Just Fancy That
We believe it is not in the best interest of the consumers, merchants and overall payment industry to publish the details of product designs describing potential attacks however remote those might be. Even if these attacks are difficult to be accomplished it gives the bad guys a leg up on research they would not have to do and encourages bad behavior.
— Verifone in 2007 in response to security research showing their UK “Chip & PIN” credit card readers were insecure.
In less than an hour, any reasonably skilled programmer can write an application that will “skim” – or steal – a consumer’s financial and personal information right off the card utilizing an easily obtained Square card reader. How do we know? We did it. Tested on sample Square card readers with our own personal credit cards, we wrote an application in less than an hour that did exactly this.
Don’t take our word for it. See for yourself by downloading the sample skimming application and viewing a video of this type of fraud in action.
— Verifone in 2011, after Square reduced their fees for credit card processing to well below Verifone’s rates.