• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Who's Developing for "Square" MagStripe CreditCard Reader & Touchscreen Payment Systm

Search This thread
Who's Developing for "Square" MagStripe CreditCard Reader & Touchscreen Payment Systm

When I first saw a display ad here on XDA for this gizmo around beginning of April, I thought it was an Fool's joke because the gadget was so small, and it seemed "too smart" to be true.

attachment.php


... but many of you know it's been out for quite a while. Threads here go back to I think September 2010, (though there was zero traction then)...

Website
: https://squareup.com/media

FAQ:
https://help.squareup.com/customer/portal/topics/4139-frequently-asked-questions/articles

It works on Android phones and iphones...


attachment.php


attachment.php



Then, by the end of April, having
poked around a bit, following links, asking questions on their twitter feed and at facebook, I come to find out that SQUARE, the name of this device, new company and payment system, is the brainchild of Twitter founder Jack Dorsey, a real visionary, who's been ahead of the curve before, regarding the ways people, and groups of people, interact, and where technology can play a role there.

With this new knowledge -- which is significant -- it completely reframes the way I looked at this device: from a QUESTION MARK about

"who's using it and what do you think of its viability?"
to
"who's using it and WHAT KINDS OF APPS do you see developing around this system for use by small businesses -- delivering them customized apps with physical credit card transaction systems?
Very different perception about the entire product and viability as you see in the 3 short posts I made in this thread, how it quickly progresses


attachment.php



So, has anyone here....


• used one? If so, how did the transaction go? Is it smooth sailing, does the card reader work the first time? (if so, it's better than most checkout stands at grocery or drug store)

• bought one? if so, have you used it for a business, or just to try out, or to write an app for?

• developed custom software for it?

From the looks of it, if this works half as well as it appears, it seems pretty darn revolutionary.

Curious to see if there is any feedback.
 

Attachments

  • squareup.jpg
    squareup.jpg
    30.8 KB · Views: 1,440
  • squaredetail.jpg
    squaredetail.jpg
    30.7 KB · Views: 1,369
  • Square_SigningHands2.jpg
    Square_SigningHands2.jpg
    16.3 KB · Views: 1,374
  • jackdorsey-small2.jpg
    jackdorsey-small2.jpg
    26.1 KB · Views: 1,336
  • sqaure-intro.jpg
    sqaure-intro.jpg
    9.9 KB · Views: 1,319
Last edited by a moderator:
To be honest it's not something that i would trust.

Explain more please. Do you mean as a card holder making a transaction? You mean you would not trust ...

(a) the security of the system to properly authenticate with the credit card company and approve the transaction

(b) the card reader's and software's inherent reliability to firewall your credit card data and isolate just that single transaction, without grabbing your credit card info?

(c) the vendor using the credit card reader and who knows what software has been tied to the reader to grab and suck down all your credit card data, nicely stored for vendor to use another time, another place -- or sell off to some third party?

(d) or the vendor is acting in good faith but someone makes an app for his particular business and sells to him and he is legit, but unbeknownst to him the app is "phoning home" to app maker or some third party with credit card data?

-------- Please explain , don't just pick a, b, c, d .... I'd really like to understand. And these just sprang off the top of my head once you said that.
 
I've been eyeing them as a company and as a mobile PoS system solution for a while... I signed up today, guess we'll see in a month how it goes.

Great! I hope you'll give us some feedback.

My first impression, as mentioned, upon seeing just the top image, was "what a clever joke" -- because I hadn't really thought something so small was realistic.

Then when I'd clicked through and saw it was tied together thru the headphone jack, I thought: wow, this is clever: Immediately flipped my thinking from joke -- to -- very clever engineering -- with a very smart snap/snug, stable external device mounting method, plus the critical input/output connection.

Then, seeing nothing more my mind wondered but what's the quality of the mag-stripe reader? ---- that's impossible to know... But upon seeing the device was actually in use and had history, I knew it had to work-- and -- my mind instantly flipped again to: How many times had I been to a major chain grocery store or "big-box" store, or ATM machine or parking lot checkout reader, and have my credit card rejected because "not readable" -- only to then have the same card work perfectly fine 10-feet away at another ATM machine? ... Answer: Very often.... And the cashier ends up taking the card and either swiping it in another device, or manually entering the numbers, so, my thought was: hey if it works 75% of the time, it's as good as most industrial strength systems i encounter in every day life... SERIOUSLY.

My mind tumbled out all of these reactive thoughts all in a split second -- like, what about signatures -- and of course, touchscreens, just like in stores. I didn't check to see if they provide a capactive stylus, but i have used about 3 brands of capactive stylusus on my various devices, and they are not bad ---- Put it this way, They are EASILY as good as controlling my signature as the crappy pens provided with almost every touchscreen signature system I have used at grocery stores, drug stores, etc, where my signatures is wildly uncontrolled and yet the system accepts it.

(NOSTALGIA NOTE: The argument has long been had about resistive vs capacitive screens -- I've been in on those for several years. The feature I miss the most on my post-windows-mobile phones is stylus-based drawing and handwriting and character recognition and "handwriting to text"... The entire industry took a giant 10-year step backwards with capacitive screens when that incredible advancement -- poof - just went away, got buried -- and most post-iphone-world consumers today don;'t even know that it was ever possible... oh.well. .... )

So, when I posted this thread, I was pretty psyched.

THEN came the first reply -- and his was the only reply before yours -- saying

To be honest it's not something that i would trust.
And that lead me to immediately examine everything I'd ignored while I marveled at the technology. I never got a reply back from matt.blackwood

which is a real drag

because he raised the issue, and at the very least I wanted to know if the factors I then took apart were the factors bothering him -- or if it was just an overall intuition he hadn't really examined in the detail I did.

In the end, there is NO WAY THIS CONCEPT CAN FAIL ultimately... whether this particular company solves all the problems of security or someone else does... whether they get bought out by paypal, or whatever may happen. It's TOO SMART TO FAIL and I would consider investing money in the company.

Let's face it, the Apple Store uses clunky mobile credit card transaction devices, and they swipe the cards -- and the whole thing is very smart... But I recall asking a guy at Apple store in San Francisco a year ago
"Hey, how come you guys haven't hooked up an external card reader device to an iphone to do this same function? It seems kind of foolish to be touting the iphone's "there's an app for that" only to then have this dedicated terminal that seems way bigger than it needs to be to perform its function"

And the guy looks at me... You know that semi smug look you get with their cool blue t-shirts and tags around neck with the general attitude of "I know all" and "there's nothing you can possibly know that apple hasn't altready thought of" ...

And he starts to speak about "well I am sure they are working on..."

And I pull out my HTC Desire and say "But I'm just saying.. it's a pretty simple concept, anyone could do it, it's not that hard, they could do it to THIS phone, right?...So I'm just kind of surprised it's not even in prototype stage"

And the smug look has evaporated with no place to go... I wasn't being smug at all. I was just being correct. And he says "You're right. We should have that by now" ....
So, *I* had envisioned an add on that was, of course, credit card sized, and was flat, and would butt-up flat to the bottom of a touchscreen device. That seemed so obvious.

Which is why I was initially baffled by this gizmo and thought it was a joke, because it seemed so unrealistic .... Until I clicked through and saw --- wow, *I* was wrong. Very very smart product design. They should change the external design to look less plastic and cheap, so as to convey a more durable and serious, secure product.

Please let us know what you think.
 

CptAJ

Senior Member
Feb 27, 2010
95
29
I think the main issues are definitely B, C and D on your previous post. I'm sure A has been solved by now, otherwise this wouldn't even be a product.

People are very paranoid about their credit cards, and with good reason. Anything remotely "new" will have a tough period of adaptation and the fact that this is portable and so ad-hoc (clever though it is) will only fuel people's doubts. It's great from an engineering perspective but its more of a risky bet when you take marketting into account. But not to worry, there's a lot of places that could pioneer these devices. Cyber cafe's with iphone-armed waitresses and such would be ideal. From there on it would spread. (I would NEVER use it on a hot dog stand like the ad photo suggests though, no way XD)

The signature thing caught my eye as well. Its gonna be really awkward to sign with your fingers. They should DEFINITELY package an iphone-compatible stylus with each reader.
 
Wow, didn't know SQUARE is from inventor of Twitter, his next "vision"

This quadruples my interest in this gizmo and belief in its destiny to take over the credit card terminal business:

http://www.vanityfair.com/business/features/2011/04/jack-dorsey-201104




Frankly, now with this information, I'm really surprised XDA-devs is so slow to get onboard with this. My god, people are dragging their heels on this? It's completely nuts. This is a homerun. If someone has an app to develop for android or windows7, or even iphone, or vendor-by-vendor custom apps, this is going to be a huge huge money maker for app developers customizing apps for SMALL BUSINESSES.

He or she who drags feet will be like Microsoft dragging feet after the iphone flipped the UI for touchscreens to finger-based navigation.
 

Attachments

  • jackdorsey22.jpg
    jackdorsey22.jpg
    88.3 KB · Views: 1,332
I think the main issues are definitely B, C and D on your previous post. I'm sure A has been solved by now, otherwise this wouldn't even be a product.

Thanks for replying. Here's what their site says about security. I would love to see the XDA-dev security experts scrutinize every aspect of the security issues, and pick apart any shortcomings -- simply for identification purposes. I want to see this succeed, and as you can see in the way I have reframed the way I see the product, I am certain it will. I can't see it failing to gain significant traction in X years' time. It will probably be way faster than it took paypal to build user trust -- because that was a different time in the internet curve of adoption by consumers.

https://squareup.com/security | VeriSign Secured seal | PCI Compliant link



Physical & Network Security


  • Sensitive data is encrypted using industry-standard methods when stored on disk or transmitted over public networks.
  • Only standard, well-reviewed cryptographic protocols and message formats (such as SSL and PGP) are used when transferring data.
  • Symmetric cryptographic keys are required to be at least 128 bits long. Asymmetric keys must be at least 2048 bits long.
  • Security updates and patches are installed on servers and equipment in a timely fashion.
  • Security settings of applications and devices are tuned to ensure appropriate levels of protection.
  • Square’s website and API are accessible via 128-bit, extended-validation SSL certificates issued by VeriSign.
  • Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.
  • Card-processing systems adhere to PCI Data Security Standard (PCI-DSS), Level 1.
Web and Client Application Security


  • Card numbers, magnetic stripe data, or security codes are not stored on Square client devices.
  • Applications developed in-house are subject to strict quality testing and security review. Web development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
  • Card-processing applications adhere to the PCI Data Security Standard (PCI-DSS), Level 1.
Organizational Security


  • Access to sensitive data, including application data and cryptographic keys, is strictly controlled on a need-to-know basis.
  • Two-factor authentication and strong password controls are required for administrative access to systems.
  • Security systems and processes are tested on a regular basis by qualified internal and external teams.
  • All access to secure services and data is strictly logged, and audit logs are reviewed on a regular basis.
  • Security policies and procedures are carefully documented, and are reviewed on a regular basis.
  • Detailed incident response plans have been prepared to ensure proper protection of data in an emergency.
Research and Disclosure

We want to encourage responsible reporting of problems with our service. If you believe you have discovered a problem with our service, please contact us at [email protected].
Square will respond to all reasonable reports of potential security problems, usually within 24 hours. If you report a problem, we will:

  • Acknowledge your report, and provide you with contact information for our team as we investigate;
  • Work with you to ensure that we understand the issue, and consult with you about the best way to address it;
  • Work with other organizations, if necessary, to ensure that other services are protected too;
  • Keep you informed as all of this takes place; and
  • Give you credit, if you wish, for helping us.
Security is critical to Square. By reporting problems to us in a responsible manner you enable us to address issues and protect our users in a timely fashion. We also recognize that legitimate and well-intentioned researchers are sometimes blamed for the problems they disclose. In order to encourage responsible reporting practices, we promise not to bring legal action against researchers in response to a disclosure, provided they:

  • Share the full details of any problems found with us.
  • Do not disclose the issue publicly or to others until we have had a reasonable amount of time to address it. We will try to act quickly, but some aspects of our system are complicated and may take time to patch and test.
  • Do not intentionally harm the experience or usefulness of the service to others.
  • Never attempt to view, modify, or damage data belonging to others.
  • Do not seek compensation or reward for the report, either from Square or a third party.
This pledge is intended to balance the protections and guarantees necessary to encourage responsible disclosure against our own requirements and responsibilities for data security. It is not an invitation to test the security of our service without authorization. If you have any questions about this, or have any doubts about whether your tests are appropriate, please contact us before proceeding.

***
*** I want to actually respond to your post's points that I can respond to in next post. This was to isolate the security info into one post.
 

Attachments

  • security1.gif
    security1.gif
    11.4 KB · Views: 1,313

Kaessa

Senior Member
Jul 19, 2010
135
9
Colorado
kaessa.com
I have one of these and have used it, the transactions have gone smoothly. I haven't used it often, but I've had it since they first launched (I was one of the first people to get one of them), and it works great as a swipe card reader as well as a manual input card device if you need to take a credit card number over the internet or phone. I'm not planning on using it in place a normal merchant account (I'm in the process of getting one set up for online transactions), but for in-person transactions I'd feel just as comfortable using this as I would any other card-swiping solution.

Just my two cents. :)
 
FORGET ABOUT ALL DOUBTS in Square payment system: VISA investing in Square

http://www.cnbc.com/id/42783124

For all those who were marginalizing SQUARE with a "wait and see" approach, you might as well sprint ahead and get into adoption mode, and start developing for it. With this VISA partnership, hard to see SQUARE needing any more validation. It's going to clean up big time.

Square Partners with Visa, Gaining Advantage in Mobile Payments Race


square_200.jpg
Source: squareup.com​

Startup Square just secured a major advantage competitive mobile payments space — a strategic investment from Visa which will put one of its executives on the company's advisory board.
This isn't about the cash — earlier this year Square raised $27.7 million in financing, led by Sequoia capital — this is about validation from Visa, a leader in credit card payments.
Considering that all of Square's rivals, including Quicken and PayPal, have been looking to partner with a giant like Visa, this gives Square a huge advantage in getting merchants to adopt its service.
more in link: http://www.cnbc.com/id/42783124

And from GigaOm:

Visa is making a strategic investment in mobile payment provider Square, providing the start-up with an undisclosed sum of money as well as a new advisory board member. It’s a nice boost for Square, which is on a roll as it tries to ramp up payments via a smartphone. But it also highlights the growing role of credit card companies as they try to prepare for the growing mobile payments boom.
 
I have one of these and have used it, the transactions have gone smoothly. I haven't used it often, but I've had it since they first launched (I was one of the first people to get one of them), and it works great as a swipe card reader as well as a manual input card device if you need to take a credit card number over the internet or phone. I'm not planning on using it in place a normal merchant account (I'm in the process of getting one set up for online transactions), but for in-person transactions I'd feel just as comfortable using this as I would any other card-swiping solution.

Just my two cents. :)

Kaessa, would love to get more anecdotal information about how customers are responding to this form of payment -- what questions do they ask... and even procedurally -- walk me through it, do you in fact hold the phone in your hand, as pictured, and they swipe it? Or do you turn phone sideways (90-degrees) so they can swipe card more like at cashier terminals?

Then what, do you keep the reader plugged in and flip phone around for people to sign?

Do people have an okay time with finger?

Is there a reset/ try signature again?


Just curious! Thank you.
 

Charles Darke

Member
Apr 3, 2007
40
9
droidgram.com
I really want to get one of these to play with, but they are not available outside of the US. I don't want to use it for payments, just as a mag-stripe reader.

I was wondering if anyone in the US would be willing to buy one and send it over? I heard you can buy them over the counter from apple stores...
 

madnish30

Retired Forum Mod / Retired Recognized Developer
Apr 22, 2009
3,002
182
New Delhi-India.
MOD note: After going through the thread, indeed it's related to phones and shall be moved back to general shortly.
It might have been misinterpreted by ORB, even we moderators are humans and can make mistakes.
So, I suggest OP and everyone relax.

Also, if OP you have any further issues address them to me via PM ( not rant threads - like the one I shut ).
 
That is correct, initially it seemed to be an iphone only related thread, now OP edited and included other OS´s.

@OP, Next time please contact Moderator instead of creating rant threads please

OP only edited it to make it more apparent that it was about phones. No image was changed. No information was changed re OS. It was about Android from Day 1.
 

Kaessa

Senior Member
Jul 19, 2010
135
9
Colorado
kaessa.com
Kaessa, would love to get more anecdotal information about how customers are responding to this form of payment -- what questions do they ask... and even procedurally -- walk me through it, do you in fact hold the phone in your hand, as pictured, and they swipe it? Or do you turn phone sideways (90-degrees) so they can swipe card more like at cashier terminals?

Then what, do you keep the reader plugged in and flip phone around for people to sign?

Do people have an okay time with finger?

Is there a reset/ try signature again?


Just curious! Thank you.

I've only done it a couple of times, so I'm probably not the best one to ask. One was online, as an eBay transaction... PayPal had screwed up his account so I just took his Visa over the phone. There is a "card not present" option, just like with any other credit card machine.

As far as swiping the card, I would take the card from them and swipe it. It's a fairly delicate device, not like a grocery store card reader, and someone getting over-enthusiastic with it could break it or your phone's headphone jack. I don't worry about breaking it myself... I carry it around in my purse in the same pouch I carry my headphones in.

As far as the signature goes, the finger signature works fine... just turn it around and either give it to them, or put it on a flat surface and have them sign. I don't know if there's a "try again", but there probably is. It's a well developed piece of software, really slick. Looks like they thought of everything when they put it together. I haven't had anyone hesitate to use it. Now that Visa is in on it, I'm sure there won't be any problems.

I'm thinking of using it at my next yard sale. Should get all those looky-loos that "forgot to bring enough money". ;)