Skip to main content

Mobile Payment System Square Vulnerable to Card Fraud

White Hats have exposed a major security vulnerability in the US based mobile payment service, Square.

Zac Franken and Adam Laurie, two security experts of the firm Aperture Labs revealed to the world how they used a homemade software program and an iPad wire to deceive Square- Mountain View’s payment service with supposedly “tight” security features.

According to Laurie, he could type in credit card numbers in his PC, which instantly got converted into sound data and subsequently send to Square, wherein the transaction was registered just the way a real card would have when swiped in a dongle.

"Traditionally, the way you make money from stolen credit cards is sell the data to someone else or buy goods on it, then resell the goods and get the cash," Laurie said while demonstrating the hack at a Black Hat computer security gathering in Las Vegas, AFP reports.

"This really takes the hassle out of it... I can put the money right in the account and it only costs me 2.75 percent,” he added.

The white hats said that they had reported the vulnerability back in February but, much to their surprise, Square said that it doesn’t see this vulnerability as a threat and it would be able to trace such transactions through traffic analysis.