Researchers Unveil Square Reader Mobile POS Hacks

It wasn’t long ago when hacking a point-of-sale system meant deploying a RAM scraper at a retailer, sitting back and watching the credit card numbers roll in. Now that POS has gone mobile with vendors such as Square, Intuit, Revel and others using hardware fobs connected to smartphones and tablet...

Hacker Finds How Easy Is to Steal Money Using Square Credit-Card Reader

Next time just be careful while swiping your credit card at small retailers or trendy stores that use Square Reader to accept credit card payments. The increasingly popular and widely used Square Reader can be easily turned into a skimming device that can be used to steal your credit card data, a...

Square: Delayed, fraudulent transactions possible with encrypted Square Reader devices due to lack of server-side verification of device transaction counter

Although Square Readers implement encryption, possibly with a Derived Unique Key Per Transaction DUKPT scheme, the transaction counter of a Square Reader device is not verified when performing server-side decryption of swipe data. During a valid sale, a malicious merchant or third party can recor...