Square, the breakthrough business launched by twitter-founder Jack Dorsey, won't be shipping as scheduled. It seems that taking credit card payments is more complicated than anticipated. Square was launched last December and scheduled to be in users' hands by “early 2010”, but the company has admitted that it “released parts of …
If you want to accept credit cards, you need a chip reader and the ability to enter pins. I'm not sure that entering the pins on the iphone touch screen would be secure enough.
...Did Amazon, Itunes, Firebox or <insert every other online retailer here> require you to use chip and pin?
Fact is they don't, and people just use a simple online billing service from the likes of paypal, world pay, sec pay or <insert every other online payment processor here> whether for online ordering or not, using the iphone as a payment device in that way turns everything into an online payment so what the big problem? takes a day to code and test a reliable payment processor.
That's the point - there is no difference between getting a card's number from the magstripe than there is just typing it in online. There is no security upgrade, the only way to get an upgrade is to use a chip'n'pin style technology where there is an end-to-end connection to prove that the cardholder (or someone who knows the PIN) and the card are present at the PED (ie: phone) end.
this is the title
Yep. Swipe should be dead, considering how easy it is to clone mag stripes
Have they not heard of chip and pin, or do they not care about the EU market? There is no way that the EU card processors would accept this, also there is no way that they could ever make the device chip and pin compliant, what with having to have all code run in a tamper proof device.
could it look any flimsier?
and what a stupid idea in general. Are business people desperate to have their ability to process credit card payments inextricably linked to their phone? No, because no one that silly would ever have been allowed to set up a business in the first place.
Unless I'm misunderstanding who exactly these card readers are for. Drug dealers maybe? That way you can spend £200 on "cold medicine" and not have to worry about being mugged.
I could see it being used at trade shows. The convention centre will charge you an arm and a leg for a phone line, your other arm and leg for a power drop. If you could just use a cell phone that would save a load of money.
The only thing is that they already have cellular based credit card systems that you can rent, but they are a little expensive too.
If you want to take cards at a trade show, you would get something like this
or a similar product from any of the other banks.
It's fairly easy to set up credit card payments online, with some measure of security by going directly to the payment processors website. Where's the market for this?
Jailbroken phone + this device = Profit. *Lots* of profit.
Does seem a bit odd...
...given that you can get a mobile PDQ, on contract and fully maintained, from most of the acquiring banks/merchant providers for about the same cost (or less) than an iPhone. I'm assuming that you'd still need to go through all of the hoops of getting a suitable merchant account even with the iPhone version, so you're not saving anything there. Unless Square themselves are going to offer a full service, in which case I'm still prepared to bet that it'll work out more expensive than going direct to the banks since there'll be some additional processing charge involved (as with online/MOTO transactions through other payment gateways - SagePay, WorldPay, etc.)
So, odd all round really? And who would want a plastic Oxo cube stuck to their iPhone's bum anyway?
Nice, if it were true.
Here, in Germany, we are still mag-stripe based. Most 'credit' cards don't even have a pin.
(Credit cards here are paid automatically from your bank account on the due date - so are not really credit cards, but are Visa, Mastercard etc.).
I like the card readers that Apple uses in their stores. They fit with the 'i-device' and the swipe is along the long edge, which makes me happier than some flimsy sugarcube along the short edge!
Chip & Pin...
... is not used in the USA, and has only recently been introduced in Canada. Part of the reason is that in the USA, merchants typically buy their cc handling equipment, whereas in Europe the banks either rent it, or subsidise its sale; so in the USA, merchants must bear the cost of upgrading technology where in Europe it's split between merchant and bank, or borne entirely by the bank.
As for the stupidity of the idea? There are many legitimate businesses that would like to accept credit cards, but didn't have a cost-effective solution because they have no fixed premises, or because they work away from those premises: plumbers, market stall traders, large-animal vets.
However, for these, there was already a raft of smartphone applications that facilitate "Cardholder Not Present" transactions by keying in the card details. Slightly less convenient than Square's magstripe reader, but in terms of transaction charges it'd be the same, because that's all Square was ever going to be offering.
[ iPhone can never be a chip&pin terminal, because the EMV regulations require a dedicated, hard-wired pysical connection between the PIN Entry keypad and the terminal ]
Square is just another example of a dumb idea getting piles of free publicity because it came from one of the Web2.x celebrities and so was rattled around the tin-can of the blogosphere until the fart turned into a roar.
chip and pin on iPhone?!!?!? ha ha ha ha.
wipe screen clean - hand to customer to enter pin - hold screen to light and see what 4 numbers make up the pin!
Security through transaction limits?
I laughed so much I almost peed.
I will recover the cost of the keyboard through stealing money from stupid people - it seems to be the growth sector.
Right idea, wrong implementation
Right: micro payments and mobile means of taking a payment. We're heading that way, for sure.
Wrong: using a system that was never designed for offline use (credit cards).
There are so many vectors to attack this that I'm not really surprised they have problems. Nice try, but their problem is that the whole security of credit cards is predicated on having a secure reader (which is already old in itself). I can't see this work, sorry.
Whoever stuck money in this obviously didn't know much about credit card security.
About all you could do is hook up a PED that does all the encryption on the device and then just use the iPhone as a modem back to the authorising software - but by then you're lugging around half a brick, plus its power supply, which rather cuts down on the portability aspect! I rather feel this falls into the solution looking for a problem category...
Can it really be secure on untrusted hardware that can skim the card details, capture the PIN and interorgate the chip.
Hell give even then offer a free gift to sign up to their loyalty programme they will just need an address, date of birth and password "yes we usually suggest mother's maiden name sir".
I'd opt for a second separate authoorisation channel maybe give them your card and then approve the transaction over the web via your own iphone or similar or even dial a freephone number that associates callerid with cards if you can't get mobile web. All needs to be fast though - 2 clicks on the phone to or a 5sec phone call to authorise outstanding transactions.
Chip & Pin and reader
As a few people said, Chip & Pin is not really used in the states. I've seen *one* card in the last 10 years with it, and it may have been someone from Europe with that one. The big problem though, that little cube thingy, it'd look VERY hard to get the card to read without anything to keep the card swiping straight. Heck, with a proper reader I still have to try several times on a lot of cards.
chip and pin not needed in UK
Nothing to stop you collecting card details with a mag swipe and passing it to the payment collection page to run as a cardholder not present (CNP) type transaction.
The advantage of a web based service like that is that you dont pay extra for the GSM enabled chip and pin machine .
What these guys appear to be doing is becoming there own payment gateway as well as just providing the hardware and thats a whole other world to a mag reader on the back of a bit of hardware.
Paris, its a whole other world for her as well!
Obsolete anyway. See NFC mobile phones
See Near Field Communication (NFC) enabled mobile phones.
Visa have a new device that is a near contact system that allows a mobile phone or debit/credit card to be waved very close to the terminal and it give money to a retailer equipped with the VISA terminal.
No need for a Pin to be entered into the terminal as you type in a passcode into your phone before passing the phone/card within 2cm of the terminal.
Think - prepaid Oyster cards used on the London Underground.
Japan have been using this type of system for a least a year as I understand it.
Mobile phone version
Visa is launching a case for the iPhone which has the attachment built into it.
Two biiiiiiiig problems
The bit Visa (et al) don't tell you about this technology is that it's pathetically simple to pick up from a distance. To help you understand this, think of WiFi: that wasn't "designed" to go more than a couple of meters through doors at the allowed maximum radiation, yet people have managed to bridge miles with it. It is all a matter of setting up the right antennae with the right equipment, and if it's worth the money it will happen. 50 Meters is absolutely no problem AFAIK.
However, what is more important is that the fundamentals are broken. The whole credit card idea was never designed for Internet use, and is thus prone to all sorts of problems, mainly originating the the fact that disclosure of ANY component will break the system. Any merchant losing a DB of credit cards immediately puts those at risk, PINs can be shoulder surfed because they remain static, ditto for CVS and the Visa 3D program happily BS-es people into believing that if a virus can read your keyboard it somehow magically fails to do that with the Visa 3D popup.
Most importantly, NOTHING in those "protection" schemes is for the customer - all of it is focused on dropping the liability of any cock-up in your lap. Anyone who comes up with a way to change that has my vote - and my business. And no, you can keep anything wireless, thanks.
I have a mobile PDQ machine, connects via 3G/GPRS, it costs £25/month. Debit card transactions are 26p, credit cards 1.7%, it does chip and pin and prints a nice little receipt with my company details on for the customer to keep. Even if the charges were reversed and they paid them to me I wouldn't switch to that thing, how unprofessional and mickey mouse does that look??
Anyone with a real need to take credit cards is much better served with a dedicated terminal. A venture capitalist and their money are soon parted.
"in Germany, we are still mag-stripe based"
I've not been to Germany for a couple of years, but prior to that my recollection is the ATMs and card-accepting retailers (in Berlin, non-touristy bits) were quite happy to do chip+pin stuff. Am I misremembering? Or is it that the infrastructure does C+P but the German banks aren't issuing C+P cards yet?
Anyway, there are lots of reasons payment card processing on an iPhone is a silly idea.
I was in the states last year
and totally confused the chap in a Resturant.
Paid for food with my chip and pin card. The terminal he was reading was up-to-date enough to recognise this and ask for a PIN number. He'd never seen this before and thought it was broken!
- Does Apple's iOS 7 make you physically SICK? Try swallowing version 7.1
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Video Snowden: You can't trust SPOOKS with your DATA
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update