Send dosh (insecurely) via email, Jack Dorsey's Square tells punters

TLS can secure financial transactions ... right?


Not content with revolutionising shopping as we know it, uber-cool money-transfer outfit Square has launched a peer-to-peer payment system – secured only by an SMTP password.

Square – the payment firm developed by Twitter founder Jack Dorsey – has debuted a new service, Square Cash, which authorises transactions with an email. You just email the recipient, CCing cash@square.com, and specify the quantity of cash to be moved in the subject line.

The money is deducted from one's debit or credit card (which must be registered with the service – either in advance or Square sends you instructions to do so) and credited to the recipient, who'll be asked to provide one if not already registered. The key to securing Square transactions, however, is that their security depends entirely on the impossibility of forging an email message.

Looks genuine to me

Square apparently wanted to simplify the process of sending and receiving money, and, having decided that secure credentials are a bit of a faff, thought email should be sufficiently secure to authorise payments totalling up to $2,500 a week. As an SMS is sent to the payee every time money is deducted, they've plenty of time to dispute a payment during the 1-2 business days it takes to process.

Forging emails isn't as trivial as it used to be some years ago, when one could telnet into an SMTP server and spit out a mail from anyone. These days SMTP servers commonly require a username and password, and use Transport Layer Security, but you might not wish to bet your bank account on it.

Square has a history of playing fast and loose with security, touting an iPhone-based magnetic-stripe card reader without any obvious security features, but if the company can get away with it in most cases, then the security is probably good enough.

Square Cash transactions will be free, but the showstopper may be those two business days it takes for transactions to be credited to the recipient's account, while services such as PingIt can do the same thing in less than 24 hours. ®

Similar topics


Other stories you might like

  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Don't hate on cryptomining, hate the power stations, say Bitcoin super-fans
    We're not the ones telling them to burn fossil fuels, top names write in response to probe request

    Big names in Bitcoin have defended cryptocurrency mining, issuing a jointly signed letter hitting back at US lawmakers who last month urged a government watchdog to probe the practice.

    Twitter founder and Bitcoin champion Jack Dorsey, the CEO of Bitcoin-collecting MicroStrategy Michael Saylor, and others on Monday signed the letter [PDF] that is a point-by-point rebuttal to a memo [PDF] sent last month to America's Environmental Protection Agency (EPA) by Representative Jared Huffman (D-CA) and a couple dozen other Democrats.

    In that first letter, Huffman and pals asked the EPA to probe proof-of-work cryptocurrency mining facilities to ensure they're following US laws such as the Clean Air Act and Clean Water Act, and not having an outsized effect on climate change. Proof-of-work cryptocurrencies include Bitcoin, Ethereum, and Monero. Ethereum, for one, is planning to move to fully proof-of-stake approach, which is more energy efficient.

    Continue reading
  • Jack Dorsey's side hustle – payments outfit Square – acquires buy now pay later darling Afterpay for $29bn
    Plans to make partial payments for almost anything the new normal

    Square, the credit card processing company run by Twitter founder Jack Dorsey, has announced plans to acquire Australian buy-now-pay-later (BNPL) outfit Afterpay for $29 billion.

    Afterpay offers shoppers the chance to acquire goods and services with four fortnightly payments. Merchants pay a commission for each Afterpay sale, often at higher rates than those charged by credit card companies. But consumers can use Afterpay free of charge if they pay on time. Even if punters miss a payment, the initial $10 late fee can be less than credit card interest on the same purchase.

    Also known as Clearpay in Europe, Afterpay is an Australian company and launched in 2015. A trading update [PDF] issued today reports it has 16.2 million active customers, 98,200 merchant members, revenue of A$925 million (US$679M) and facilitated $21.1 billion of sales in FY 2021.

    Continue reading

Biting the hand that feeds IT © 1998–2022