The mobile payment wars are on. Recently, Twitter co-founder Jack Dorsey announced his new venture, Square, a device that allows a physical credit card payments to be swiped via their mobile phone. Soon after Verifone annouced a similar solution, PAYware Mobile. While PAYware Mobile attaches to an iPhone, Square aims to work with any mobile device provided it has a headphone jack. Since iPhone Apps took off, there have been many payment apps and there have many payment solutions/add-ons for mobile devices.  

So what's all the fuss? Is the Square a game-changer and is it secure? Is Verifone's PAYware Mobile a "Square-killer"? PYMNTS.com has been following Square and it appears they have been following us too, or at least as seen in a recently posted Tech Crunch video.

Tech Crunch's Michael Arrington has been cozy with Mr. Dorsey and helping him spread the word about Square. In a recent blog post, Arrington, kindly using PYMNTS.com, showed Mr. Dorsey the Verifone announcement and took a swipe at Verfione for using a Photoshopped image of the PAYware Mobile product. Arrington claims that due to Square's great press that other payment providers, like Verifone, were rushing to put their product on the market. Arrington and Dorsey discuss how Square is different than Verifone's offering and how secure Square will be.  See the video here:

While it may be true that Verifone rushed to market, it is also true that there have been many other applications to hit the market (see the CC Terminal App for the iPhone) and hardware in the market. In reaction to our Square announcement, John Frank (VP Sales & Marketing, HomeATM ePayment Solutions), noted his company had a similar product prior to Square and PAYware Mobile:

"The hype over this is amazing considering that HomeATM ePayment Solutions came up with a better product (PCI 2.x PED Certified) more than a year ago (which also plugs into an earphone jack of any phone). Especially considering that our device not only accepts Credit and Debit but PIN based Debit and Prepaid cards and allows for real-time money transfer. There's absolutely no question that if Mr. Dorsey was not the Silicon Valley Rock Star he is, based on the fact that he's the founder of Twitter, the buzz around the product would be closer to the buzz we've gotten over the last 12 months. I have yet to see anything written regarding the security of the device (i.e. HomeATM utilizes 3DES DUKPT encryption and encrypts the Track 2 data) but nonetheless, it is refreshing to see to see interest in the device as I am of the position that in an 'Apple to Apple' comparison, the HomeATM device (with all due respect) is far superior in most every way. That said, it might make for an interesting story if PYMNTS was the one to conduct that comparison and publish the results. We would certainly be willing to go head to head with the device in a product comparison."

(PYMNTS.com would love to host a head-to-head as well, and has requests out to Square and Verifone.)

Stiel Direct's Dan Stiel said, "If this is disruptive technology, it is only on the hardware/terminal side of the business. It looks like it could replace my $800 VeriFone Nurit 8000 terminal when it finally breaks, which also runs on the AT&T network. Except for giving VeriFone competitive heartburn, I don't see much else that strikes me as a 'big-deal' or breakthrough." Stiel added, "Show me how you can reduce my clients' credit/debit card discount rate and I'll listen. Otherwise, it is just another 'me too' POS device."

There have also been other mobile alternatives to hit the market. In response to the Square debut, founder and CEO of iCache Jon Ramaci asked, "Have you seen iCache? What about an RF module instead of swipe for contactless payment? It would be less mechanical and prone to failure and degradation over time."

Square is by no means the first to market as a mobile payments solution, but it does provide something unique by allowing anyone to have a merchant account, which Verfione's PAYmobile doesn't appear to do. In the TechCrunch interview, Dorsey said that Square is different than Verifone in that it isn't "focused on providing a solution for people with a merchant accounts today, but it (Square) is focused on doing something that allows people to get in immediately."

When comparing Verifone's PAYware Mobile hardware, Dorsey explained that Square's "main focus is not to just speak to just the iPhone or iPod touch, but to allow one to take payments from any device. The hardware is just a llittle part of what we are doing. With the audio jack and through microphone we can make the device very cheap so we can give it away for free."

Others in the industry who have remarked on Square's innovation. We recently interviewed industry expert Mimi Hart, CEO of Magtek, about her first impressions with Square. MagTek has been in the payments space for over 38 years and was the first company to build a swipe reader for use at the POS. Hart said that what she thought was innovative about the device was that Square had "taken a magnetic tag, the smallest component possible, and instead of trying to decode right at the time where they recovering the signal from, the stripe, they're actually capturing the analog waveform and doing the decode process further down the pipe. That allows them to put a very low-cost product in the market place. That's the innovation."

But the big bone that many in the industry are picking is in regards to security. Hart said, "The trick will be how much security is there in that system (Square), and what's the tradeoff between something that is very inexpensive and very convenient but that doesn't have some security features in it that some of the more mature POS companies have been focused on getting into the marketplace."

As with any payment application, there are rules that the payment application provider has to follow. Essentially, you have to make sure that the terminal and the application residing in it are PCI DSS compliant. Those rules are there for the protection of the cardholder's data. The first thing to you need to look at is that to make sure that the application itself has been vetted, which Square is in the process of doing. In Hart's interview, she noted that "PCI DSS only goes so far at this time, basically only saying you cannot store data when it is at rest. The bigger concern in the industry is protecting the data at the earliest point in the transaction."

According to Square's Web site, they use an ordinary magnetic stripe head and it doesn't have any encription at that point, and that the data will be encrypted once it gets to the iPhone. Hart warned that "the trouble with that is that we know iPhones and other mobile devices can be hacked, and keystroke loggers and people intercepting that data can get to it before it's encrypted." Hart added, "It's really important to get the magnetic stripe data encrypted literally at the magnetic head so the data that's coming off those wires has already been digitized and has been encrypted before it hits the iPhone. And that's what the industry has been working to across the board, whether it's a PC in a brick-and-mortar store or an application that resides on another PDA where there using Bluetooth readers where you get a swipe but you get encrypted data before it hits the payments terminal or smartphone."

In the PAYware Mobile press release, VeriFone CEO Douglas G. Bergeron said,"Banks and processors are concerned about the security issues of unapproved merchants using unregulated software and insecure fobs to accept card payments." Tech Crunch's Michael Arrington said this sounded like a jab at Square. In response, Dorsey said that "everything we (Square) are doing is going to be compliant PCI level one, so we're under the same complaince as someone like Verifone is under."

When Arrington asked if he thought Bergeron was "full of crap", Dorsey replied that "from the outside it looks like we haven't done the work to actually verify everything, but we are heavily regulated just like Verifone, and we're going the compliance and managing the fraud and the risk and all those aspects that comes along with this business."

We look forward to following this development and seeing both Verifone's PAYware Mobile and the Square in action. May the best device win.

Related Content

VeriFone Announces iPhone Secure Payments Solution

Sure Square Is Cool, But Is It Secure? MagTek CEO Mimi Hart Weighs In on Square

The Commerce Fault Line: Square Aims at Mobilizing Payments

PYMNTS LinkedIn Group: Industry Reaction to Square

Will Twitter Founder's Square Make the Payments World Go Round?

More on Square | More from Tech Crunch's Michael Arrington