Last year we reported how Apple’s former accessory hardware division leader Jesse Dorogusker redesigned the Square reader to make it 45% thinner than the original version. The updated card reader will be replacing the previous model soon, with the older version no longer being supported by the company.
The company has started notifying existing customers that they can get the new Square reader for free by signing into their web dashboard.
Square, which was co-founded in 2010 by Twitter’s Jack Dorsey, allows iOS and Android users to accept credit card payments directly from their mobile devices.
FTC: We use income earning auto affiliate links. More.
This is because the old reader isn’t encrypted.
How do you know that? Do you have a source?
Here are two:
http://www.ilounge.com/index.php/news/comments/square-quietly-updates-reader-with-encryption/
http://venturebeat.com/2012/03/26/square-adds-encryption-to-its-square-reader/
“All of the Square readers currently shipping have encryption; I received mine today. Square plans to migrate existing users to the new readers over time.”
First off, mag stripe credit cards don’t have encryption. Secondly, iLounge consists of a bunch of idiots that often get facts wrong and use non-experts as if they were expert sources. Thirdly, any card reader can read all the data in a stripe and do bad things with it if so desired.
In conclusion: maybe square added encryption to its device, but it is moot as long as mag stripes are used as a transport.
“but it is moot as long as mag stripes are used as a transport.”
The Square reader uses to microphone jack to send the card data to the Square app. On Android (and possibly on iOS), it’s possible to create malware that eavesdrops on the microphone and intercepts the audio signal and redirects it to a third party. Encrypting that data, ideally using a different key for each reader, before it’s sent to the phone prevents a hacked phone from turning into a remote card skimmer.
So long as the port the data is coming through is not secured, interception is possible and encryption desirable.
(And yeah, the whole mag-strip thing is hopelessly insecure, but that’s no reason to make it even easier to exploit)
These devices are not allowed in Norway as they fail to reach minimum required security by law… Chip & Pin is the ONLY thing they will allow…!!! Shame as they would be really handy to have here, just not gonna happen…
My reader wouldn’t stay in the jack unless I took the case off of the phone, which I didn’t. Hope the new one gets around this.
What should we do to recycle the old device?