clock menu more-arrow no yes

Filed under:

Square updates its credit card reader to include hardware encryption

New, 10 comments

Square has updated its credit card reading dongle to include hardware encryption circuitry. Previously, the dongle sent unencrypted credit card information to iOS or Android devices that could be read by other apps.

Square Card Reader 3 1020
Square Card Reader 3 1020

VentureBeat is reporting that mobile payment company Square has updated its credit card reader to support hardware encryption. Apparently all Square dongles will now include circuitry that encrypts credit card data (which is turned into audio after a card is swiped) before it's sent to an iOS or Android device. VentureBeat received one of the new readers and confirmed the internals had changed, most notably by the inclusion of a small battery. Including hardware encryption should mean that only the official Square app will be able to decipher the information, greatly limiting the usefulness of Square dongles when it comes to skimming. VentureBeat says that Square will also replace old dongles already in use that lack the new security feature.

While it might be surprising to hear that most of Square's credit card readers in the wild lack this level of security, the issue has been contentious for quite some time. Last year, Square competitor VeriFone set up a website outlining the potential perils of using the tiny plastic dongle, including an open letter in which its CEO wrote that the reader is ripe for use in skimming scams. VeriFone went so far as to write an app that shows how easy it is to steal someone's credit card info with the device. More recently, PayPal decided to take Square head on by launching PayPal Here, and touting the hardware encryption in its dongle. However, with its hardware seemingly now up to snuff, and with a significant head start over the competition, Square remains the mobile payment method to beat.