Friday, April 8, 2011

Square or Dare? You be the judge...


sq-skim.com

Today is a wake-up call to consumers and the payments industry. Last year, a start-up named Square introduced a credit card reader for smartphones with the goal of making it very easy for anyone to accept credit cards through a mobile device. Seems like a great idea, but there is a serious security flaw that Square has overlooked that places consumers in dire risk.

In less than an hour, any reasonably skilled programmer can write an application that will "skim" – or steal – a consumer's financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.

Let me explain how easy it is to exploit the vulnerability.

More...

No comments: