security that in the bottom right is a nice big button where one can sign up for PAYware - not to mention the irony of a Twitter button in the upper left!

At the end of the day, evolution is healthy, innovation has brought us out of the dark ages and competition forces us all to do things better. In competing, let's compete hard while remembering the high road. In our industry, let's do our best to make sure that the payment system is secure and available for all who desire to transact. The movement of value across all modes of secure rails is of paramount importance to our free market system, our economy and all those in it.

5 comments | Read the full post

Square vs. VeriFone: Who Will Win?

Posted by Tyler Hannan | Platform Evangelist, IP Commerce on 8 March 2010 | 0 Comments

Tags: , , , , , , , , , , , ,

PYMNTS.com asked IP Commerce's Platform Evangelist, Tyler Hannan, to weigh in on the battle brewing between Verifone and up-start Square, and to look at its impact on the payments industry.

0 comments | Read the full post

Most Popular

for pymnts

2012 ach acquisition ad-supported advertising africa akerlof alternative payment alternative payments amazon amazon fps american express amex android api apis apple application applications at&t atm authentication automated clearing house b2b b2bsynergy banking bank of america barclays behavioral economics big bank excuse billmelater bing blackberry bling nation bloomberg bob dole braintree brian burnseed business business week business wire c$ cmoney capgemini capital markets summit card act cardholders card issuer card issuers card issuing card network card networks card reform cards carte blanche cartes & identification 2010 cash cass sunstein catalyst code catalysts cfpa cfpa act chase check card checks chicken-and-egg china china union pay cisco cloud computing code commerce compliance congress consolidation consumer consumer financial protection agency consumer financial protection board consumer loyalty consumer payments research center consumers contactless contactless cards contactless payments corduro credit credit card credit card networks credit cards ctia cup cybersource dan ariely daniel read data center david evans david s. evans debit debit card debit cards decoupled developer developers development device fidelity dick schmalensee digital media diners club discover disruptive disruptive technology dodd droid durbin durbin amendment e-commerce e-payment e-wallets ebay ebillme ecommerce economics economists economy eft electronic commerce electronic payments element payment services elizabeth warren encryption epayment epayments evans facebok facebook facebook commerce farmville federal reserve fees financial financial reform finovate firefox foreign networks frank frank parry futures g-cash gaming gao general accountability office gift google google checkout google wallet gopayment greatest developments groupon guest payments hagiu healthcare holiday hyperbolic discounting ibm icbc ignition ignition series ignition strategy innovation interchange international telecommunications union internet internet-based intuit invisible engines ipcommerce ip commerce iphone iphones ipo isis issuer jack dorsey jason diaz jcb international jibun bank john donohue joshua wright journal jp morgan justin fox karen webster kathy miller kenya law lending linkedin loyalty m-commerce m-pesa magnetic strip mag stripe magtek making credit safer manhattan mara airolki margaret weichert market platform dynamics mastercard mcommerce merchant merchants merger meters microsoft mit mobile mobile apps mobile banking mobile money mobile payments mobile wallet money transfer more than money mpayments mtn myspace national payment card near field communications network networks new businesses new business models newspaper publishing newspapers new york city new york times nfc nilson non-cash obama obopay oliver williamson online banking open platforms other p2p paas patrick gauthier payment payment card payment cards payment engine payment networks payments payments innovation paypal paypal here paypalx paypal x payroll paysimple payvment payware pci pci ssc peter guidi philippines pin platform platforms policy pos prepaid processing psychology pts publishing pymnts quattro reform regulation related publications retail revolution money richard thaler roam data ronald coase saas safaricom schiller schmalensee screening rules sdk search security senator durbin serve shane frederick shopping small business smart-phones smartphone smartphones social social commerce social network social networks software square standards start-up startup startup strategy strategy survey of consumer payment choice swipe fee target taxi taxipass taztag techcrunch technology the payments authority tim attinger traffic transaction costs transactions tsys twitter two-sided market two-sided platforms u.s. bank u.s. chamber of commerce user behavior validation verifone verizon virtual currency visa vivotech vodafone wall street wamu warren buffett washinton web 2.0 wells fargo western union windows wright wsj yahoo yes bank youtube zoompass zynga

Follow PYMNTS.com