• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

PayPal Here!

Locals Find!

New Member
Has anyone else seen this?
https://www.paypal.com/webapps/mpp/credit-card-reader

I just signed up for the waiting list. This is paypal's answer to square and the intuit mobile readers. The feature I like that they listed is the ability to scan checks into my paypal account. As I am attempting to avoid the large banks now due to there ever increasing fee structure this seems like it might be a good fit.
 

ucmj22

New Member
yeah, i signed up a couple nights ago. I havent read in to it yet, but if there are any fees on top of the 2.7 per transaction, it wont make any sense to use it over square.
 

Circleville Signs

New Member
Square is still the best. And many people aren't aware that they are releasing more and more features, like their digital wallet. For example, if one of my clients uses square's digital wallet, they don't even have to give me their card when they check out. They can simply give me their name.
 

MatthewTimothy

New Member
yeah, i signed up a couple nights ago. I havent read in to it yet, but if there are any fees on top of the 2.7 per transaction, it wont make any sense to use it over square.

you do realize that square is un-secure and sends their credit card transactions like streaming music.

EDIT:
good post though, might be interesting to see more of later on.
 

binki

New Member
I thought the new credit card rules made so the transactions had to be secure?

PayPal ran afoul of the US Federal government for acting like a bank when it wasn't at one time. Not sure if they have changed their ways or not.
 

Locals Find!

New Member
Paypal isn't a bank. It officially exists as a payment processor. That is why you are required to have your bank account linked up with them at all times to maintain your account. They offer services like a bank can because they contract those services from Regular Banks like Wells Fargo, Chase, Bancorp etc....

They do have to report your processing transactions to the IRS under the new rules that came out last year regarding credit card processing.

I love paypal and regardless of what square does or adds. I have security and systems in place that square will take years to catch up with that paypal currently offers me now. I am not bashing square or any other similar product. You have to choose what works best for you & your business. I just wanted to share that there are more choices coming soon. Competition breeds innovation.
 
you do realize that square is un-secure and sends their credit card transactions like streaming music.

EDIT:
good post though, might be interesting to see more of later on.

really?

from their site


  • Card-processing systems adhere to PCI Data Security Standard (PCI-DSS) Level 1.
  • Square requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
  • Square uses standard, well-reviewed cryptographic protocols and message formats (such as SSL and PGP) when transferring data.
  • Square requires that cryptographic keys are at least 128 bits long. Asymmetric keys must be at least 2048 bits long.
  • Square’s website and API are accessible via 128-bit, extended-validation SSL certificates issued by VeriSign.
  • Square regularly installs security updates and patches on its servers and equipment.
  • Security settings of applications and devices are tuned to ensure appropriate levels of protection.
  • Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.
 

CheapVehicleWrap

New Member
you do realize that square is un-secure and sends their credit card transactions like streaming music.

EDIT:
good post though, might be interesting to see more of later on.

Transferred from the reader to your phone via the headphone port, yes. This is precisely the same place someone could read it with their own eyes.

I'll pass. I'd sooner support Walmart before ebay or paypal.
 

MatthewTimothy

New Member
really?

from their site


  • Card-processing systems adhere to PCI Data Security Standard (PCI-DSS) Level 1.
  • Square requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
  • Square uses standard, well-reviewed cryptographic protocols and message formats (such as SSL and PGP) when transferring data.
  • Square requires that cryptographic keys are at least 128 bits long. Asymmetric keys must be at least 2048 bits long.
  • Square’s website and API are accessible via 128-bit, extended-validation SSL certificates issued by VeriSign.
  • Square regularly installs security updates and patches on its servers and equipment.
  • Security settings of applications and devices are tuned to ensure appropriate levels of protection.
  • Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.


so would you rather believe a site that will you tell you things or someone that actually proved it, at a conference??

Researchers at the Black Hat Security Conference this Thursday uncovered another flaw in Square Mobile’s payment system that makes credit account theft with the device an easy mark.

Square is a payment system that allows card-swipe credit purchase to take place on your iPhone or iPad. Using a dongle that can be purchased at Apple retail stores or online at the company’s website and the free Square app, users can swipe a credit card for payment transactions. The company has skyrocketed to success over the past year and now boasts four million dollars per day in transactions.

Researchers Adam Laurie and Zac Franken of Aperture Labs were the ones to drop the bomb at the recent tech event in Las Vegas. They were able to hack Square’s system using a homemade software application and an iPad-compatible audio cable.

According to InformationWeek, the Square’s dongle converts credit card magstripe data into audio, which the iOS application then listens to and translates back into credit card numbers. Laurie explained that the product was rushed to market without considering the security risk involved in something that could be so easily hacked.

Laurie demonstrated that, by typing in a credit card number into a laptop that was plugged into his iPad, and using the homemade software application, he could send the audio to Square to be translated into a transaction, as if the dongle had been physically swiped.

This makes the theft that much easier because criminals would not need a physical credit card in order to deplete a victim’s account. According to InformationWeek, credit card numbers can be purchased easily on the black market for as little as $2. Criminals could funnel as much stolen money into a bank account as fast as their fingers could type, and as long as the cover their tracks, they could get away with the faceless crime without leaving their basement.

Square has not issued an official statement in response to Laurie and Franken’s discovery, but InformationWeek notes that the company has updated its dongle to encrypt credit card data, but this does not solve the issue that the due demonstrated at the conference.

cited here
 

CheapVehicleWrap

New Member
so would you rather believe a site that will you tell you things or someone that actually proved it, at a conference??


Gee, sounds like he could have just keyed the card number right into the phone (slightly higher rate) rather than convert numbers to audio signals.

This bunkness has cost square quite a penny I'm sure.
 

mopar691

New Member
Well I am not defending anything or leaning one way or the other. But I do believe about any credit card transaction can be intercepted one way or another. If someone is going to steal numbers they can do it via your square reader, your dial up modem desk processor or your Amazon account.
 

signswi

New Member
Matthew, what you posted doesn't in any way imply that using Square as a merchant is bad only that people who buy bulk already stolen credit cards could in theory use Square as the processing system for charging those stolen numbers. The only way that could bit the merchant is if they stole your Square. They could also just steal a traditional merchant swiper so there's no new security issue for you, the merchant.

Now, in practice--not in theory--they usually use iTunes to test cards, which is also rife with injection flaws.
 

MatthewTimothy

New Member
Well I am not defending anything or leaning one way or the other. But I do believe about any credit card transaction can be intercepted one way or another. If someone is going to steal numbers they can do it via your square reader, your dial up modem desk processor or your Amazon account.

agreed, even a key logger could obtain info.


Matthew, what you posted doesn't in any way imply that using Square as a merchant is bad only that people who buy bulk already stolen credit cards could in theory use Square as the processing system for charging those stolen numbers. The only way that could bit the merchant is if they stole your Square. They could also just steal a traditional merchant swiper so there's no new security issue for you, the merchant.

Now, in practice--not in theory--they usually use iTunes to test cards, which is also rife with injection flaws.

you are correct, but it would, in theory be easier to steal your square than your merchant swipe, lol. But my argument around it is the audio transmissions are in no way encrypted from the get go, like much of merchant swipers are.


EDIT:

in the end, anything can go and in theory, can and one day will be hacked.
 

qmr55

New Member
Matthew, what you posted doesn't in any way imply that using Square as a merchant is bad only that people who buy bulk already stolen credit cards could in theory use Square as the processing system for charging those stolen numbers. The only way that could bit the merchant is if they stole your Square. They could also just steal a traditional merchant swiper so there's no new security issue for you, the merchant.

Now, in practice--not in theory--they usually use iTunes to test cards, which is also rife with injection flaws.

I could be wrong but I am pretty sure they were using an interception program to get the card numbers while they are being swiped and transacted. Which means it could be done with ANY card. Doesn't have to be a stolen card.
 
Top