Square’s Dorsey: Verifone Security Claims Not Accurate

UPDATED: Square founder and CEO Jack Dorsey responded to VeriFone’s much publicized and questionable attack on its security with an understated letter that defends his mobile payment’s protections, saying VeriFone’s (s pay) claims are neither fair or accurate. Without even mentioning VeriFone by name, Dorsey pointed out the present danger of credit card fraud, but highlighted the existing security measures built into Square and credit cards.

Compared to VeriFone’s robust attempt to highlight Square’s potential to act as a credit card skimmer, which included not just a video but also the release of an application meant to demonstrate the danger, Dorsey’s response was particularly restrained. Dorsey just pointed out that anyone who uses a credit card needs to be on the look-out for skimming, which has been a threat long before Square and its mobile payment dongle arrived on the scene. And he didn’t highlight the obvious, which is that VeriFone has a vested interest in this case because it competes directly with Square with its PayWARE product.

Any technology—an encrypted card reader, phone camera, or plain old pen and paper—can be used to “skim” or copy numbers from a credit card. The waiter you hand your credit card to at a restaurant, for example, could easily steal your card details if he wanted to—no technology required. If you provide your credit card to someone who intends to steal from you, they already have everything they need: the information on the front of your card.

Dorsey said credit card companies, like Square partner JP Morgan, review transactions for fraudulent activity and alert users in those cases, often reversing charges when that happens. Square has also added more security by giving people the option to receive a text message or e-mail when they perform a Square transaction.

Judging by a lot of the chatter on Twitter, many sided with Square on this one, so it didn’t have to go all out in defending its honor. Most saw VeriFone’s attack as more an admission of fear rather than a public service. In fact, as Darrell reported yesterday, Verifone may be in hot water for releasing an application designed to facilitate an illegal act. In the larger scheme of things, this probably did VeriFone more harm than Square. The company looked worried about the competitive threat posed by Square, and it’s actions also could sow some general doubt about the safety of mobile card readers, which could dampen the entire industry.

Mike Puchol, a wireless expert and GigaOM commenter, had a good run down of the situation. He said skimmers have been available before Square and that criminals are unlikely to use a legitimate payment device to skim credit card information because it would require them to set up real functionality to masquerade as a legitimate vendor. And he said card holders are not going to give their card to just anyone, but to people they are actually doing business with.

VeriFone’s actions highlight the growing competition in the mobile payment market, and show just how far companies will go to compete in this burgeoning area. As we’ve reported before, the entire mobile payment opportunity is huge and could be worth an estimated $633 billion by 2014. With that much money at stake, it’s likely VeriFone’s attack isn’t the last one we’ll see.

UPDATE: Verifone responded to my request for more comment on the whole situation and responded witha statement:

“Square disregards the core issue of encryption and acknowledges their devices have no layer of security to protect mag-stripe data on consumer credit cards. They are deflecting responsibility and are solely relying on card issuers to protect consumers,” said Paul Rasori, Senior Vice President, Global Marketing, VeriFone.