How Secure are Smartphone Credit Card Readers?

A new generation of credit card readers credit  can be plugged into any smartphone or tablet. But how secure are those readers and what can retailers do to make sure they are watertight?

shutterstock_156659966
Images: Care payment via Shutterstock

Times have changed. Customers rarely pay for anything with cash and credit cards are the norm. In fact, almost every business that wants to ensure good cash flow needs a credit card machine to collect payments. To make the process more accessible, POS manufacturers like Shopify have come up with mobile or tablet based credit card readers as well. These credit card readers can be plugged into any smartphone or tablet. Business owners can collect payments on the go, by swiping cards through the credit card reader. This really helps small business owners who cannot afford a complete POS system, or even a permanent shop-front, to get their business running.

So It’s All Good?

Not really, mobile and tablet credit card readers are great but there have been rumours of identity theft happening through them. In fact, CEO of VeriFone, Douglas Bergeron was the first to claim that competitor company Square, was not encrypting data that passed through mobile phone and tablet credit card readers. This was a huge shock to consumers and business people, as they were already using these mobile credit card readers to process payments.

In essence, Bergeron was stating that credit card information, personal data, and pin numbers, were broadcast live for skimmers to pick up and exploit. The only reason that hackers had not jumped on to this open data stream, was that they had yet to develop an application that could filter the data being broadcast, and use it to exploit the consumers.

Square was quick to rebut the accusations and they pointed out that they were a legitimate company that met all security standards for credit card processing. They had also met the Payment Card Industry Data Security Standard (PCI-DSS) and they accused Bergeron of essentially smearing their good name. However, this squabble made users sit up and take notice. The main question on everyone’s mind was simple, ‘Were credit card readers, attached to mobiles or tablets, safe?’

Credit card security is not negotiable

For consumers and businesses potential data loss and data fraud are serious concerns. Retailers can’t afford for their customers to have the slightest doubt about credit card security.

The good news is that almost every POS retailer now uses state-of-the-art encryption software to protect his or her customer data. POS retailers also have to follow specific Payment Card Industry Data Security Standard (PCI DSS 2.0) regulations for consumer grade mobile devices. This means that devices that follow this regulation use validated Point – to – Point or P2PE encryption solutions, states PCI Compliance Guide. With P2PE, the cardholder’s data is encrypted before it enters the smartphone or tablet. The entire transaction is encrypted, if it is temporarily stored on the smartphone or tablet. Even data returning from the payment processor is encrypted, and this will completely stop any hacker from accessing or using the data.

Business owners should also take steps to make guarantee that their customer data is safe. Investing in a PCI-approved credit card reader is the first step, but it is also necessary to use an approved point of interaction device. That means using an exclusive tablet or smartphone for billing procedures. These exclusive devices should also contain current and updated software to protect financial transactions and protect data streams. In case, the device is lost, it should be possible for the business owner or the backend service to remote disable the mobile POS or credit card reader immediately.

The bottom line is that credit card readers are quite safe provided you use the machine the correct way. Being proactive will ensure that your personal data is safe during every transaction.

Leave a comment