Square Debuts New Email Payment System

cagraham writes "Mobile payment company Square — best known for their smartphone credit-card swipers — has launched a new payment service called Square Cash. The service doesn't require users to sign up or make an account. Instead, they just email the person they'd like to transfer money to (with the amount as the subject), and CC 'cash@square.com.' Square asks the sender for their debit card info, and then sends a link to the recipient, who can transfer the money into any account they want within 1-2 business days."

Won't take off

Sounds too complicated. Sorry, but think of the average moron.

Re:Won't take off

[Jeremiah+Cornelius]

Drug Deal!

Re:Won't take off

[reboot246]

I know a lot of people who have the bad habit of sending everything to everybody in their contact list. Wouldn't it be funny if they sent money to dozens of their friends by mistake, and then those friends cc (they never use bcc) to everybody in their contact list and so on?

Re:Won't take off

[mediocrist]

To: friend, Cc: square, Subject: $5, Body: anything
Receive email from square with a link for debit card info the first time you do it
Done

Receive email from friend sending you $5
Enter debit card info into link first time you do it
Done

From that point on, anytime you send that email or receive funds, it'll happen automatically

To: friend, Cc: square, Subject: $5, Body: anything
Done

Ummmm...

This has got to be the most insecure payment system ever.

Re:Ummmm...

[Catskul]

How so?

Re:Ummmm...

[Russ1642]

You shouldn't send that kind of account info by email.

Re:Ummmm...

[Catskul]

You don't send account info via email. Read the article, or even just the summary more carefully.

Re:Ummmm...

[Russ1642]

The summary makes it seem like it's all done over email. Why would I read the article? Nobody does that.

Re:Ummmm...

[suutar]

anyone who can intercept the email from square to the recipient can use the link, unless there's a lot more validation than they're mentioning.

Re:Ummmm...

[Catskul]

You don't actually need to read the article. The summary suggests that all that goes in the email is the amount, and the CC to cash@square.com.

Instead, they just email the person they'd like to transfer money to (with the amount as the subject), and CC 'cash@square.com.' Square asks the sending for their debit card info, and then sends a link to the recipient, who can transfer the money into any account they want .

Re:Ummmm...

[Russ1642]

Instead, they just email the person they'd like to transfer money to (with the amount as the subject), and CC 'cash@square.com.' Square asks the sending for their debit card info, and then sends a link to the recipient, who can transfer the money into any account they want .

Looks to me like they ask for the debit card info by email. But that's apparently not what they do so whatever.

Re:Ummmm...

[NatasRevol]

The NSA can finally finance all the email spying they're doing!

Re:Ummmm...

The title has the word "email" in it. That makes it seem like it's all done over email. Why would I read the summary? Nobody does that.

Re:Ummmm...

No. Square sends a link to the sender and has them provide their bank info to square over a secure (https) connection. Square then sends a link to the receiver and has them do the same. Just like paypal, dwolla, google checkout, or any other method of "emailing" cash.

I didn't need to click the article, either, but I'm not stupid, so...

Re:Ummmm...

[j-beda]

anyone who can intercept the email from square to the recipient can use the link, unless there's a lot more validation than they're mentioning.

Perhaps, but the same can be said for a cheque sent in the mail. Similar worries might be raised for giving your credit card details over your cordless phone - someone could be listening in. In general though, they are not.

Re:Ummmm...

[hawk]

Nah, it's well established.

I regularly get sent things that only need me to provide my card number, social security number, and date of birth to confirm my information.

The exiled Chief's widow has friends in Russia that are helping get my money back . . .

hawk

email?

I thought all the kids these days were shunning email.

Really?

[mcmonkey]

Account details over email and 1-2 business days?

Why not just put cash in an envelope and send USPS? At least that way you can't lost more than the cash you send.

Re:Really?

You don't send your account details in the email. They give you a link where you go to provide the details.

Re:Really?

[Catskul]

You like dealing with physical mail, and cash? Good for you. Most people don't.

Re:Really?

Account details are sent over HTTPS, not e-mail. It's not specified in their information, but other articles on the subject say Square e-mails you a link asking for your debit card information the first time you send or receive money using the service.

On the other hand, it's unclear how they deal with e-mail spoofing. Maybe they just trust their anti-fraud enough and enough domains are using anti-spam techniques that happen to also prevent spoofing.

Re:Really?

Some reading comprehension issues here.

I always though the grade school reading comprehension tests were silly; why would anyone have trouble with this, I thought. Well, here you go.

Re:Really?

You like dealing with physical mail, and cash? Good for you. Most people don't.

I appreciate the implication of your response, in that you consider "dealing with physical mail" to be a far worse idea than "sending account details over email". Because as we all know, the latter might be insecure and horribly open for abuse, but the former is haaaaaaard, so let's go shopping. Er, I mean, let's trust TEH DIGITALZ for everything, implicitly.

Re:Really?

[ljw1004]

RTFA. "If this is your first time using the service, Square will email you a link to its service, where you’ll be asked to enter your debit-card information."

Re:Really?

[icebike]

Exactly.

You have to have an inordinate amount of trust in Square to use this service from EITHER end.

Sender hands over Debit Card info.
Receiver hands over BANK Account info.
Really?

Much as people love to hate PayPal, their process is more reliable.
Paypal offers a Paypal balance backed Debit Card if you want to fund the kid at college without
co-signing a credit card application.
Even Google will transfer money for you these days.

Re:Really?

You don't send account details over email.

Re:Really?

[hawky]

We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

Re:Really?

[suutar]

Keep in mind, Square's been doing "sender of money hands over card info, recipient of money hands over bank account info" for years. It's just that the recipient set up the account first and then met the sender face to face.

Re:Really?

Sounds like an easy way to do a phishing scam.

Re:Really?

[shaitand]

Both the sender and recipient have to provide their information to Paypal and Google for their services as well.

The law is set up in such a way that all money exchangers are required to get identifying information from you. But even if they weren't, you have to provide a source and destination for the funds to get them in and out of the service.

Re:Really?

[pepty]

Were there debit card fees from the banks, etc?

Re:Really?

[Anubis+IV]

1) Account details are not sent over e-mail. You simply CC Square on an e-mail that you send to the recipient with the amount of the transaction in the subject line. Square then withdraws that amount from your account (which you've previously configured with them, or else which you're prompted to configure at their site before the payment will proceed) and sends the recipient an e-mail so that they can redeem it. Their app is basically a front-end for doing the exact same thing.

2) Sending stuff via snail mail costs money for postage, has a failure state that involves the total loss of funds for both parties, is not trackable by either party without incurring additional cost, requires the recipient to give up their physical address to the sender, and can't be done easily from anywhere with no notice or warning. This system has none of those issues.

Before you think I'm painting an overly rosy picture of Square Cash, however, I'll readily acknowledge that it has many issues of its own, which will, at least for now, keep me from using it. For instance, there's the little fact that your e-mail credentials are essentially being used to access your bank account, given that anyone with the ability to send an e-mail from your account can also send funds from your bank account. That, more than anything else, would keep me from using it, since it bypasses all of the security we've set up around banking online. And the fact that it uses debit cards, rather than credit cards, means that there's none of that security either. I.e. Once those funds are gone, they're gone, unless your banking institution provides some additional protection against identity theft or the like.

Even so, to deny that there are upsides to the service is just plain silly. It's significantly more convenient, not to mention cheaper, than sending cash, but it seems to me that it comes at the expense of significantly increasing your surface area for attack and the potential for damage to be done.

Re:Really?

[tlhIngan]

Question - is it debit card only? The sender can't use a credit card?

That is one of the reasons why Square is good, and why Paypal is popular - you can just use your credit card and not debit card...

I understand debit for receiving payments, but sending them?

Re:Really?

ok, so you send me an e-mail that directs me to a web site that want's my credit card information.
How can I know if the website is the real one or a spoofed one? Now someone has my credit card information.

Sounds like a perfect storm for internet fraud to me. I won't every use it.

Re:Really?

Cash? That sounds lame, not to mention dangerous. Anyway, the whole thing sounds like an American problem... why not just convince American banks to switch over to a system used in other parts of the world?

Here in Europe, you just tell someone your IBAN number and they can send you money, generally free of charge.

Re:Really?

[n7ytd]

We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

So now can you spoof another e-mail from your co-worker to yourself, CC'ed to square and get more money from him in less than 5 minutes?

Re:Really?

[Kalriath]

To get away with the "no fees", they really can't accept credit cards, and have to hope that the interest on the money they hold for 2 days makes up for the interchange on the debit transaction.

Re:Really?

[CCarrot]

We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

So now can you spoof another e-mail from your co-worker to yourself, CC'ed to square and get more money from him in less than 5 minutes?

My thought exactly. Too lazy to RTFA, but hopefully there's some sort of secondary authorization required (like PayPal implements) before Square just initiates the transfer, otherwise you are basically hostage to any punk who can hack your email account...

Re:Really?

[Grishnakh]

Even Google will transfer money for you these days.

Wrong, unfortunately. Google used to have a system called "Google Payments", which was basically a clone of Paypal, but it was shut down recently. They still have part of it around, but it's only for people selling apps in the Android marketplace.

The only competition to Paypal these days seems to be "Moneybookers", this new thing from Square, regular merchant accounts (which only make sense for very high-volume sellers), and money orders in the mail.

Re:Really?

[Grishnakh]

In case you Europeans haven't figured out the obvious yet, America is basically a third-world country that refuses to accept that fact. Except that in some ways, America is even worse than third-world countries, such as with our banking system. Even crappy third-world countries' banks use SWIFT transfers, but only the larger banks in America are on SWIFT, and then they charge you huge fees for doing transfers that way.

Re:Really?

[cybertears]

Why hack an email account when spoofing the FROM address is even easier?

Re:Really?

[icebike]

What do you mean "Wrong"?

http://www.google.com/wallet/send-money/

Re:Really?

Because that would take 7 to 9 business days.

Re:Really?

[complete+loony]

I hope that future transactions still require some kind of authorisation. On a completely unrelated subject, what's your email address?

Re: Really?

Moneybookers is not new.... I used them back in 2007 to make online poker payments

Re: Really?

[Grishnakh]

I never said it was new, just that it seems to be one of the main competitors to Paypal. (You may have misread my statement, I said this thing from Square is new.) I don't know much about it except I've heard it's more popular in Europe.

Re:Really?

why not. well know and well understood. no hidden downsides.
credit and internet? that can get you in big trouble in a hurry.

Re:Really?

[ais523]

It's worse than that. In general, there's nothing stopping anyone sending an email from any address they like; the From: address is simply written onto the email by the sender, much the same way as there's nothing preventing someone sending physical mail writing any return address they like on the envelope. Of course, this makes it kind-of easy to spam, so various methods have sprung up over the years for people to validate the From: address on an email, but there's no universal method that will work for every email you might ever receive.

In general, you should never trust the From: address on an email for any purpose whatsoever other than determining who the sender wants you to think they are.

Re:Really?

[vlueboy]

We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

Probably perfect for frequent restaurant goers who like to split the bill but never have exact cash. One pays the full bill via Credit Card and gets compensated later. It's still a problem figuring out how accurate, and when that will be, besides the obvious matter of how trustworthy your friends are. Since google itself filed a patent for bill splitting just days ago, tons of copycat implementations will come up regardless of legality, and someone will smooth out the kinks.

Re:Really?

[Anubis+IV]

So true. I hadn't even considered spoofing at all.

And they do have some stuff in place to limit the damage that can be done (e.g. have to verify identity to send more than $250/week, and after that SMS confirmations get sent), but none of it seems like it will outright prevent these issues.

Re:Really?

... Receiver hands over BANK Account info. ...

When I receive money through PayPal, I then transfer to a bank account with a very low balance. A separate bank account has my savings -- transfers between the two bank accounts are made at a nearby bank branch, in person.
  PayPal doesn't have any of my valuable bank account details.

Re:Really?

Think of the convenience!

Re:Really?

We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

Hey! Cool! Can your coworker send me $15 too?

Re:Really?

[Mr.+Slippery]

given that anyone with the ability to send an e-mail from your account can also send funds from your bank account.

Since spoofing e-mail is trivial, sounds like anyone can send funds from your bank account..

Re:Really?

[mediocrist]

Because you get another email from Square asking you to confirm.

Re:Really?

[hawky]

nope, no fees on either side

Interac

[neoform]

Isn't this exactly the same thing as an Interac e-Transfer?

I've been sending money via email for many years this way.

Re:Interac

[aclarke]

That's because you're Canadian (I assume). Try to think like an American, because they don't use Interac.

Re:Interac

[Catskul]

There are many systems like this including POP money. The difference AFAICT is that this does not require bank participation.

Re:Interac

[neoform]

I guess I never really noticed that this was a Canadian specific thing. Seems I wrongfully assumed the US banking system had something similar.

Re:Interac

[LikwidCirkel]

From the summary: "Square asks the sending for their debit card info..."

That sounds like bank participation to me.

Re:Interac

[Catskul]

The bank doesn't need to sign up for a special program a la the OP's suggestion of Interac e-Transfer. It just uses your debit card functionality.

Re:Interac

And the fact that it takes around 1-2 hours to complete the transfer, not days.

Re:Interac

[icebike]

From the summary: "Square asks the sending for their debit card info..."

That sounds like bank participation to me.

Further, Square asks the Recipient for their bank account info.
That sounds even more like bank participation. Willingly or not.

How many people are going to receive an email purporting to be from Square offering an amount of money
which will give them a link to click to post their bank account details, directly into a website run by some 419 scammers?

Re:Interac

[Kalriath]

You know, in sane countries your bank account number is nowhere near sufficient information to enact a withdrawal from an account. I don't understand the US system where you have to protect your account number at all costs or people can steal all your money at all.

Re:Interac

[icebike]

A bank account number is not sufficient to enact a withdrawal in the US either.

But when combined with other information, its enough to give leverage to some major scammers, forgers, and check kiters, requiring you to spend all sorts of time fending them off, and answering questions.

For many years a company I worked for published their bank account number because they received a lot of business from Europe and payers liked to do wire transfers for some reason.

On multiple occasions people would use this number to phony up checks which they would successfully cash, or pay bills or whatever. In each case, our bank denied the payment. In many cases we would get calls from fraud investigators, asking if we knew this person or that person or had ever done business with this merchant 20 states away.

Now that company, (which I no longer work for) makes their payers request the bank account number in stead of publishing it on their web page, because there is no reason to make it easier for forgers, and having to deal with it takes time, even if they don't get your money.

If you are so confident that this is not the case in your country, publish details sufficient for someone to send you a wire transfer on some web site, and see how long it takes for you to start getting calls.

Re:Interac

[j-beda]

You know, in sane countries your bank account number is nowhere near sufficient information to enact a withdrawal from an account. I don't understand the US system where you have to protect your account number at all costs or people can steal all your money at all.

And a system where all that info is printed right on the front of every cheque you use. It is crazy that it is not more abused than it is.

Re:Interac

Canada definitely is light-years ahead with the Interac money transfer thing. I'm surprised it's taken this long for an American company to figure out how to do this. I view this a a vital service in our day and age.

Re:Interac

[RuffMasterD]

Sane countries don't use social security numbers as personal identifiers everywhere, including at banks. Bank account number + SSN = magic cash.

Re:Interac

[KJE]

One big difference is that Square isn't taking a buck fifty off the top, no fees at all to transfer money. As I mentioned earlier on twitter, they are probably eating the transaction costs to encourage people to sign up and put in their banking info so that the square network grows.

Re:Interac

[Kalriath]

If you are so confident that this is not the case in your country, publish details sufficient for someone to send you a wire transfer on some web site, and see how long it takes for you to start getting calls.

I - and every other company in New Zealand - already does this. Seriously, just search the .nz namespace for "bank account number" and you'll see heaps of them.

Re:Interac

[neoform]

That seems suspicious. What kind of business operates for free...?

Re:Interac

Square's actual business is being a payment processor for small businesses. They make a tiny widget that plugs into the headphone jack of a phone or tablet that can accept credit card swipes. They charge 3% on that, much of which probably goes to the credit card company, but the rest is their profit.

Square's long-term plan is to get the credit card companies out of the loop so they can take a larger slice of that 3% (possibly lowering the fee to businesses along the way if they can do the transfers cheaply enough). This e-mail payment system is their first step in being visible from the consumer side as a payment system. I'm not sure how they intend to integrate it into person-to-business payments, but I'm sure they have something planned.

What could possibly go wrong?

[Shirogitsune]

Obviously this is a front for the NSA so they can get rid of the traditional means of tracking bank transactions and just lump it all into the haystacks of email data the already collect! Government efficiency at it's finest! Brilliant!!

Sounds ready for abuse

So the From:, Subject, To:, and Cc: headers are what makes this work?

Not a bad idea, really, except that it can all be trivially spoofed, and the resulting set up/confirmation emails can be trivially intercepted and abused at will. Plus, of course, no easy drop-in encryption, and in the end it piggybacks on existing systems, so all the risks associated with them (like credit cards) will be neatly folded into the deal too.

Re:Sounds ready for abuse

[Catskul]

Virtually everyone has secure communication to their email provider these days. This is no more abusable than password resetting links that are regularly used for sensitive accounts.

Also I'm not sure if you caught that account numbers will not be transferred by mail.

Re:Sounds ready for abuse

[myspys]

And spoofed headers don't exist...

Re:Sounds ready for abuse

Virtually everyone has secure communication to their email provider these days.

Your average techie feels that everyone should have this by now, but that does not mean it isn't wishful thinking.

Even if it was "in the main" true, that's still not an assumption you can safely make and expect to hold strongly enough to bet your customer's data (and money) on. It is only but one link in the entire chain, and I don't just mean that the SMTP involved might fail to be secured somewhere. Trojans are popular these days and open up multiple ways of going after this, too. And so on.

This is no more abusable than password resetting links that are regularly used for sensitive accounts.

I'm not sure that's a valid security bound; being in wide use itself is not proof of security. It might not nearly be good enough for this purpose, and a lot more money might be riding on this. Who is carrying which risk, exactly?

Also I'm not sure if you caught that account numbers will not be transferred by mail.

That doesn't necessarily mean anything. Suppose the service is exactly that numbers need not be transferred over email. So manipulate the service itself instead--easy, especially if you can somehow control the originating email account you're good to go. If it turns out easy enough, we might even see botnets sign up their victims to this service for their convenience.

Re:Sounds ready for abuse

[Minwee]

Good point, but all that would do is prompt a confirmation request to be sent back to the "sender", who is either going to realize that he didn't initiate that transaction, or has already given all of his money away to a very helpful friend in Nigeria.

Either way, you won't be able to fake a complete transaction through Square, who really should have stuck to Final Fantasy instead of trying to reinvent the Interac e-Transfer.

Re:Sounds ready for abuse

[Catskul]

Most reputable email services offer sender authentication.

http://en.wikipedia.org/wiki/Email_authentication#Authentication_methods

Re:Sounds ready for abuse

Yeah this seems ripe for abuse.

Hey I'm trying to send you money! Just click on this link!

Re:Sounds ready for abuse

I would venture that you work for Square and have been assigned as the "Stop /. from giving this cool new feature a bad name" consultant.

Re:Sounds ready for abuse

[hawaiian717]

Virtually everyone has secure communication to their email provider these days.

And virtually nobody has secure communication between email providers. So there's a good chance that at some point along the line, your email is being transmitted across the Internet in the clear. Secure IMAP/POP/SMTP is good for protecting your authentication credentials (password), but if you want to protect the contents of your email, you need an end-to-end solution like PGP or S/MIME.

Re:Sounds ready for abuse

It also has two stage authentication, essentially. 1) Email, 2) Debit card info. Assuming the debit card info is via Square's secure website.

Re:Sounds ready for abuse

Interac e-Transfer doesn't exist outside of Canada. Square makes those CC readers for smartphones and has a wireless payment system that Starbucks in the US adopted. Square Enix made Final Fantasy.

But to be fair, Paypal, dwolla, and Google Wallet have been facilitating ACH transfers between random consumers years, so Square isn't doing anything novel regardless.

Re:Sounds ready for abuse

[Minwee]

I really need a signature that says "That was the joke".

What could possibly go wrong...

Request for debit card information over e-mail. What could possibly go wrong?

Blame Canada

[guytoronto]

We've been able to do this in Canada for quite a while now using Interac e-Transfer. http://www.interac.ca/en/interac-etransfer/etransfer-detail

It's incredibly convenient, and only takes a few hours to transfer funds.

Re:Blame Canada

[c-A-d]

I won't use it. Sending secure banking information over insecure email doesn't really do it for me.

Re:Blame Canada

[guytoronto]

It's not secure banking information over email. The email contains a link that takes you to a redemption site. No sensitive information is in the email. Everything is contained on secure servers - just like your bank account.

Re:Blame Canada

[LikwidCirkel]

No banking information is sent over email with Interac E-Transfer. That would be dumb. The recipient only gets a link and a user-chosen hint for a one-time password. In most cases, one can simply enter a bogus hint and tell the recipient the password over a more secure channel, like face-to-face.

Re:Blame Canada

[Russ1642]

In that case you don't send anything insecure over email other than a link to the interac site. You also set up a password that you share with the receiving party by phone or some other method.

Re:Blame Canada

[Garridan]

RTFS. You only send the amount. Who you're paying and how much is insecure, but when you get an email from Square, they send you a link where you put in your bank info.

Of course, this will spawn a cottage industry of phishers, but you shouldn't worry about phishing -- you're already paranoid. Worry about your grandma getting phished.

I want CASH Now !

I think they have underestimated the desire for instant gratification.

unless of course they can make the recipients phone immediately make some noise designed to invoke an involuntary Pavlovian response

Bitcoin

[Austrian+Anarchy]

I still prefer the Bitcoin schemes. Now, if I only had some bitcoin to toss around :(

Re:Bitcoin

[PRMan]

Why would you get rid of your precious bitcoins this week when they are going up, up, up. Meanwhile, the US dollar may be in trouble really soon...

Re:Bitcoin

If you think BTC are more likely to be worth more relative to USD than less very soon, and you have USD that you don't need, then why haven't you traded your USD for BTC?

Re:Bitcoin

Hilarious if you think that the US economy is going to go down the toilet but a bunch of nerds running computers attached to the internet are going to be "going strong" afterwards.

Re:Bitcoin

Hilarious if you think that the US economy is going to go down the toilet but a bunch of nerds running computers attached to the internet are going to be "going strong" afterwards.

Because we all know how economic disaster somehow makes all the computers break...

Re:Bitcoin

Why would you get rid of your precious bitcoins this week when they are going up, up, up.

For the same reason I'd buy a computer today rather than wait a year for better specs at the same price: I'm not an idiot and I need things done now, now, now.

I don't understand how this is new.

[LikwidCirkel]

If they charge you by debit, the assumption is that you need a bank account somewhere. Most bank accounts already allow one to send an "Interac E-Transfer" to any email address for a relatively low fee. I've done it multiple times. Maybe it's just a Canadian thing.

Why would I want to introduce a third party into this, when I can already do it through my existing bank?

Re:I don't understand how this is new.

[LikwidCirkel]

Even worse, is that the summary claims "1 to 2 business days". Interac E-Transfers take minutes.

Re:I don't understand how this is new.

[metrix007]

That's only in Canada. Not the US.

Re:I don't understand how this is new.

Person-to-person transfers in the US banking system are a pain. In practice, I either (1) just use cash, (2) use PayPal (ick), or (3) use my bank's "mail a check" feature... which the person on the other end will likely take a photo of and use their bank's "upload a check image" feature.

Re:I don't understand how this is new.

Interac E-Transfer is only available in Canada and is almost exactly the same. Interac E-Transfer is a third party.

Re:I don't understand how this is new.

[Capt.DrumkenBum]

You US people really need to get with the 21st century.

Re:I don't understand how this is new.

It's called paypal. Sending money to people really isn't that difficult.

Re:I don't understand how this is new.

[gl4ss]

but paypal isn't a bank.

it's funny how supposedly 1st world nation has a banking system of a 4th world nation.

cheques.. paychecks to hand.. all that shit from the mid 20th century. and yet at the same time so many checks for money laundering. it's schitzo.

So can I send myself an email?

[gameboyhippo]

What's stopping Eve from sending herself an email from a novice computer user and having said user give out their card info? Since anyone can send an email using any email address, this feels problematic.

Re:So can I send myself an email?

[ImprovOmega]

It certainly opens up the door for phishing scams where you spam Square with spoofed header transfer requests and hope that some percentage of people who get the legit emails from Square fill out the form and complete the transfer. But in and of itself it is not any more risky that Paypal or giving out your credit card info over SSL to a trusted company.

Re:So can I send myself an email?

[Garridan]

Said novice computer user would probably be like 'who is this Eve person and why does this strange website want my credit card info?!?' and trash the email. The more likely targets are the semiliterate, who are familiar with the service. They'll fall for the "pay $3 and I'll send you $100!" bullshit, get greedy, and give their credit card to a non-genuine site without noticing. Or... straightup fall for the "pay $3 and I'll send you $100" bullshit and give their credit card to the completely genuine and complicit Square, and never report it 'cause they're embarrassed about getting duped.

Wait....

[Kenja]

So all I need to do is email some anonymous database my credit card information? What could go wrong?

Sorry, what?

[gstoddart]

And why on Earth would I trust Square?

See, banks have mechanisms in place to do this. And banks are regulated.

Square wants to become a middle-man for these transactions, but they aren't a bank and aren't regulated like one.

Which means when (not if) Square fucks up, you'll be dealing with a company in terms of their EULA which says "we're not a bank, and not actually responsible for anything". With a bank you have some recourse.

Given how video game companies have been faring with security and protecting of this kind of information, my first thought is "how long before they have a security breach, and what recourse will you have".

Sorry, but I'll stick with using banks to transfer money.

Re:Sorry, what?

[ImprovOmega]

From what I understand Square is a credit card processing service, which means they fall under certain other regulations. Not quite the same as banks, but certainly not out in the wild west as far as regulations go. I've known several small business owners who used them for credit card payments for a while now and both owners and customers seemed happy enough with the results.

Re:Sorry, what?

... And banks are regulated.

Ahahahahahahaha! Man, that was a good one!

Re:Sorry, what?

[SydShamino]

So when you go to a store to buy something, you ask the guy behind the register to follow you to a bank to complete the transaction?

No, I didn't think so. Instead, if you don't use cash everywhere, you probably hand the guy behind the register your credit card. If his register looks iPad shaped (and, in my experience, any new business that has opened in the past two years has registers that are distinctly iPad shaped), then he's processing your credit card through Square or a similar service. So you already trust them.

Re:Sorry, what?

[Megane]

Subtle troll is way too subtle. Needs some references to FFXI/FFXIV payment problems.

Re:Sorry, what?

[Kalriath]

Yeah, like how Square will stop accepting payments due to flaws in the service, and keep sending out payments to recipients?

Ridiculous that it takes a 3rd party

[metrix007]

Why does the US have such an antiquated banking system? Hell, a lot of places still need checks because they won't take plastic!

I've had bank accounts in the UK, Australia, Germany, Canada and the US.

Canada is basically the US in this context..banks are no better. They do have email money transfers though.

Which is something every other damn country has. A way to transfer money between bank accounts of individuals securely and free. The only option in the US has been paypal or chase quickpay.

Not to mention the reliance on checks (ridiculous!) and the problems with ACH fraud. Again, in no other country has my account number been secret information which I have to protect. The worst thing people could do is put money into my account.

So many issues....

Re:Ridiculous that it takes a 3rd party

[Antipater]

Hell, a lot of places still need checks because they won't take plastic!

What part of the US are you visiting? Even traveling food trucks take plastic nowadays, unless you're out in the middle of the Carolina High Desert or the Kentucky Jungles or someplace.

Re:Ridiculous that it takes a 3rd party

Planet Money just covered some of these issues on their show.
http://www.npr.org/blogs/money/2013/10/04/229224964/episode-489-the-invisible-plumbing-of-our-economy

Re:Ridiculous that it takes a 3rd party

Not to mention the reliance on checks (ridiculous!) and the problems with ACH fraud. Again, in no other country has my account number been secret information which I have to protect. The worst thing people could do is put money into my account.

So many issues....

It doesn't have to be secrete in the US either. In fact, your account and routing numbers are on every check you write.

Re:Ridiculous that it takes a 3rd party

[PRMan]

Because the banks are used to getting massive fees and delaying all payments for 3 days. Why should they change anything?

Re:Ridiculous that it takes a 3rd party

[metrix007]

I've lived in the US for some time, based in NYC.

There are still a lot of places that won't take plastic. Rental agencies, for instance.

Re:Ridiculous that it takes a 3rd party

[SydShamino]

What are you trying to rent? I've rented everything from cars to tuxes using a credit card, never cash. The only rentals that I imagine are a cash-only service involve illicits. NYC is different from the rest of the country. Here in Texas, even the taco trucks take credit card (alongside U.S. cash, and sometimes pesos).

Re:Ridiculous that it takes a 3rd party

I live in about as backwoods a city as exists in the North: Indianapolis.

I haven't written a check in over a decade. I use my check card for everything, instead, or EFT (Popmoney) via my bank's website for the couple times a year I need to email someone some money.

Want to bitch about banking? Go visit Japan on vacation. It's an eye-opener.

Re:Ridiculous that it takes a 3rd party

As I understand it the reason many businesses don't take CC's is that there is a fee for each transaction, and from what I've heard it is steep. I would assume that is the reason many take cash or check only.

Re:Ridiculous that it takes a 3rd party

[jader3rd]

Why does the US have such an antiquated banking system?

Because it works and the votes to change it didn't make the majority which was needed to change the system. The Invisible Plumbing Of Our Economy is a really good listen and answers your question pretty thoroughly. In the IK there was a mandate from the government to speed things up. Given all that's happened with the Great Recession it's apparent that the US government doesn't have the power to mandate anything to the banks.

Re:Ridiculous that it takes a 3rd party

[NoImNotNineVolt]

Gee, I dunno. When someone talks about paying rent, you think they're talking about cars and tuxes?

Many people rent a residence. To live in. As shelter. Apparently this is uncommon in Texas?

Re: Ridiculous that it takes a 3rd party

[Badblackdog]

What are trying to rent? You can't rent a car or much anything else without a CC.

Re:Ridiculous that it takes a 3rd party

Do you really think "rental agency" when you "pay rent"? I've never payed my monthly rent to a "rental agency", in Texas or anywhere else.

Re:Ridiculous that it takes a 3rd party

[NoImNotNineVolt]

Do you really think "rental agency" when you "pay rent"? I've never payed my monthly rent to a "rental agency", in Texas or anywhere else.

Let's ask Google.

Judging from the first page of hits... yea, I'm not the only one to associate a "rental agency" with "paying rent" with "an apartment".

Re:Ridiculous that it takes a 3rd party

[vux984]

Who can blame someone want to rent a residence for not taking plastic? Care lease companies don't do it either. Nor my condo maintenance fees.

But here in Canada at least, all those types support (and prefer) pre-authorized bank withdrawals as payment method.

The ONLY thing I regularly still write cheques for is the kids school stuff - field trips, hot lunch day, etc.

I had to pay the contractor who came to fix the hot water tank by cheque a couple years ago because he wasn't carrying around a mobile cellular enabled credit card machine. (And I can't say I really blame him -- those aren't cheap, and cellular data service isn't ubiquitous. Hell, I live in a hilly area that part of a major metro area, and there are parts of my own street that don't have a good reliable cellular data link. I've had the pizza guy wander around into the middle of the street holding the machine over his head a couple times to get a good enough data signal. :)

There are lots of places that are a lot worse. So I can understand those guys still taking cheques.

Re:Ridiculous that it takes a 3rd party

[Kalriath]

Usually $0.20-$0.50 per transaction plus 2% (assuming blended, otherwise if it's interchange plus, it depends on card type, merchant type, whether the card has a rewards program, business or personal card, etc).

Re:Ridiculous that it takes a 3rd party

[j-beda]

Who can blame someone want to rent a residence for not taking plastic? Care lease companies don't do it either. Nor my condo maintenance fees.

But here in Canada at least, all those types support (and prefer) pre-authorized bank withdrawals as payment method.

The ONLY thing I regularly still write cheques for is the kids school stuff - field trips, hot lunch day, etc.

I had to pay the contractor who came to fix the hot water tank by cheque a couple years ago because he wasn't carrying around a mobile cellular enabled credit card machine. (And I can't say I really blame him -- those aren't cheap, and cellular data service isn't ubiquitous. Hell, I live in a hilly area that part of a major metro area, and there are parts of my own street that don't have a good reliable cellular data link. I've had the pizza guy wander around into the middle of the street holding the machine over his head a couple times to get a good enough data signal. :)

There are lots of places that are a lot worse. So I can understand those guys still taking cheques.

Our kids' schools now take almost all of their field trip, etc. fees online: https://www.schoolcashonline.com/ - they do a bunch of Canadian and US schools. I like this a whole lot.

Square does CC processing in Canada as well for the past year or more using a little dongle for your phone/tablet (android or ios) that they will send you for free. I think their service works cross-border if you want to make charges in the US or Canada http://square.ca/ Square will work over wifi or cell data I believe.

Re:Ridiculous that it takes a 3rd party

[metrix007]

What about debit cards?

Re:Ridiculous that it takes a 3rd party

[Cimexus]

As an Australian who moved to the US this year, I agree. I was shocked that:

1. Cheques/checks are still actually used. Prior to moving to the US I had never written or cashed a cheque. I don't think I've even ~seen~ one in Australia since the early 90s.

2. There is no simple, quick way to pay other people electronically (regular individuals, not companies). In Australia you just log into your internet banking, click "transfer, to 'other bank account', type recipient's account number and hit send). Works from anyone, to anyone and has no fees. Giving your account number out is not a problem - it's not secret information and the only thing you can do with it is deposit money, not withdraw. You can kinda do electronic transfers with some US banks but it requires you to set up a 'link' between the accounts first or only works to/from certain banks. For ad hoc payments to strangers, you're stuck with using cash or a check (slow!) in the US. There are wire transfers but they have large fees and are slow as hell.

3. There is no universal bill payment system similar to Bpay. Back in Australia, all my bills were paid in the same way: log in to internet banking, select "pay bill", type in the biller code and customer reference number printed on the bill, send, done. Electricity, internet, rent, traffic fines, insurance ... any bill was payable this way. In the US you can pay things online but only by going to a different place for each bill (utilities provider's website to pay utilities, some other online payment system from my internet, etc etc.)

Americans by and large that I've talked about this with seem oblivious just how backwards their banking system is compared to everywhere else in the developed world. They point to third party services like Paypal and Square as equivalents, but they really aren't. They are slower, often have fees, involve a third party, and aren't universal. I like living in the US in most respects but God, dealing with money drives me nuts. It's like the 1970s again.

Re:Ridiculous that it takes a 3rd party

[swillden]

The only option in the US has been paypal or chase quickpay.

You can now send money with Gmail.

Re:Ridiculous that it takes a 3rd party

Interac over email isn't free. Service fee is pretty reasonable tho. I think it is $1.50.

Re:Ridiculous that it takes a 3rd party

Why does the US have such an antiquated banking system?

Honest answer: more or less the same reason their government is shut down at the moment, politics and ideology.

America has dismantled many of their regulatory systems (starting with Reagan and Bush 1), the Republicans find the idea of regulations offensive because they believe anything the government does is wrong and more than it should be doing. Because the market is supposed to be infallible and perfect.

And anything which cuts into corporate profits or actually imposes rules is considered 'teh ebil' and leads to howling and screeching about Socialism.

So, it's because they have politicians who are so focused on being business friendly (and dismantling what government they have left) -- anything which isn't directly going to boost profits for a bank isn't done.

The rest of the world just looks at the US and thinks they're half insane, and if the Republicans ever got what they wanted there would be major chaos. To some people, the clusterfuck which would happen from killing off the last of government and government regulations is practically a holy war that needs to be brought about.

The answer to your question is greedy douchebags with an agenda of deregulating everything and allowing corporations to do whatever they please. Rigid ideology where one set of actors more or less wants to destroy the system as it exists. You could even consider the Tea Party to be terrorists, as they more or less expect the rest of the country to live with the fallout of their economic policies. It's a policy which is awesome for the wealthy, and basically says the rest of us can fend for ourselves -- as in 'let them eat cake'.

And people will immediately start defending 'the market' as awesome, talk about the Austrian school of Economics, and start quoting Ayn Rand. To those people I say ... you're full of shit, and the stuff you cling to is all lies. 'The Market' is neither perfect nor good. And taking away all of the regulations around industry just means more companies will cut corners -- and simply not buying dangerous products isn't really an economic choice when you don't know they're dangerous in the first place.

Basically they believe unregulated Capitalism is the only way to go, and anything less than that is a sign of a great evil upon the land.

Re:Ridiculous that it takes a 3rd party

[metrix007]

Yup, I'm also Australian, and these were my main gripes. I was just too lazy to write them up as eloquently.

Out of curiosity, a friend asked me how individual contractors would be paid in Australia if they didn't take plastic. I guess in that instance a check might be used?

Re:Ridiculous that it takes a 3rd party

In Germany, you can buy things by giving your bank account details rather than your credit card.
The company will then request the money from your bank and the bank will transfer it. It takes around two days to complete.

Honestly I don't know what the safety net behind all of that is, but I wouldn't want to find out the hard way, so yeah, I'd say at least in Germany you should try to keep your account data a secret.

Re:Ridiculous that it takes a 3rd party

[Cimexus]

I've had contractors in Australia that just ask for payment via direct electronic transfer (i.e. they give you a BSB + account number). But most have the mobile EFTPOS/card terminals these days I think.

Subj: $lots From: you To: me CC: these launderers

[Joining+Yet+Again]

Thanks for all the money, folks!

So?

Chase has QuickPay. Venmo exists.

What's the big deal.

Re:Won't take off, but may Rip You Off

[icebike]

Drug Deal!

Except Drug Dealers don't keep Bank Accounts. Its a cash and you are carrying business.

This requires you to give Square Your debit card info, and makes your recipient give you THEIR bank details.
Seriously, the NSA couldn't have dreamed up a move invasive scheme. What could possibly go wrong with that?

Left unsaid in the linked article, (and also the Square website) is how square is going to monetize this, other than by
*cough* losing one out of a hundred payments. They claim the service is free. FAQ Here to both parties. So, how do they finance that, other than getting a piece of the debit card fee? (Senders have to use a Debit card).

One wonders just how much the debit card fee is jacked up to allow Square to assume the risk for this type of service, and handle the deluge of complaints and lost payments claims. And how many will be suckered into handing over their bank info to a 419 email purportedly from Square.

World Plus Dog is rushing to mobile payments, but I'm not so sure this is well thought out.

Interesting angle ...

Interesting idea that Square have come up with.

This will only be their first step. The next goal will be to have all transactions take place using their own currency denomination, Gil (G). From there, they can bypass the online gambling ban and provide real-time Chocobo Racing streamed into the home.

Re:Interesting angle ...

BWAHAHAHA! Seriously, this AC needs a funny mod.

Training users to click on links in their inbox

[Floyd-ATC]

How many times must people be hit in the head with a clue bat before they understand that this is a Bad Idea[tm]

Re:Training users to click on links in their inbox

[Animats]

How many times must people be hit in the head with a clue bat before they understand that this is a Bad Idea[tm]

Big companies are encouraging this, by sending emails that meet all the criteria for phishing emails. I just got a receipt email from Virgin Mobile after making a payment. The path taken by the mail goes through "mh.nextel.m0.net", "oms16.dc1.prod" (which isn't even a valid TLD), and "cmil278.amdocs.com". The mail text is base-64 encoded HTML only, no text version. That just screams "hostile code".

How are people supposed to recognize phishing emails with legit companies sending crap like that?

"m0.net" says on their site "This domain is owned by Acxiom Digital, a leading provider of email marketing solutions for Global 2000 enterprises."

Re:Training users to click on links in their inbox

[Megane]

Not that it helps make it look less like phishing, but I seem to recall that m0.net is a big bulk remailer for non-spam e-mail. I'm sure I've gotten stuff via them before, possibly from Apple. But nothing else in that mail path looks kosher.

Re:Training users to click on links in their inbox

.prod is a valid TLD; it's not open to the public for registration, though.

Open Relays FTW

[Fenixfyre42]

telnet random.openmailrelay.com 25 HELO victim.domain.com MAIL FROM: victim.email@victim.domain.com RCPT TO: dummy.prepaid.card.email@badguy.com DATA CC: cash@square.com SUBJECT: $1,000,000 Here is the payment I promised. . QUIT Profit!

Re:Open Relays FTW

[SydShamino]

So when victim.email@victim.domain.com is asked to validate that he wants to send $1,000,000, and is asked to provide a debit card for the transaction, he'll go along with it because the email says he originated the request?

Re:Open Relays FTW

[Capt.DrumkenBum]

Never bet against stupidity.

Re:Open Relays FTW

[CCarrot]

So when victim.email@victim.domain.com is asked to validate that he wants to send $1,000,000, and is asked to provide a debit card for the transaction, he'll go along with it because the email says he originated the request?

Sounds like (from TFS) once victim.email@victim.domain.com has sent money to someone, somewhere, their account details are helpfully stored by Square to 'streamline' the process next time...so unless Square sends an 'are you sure you want to do this?' email before transferring funds, the hapless victim might just get a 'you sent money!' confirmation email.

If this gains any traction, sounds like a pretty good profit percentage for scammers and spoofers. Hell, it'll be even odds whether the original spoof email will rake in more cash via direct transfer, or if the spoofed 'You sent money!' emails, with a helpful link to contest the payment (after 'verifying' your bank details, that is) will beat them out for profit margins.

Yeah...no.

Re:Open Relays FTW

I'd be more worried about the latter. I'm assume Square is capable of checking for signs the e-mail is spoofed. Between SPF and DKIM most domains don't allow for e-mail spoofing anymore. Phishing can only be reduced, not eliminated, by technical solutions though.

A Phisher's Delight!

[Slashdot+Parent]

To use this system, I get an email, purportedly from Square, asking me for my debit card information. What could possibly go wrong?

And could someone please tell me why we can't just do bank-to-bank transfers like they do in Europe? We're getting closer now. Through B of A, I can send money to a phone # or email address (is this just PopMoney?), but I've never tested the UX on that to see if it's a pain in the ass for the recipient.

Re:A Phisher's Delight!

[jader3rd]

And could someone please tell me why we can't just do bank-to-bank transfers like they do in Europe?

Because all banks have an interface to the clearing house, and the clearing house was designed to replace guys driving up with trucks full of checks and swapping bags, so the code in the clearing house was designed around the model of every player showing up once a day with a batch of transactions and swapping information. The banks wouldn't make any money by doing faster transfers to their competitors, so why would they change?

Re:A Phisher's Delight!

[Slashdot+Parent]

The banks wouldn't make any money by doing faster transfers to their competitors, so why would they change?

Uhh, maybe because people want features that make their lives easier, and people will bank with banks that give them what they want?

Bank of America is a great example. They give me free payroll services, free business remote deposit capture, next business day deposit funds availability, and a platform that integrates all of the features seamlessly. Well, guess what, I do all of my business banking with them because they make my life easier with crap that basically costs them nothing.

And because everything integrates so easily and I can do so much electronically, they get first crack at my all of my banking needs, business and personal. When I buy a new investment property? I call B of A and let them match whatever deal I can find for financing. HELOC for my personal residence? Same deal. They make decent money from me by making me actually want to do business with them.

This concept used to be practiced by successful businesses large and small. I'm not sure when we went from customer-focused to customer-antagonistic business practices, but here we are. Anyway, that's why I think banks should be tripping over themselves to offer this service. That, and the fact that it's much cheaper for banks to process electronic transactions than to process paper check transactions.

Re:A Phisher's Delight!

[jader3rd]

Uhh, maybe because people want features that make their lives easier, and people will bank with banks that give them what they want?

True, I'm not arguing with that. It's possible though that when looking at all of the services offered by banks, being able to handle transactions faster may not get many customers. If the cost of implementing a 'fast' system that would have work along side the existing system, is greater than the profit of those customers they get, they won't implement the system. Even if they got new customers, it would result in a negative return on investment. If any bank thought they could do it profitably, they would. But since the professionally studying this must have concluded that it wouldn't be profitable, they haven't done it.
And I wasn't talking about using paper checks instead of electronic transactions, I just mentioned that the existing electronic model is acting as if we were still using paper checks for everything.
Right now you can transfer money instantly. It's called a wire transfer. There's usually a $20-$25 fee for it. The banks don't have much motivation to get rid of that fee.

Re:Won't take off, but may Rip You Off

[surmak]

They claim the service is free. FAQ Here [squareup.com] to both parties. So, how do they finance that, other than getting a piece of the debit card fee? (Senders have to use a Debit card).

The get the 1-2 days of float on the translation. That may be enough to enable them to make a little profit.

Sorry.

[fahrbot-bot]

I don't have a debit card - and never will. They're evil, and unnecessary/stupid for people that have a CC and pay it off every month...

Re:Sorry.

[SydShamino]

You can't get cash for free out of your credit card. You can at almost every store that takes debit cards, for no extra effort or fee.

Re:Sorry.

[xaxa]

I don't have a debit card - and never will. They're evil, and unnecessary/stupid for people that have a CC and pay it off every month...

The merchant's fees for a debit card tend to be fixed, but for a credit card they're a percentage (I think this is the same in the US as it is here). There's also no limit beyond the amount in the account, and it's much more difficult to reverse the transaction, i.e. more trusted by the merchant.

If I were buying a car, I'd use a debit card (my credit limit is £3000, though they'd probably increase it if I asked). I paid the deposit to rent this flat using a debit card. Airlines usually charge a fee for paying by credit card, which they don't charge if paying by debit card.

Re:Sorry.

[black3d]

The opposite tends to be true.

If you have money to pay off the CC, then the credit card is unnecessary and stupid. Why would you need to maintain a line of credit just to pay it off with cash you already have? This is where a debit card's perfect. It's a credit card you can use everywhere and costs you less to run. While most online vendors may charge you a credit card fee even for using a debit card, almost no retailer ever will. To them, it's just an EFTPOS card. You gain the convenience of a credit card with the general fee-freeness of an EFTPOS card.

Where the evil comes in is that the whole premise of the credit card is the financial institutions hope that you *can't* pay it off by its due date, at which stage they get to start charging you interest.

If you have the cash to pay off a credit card, then I can't see any good reason to have a credit card instead of a debit card. To pay more fees? How's that a bonus for you?

Re:Sorry.

American vs European biases - it is generally not allowed to charge customers a fee for using a credit card in the US, so the credit card has better consumer protections, often rewards of some sort and no extra costs if you pay it off every month, so it seems silly to a lot of us to use a debit card unless we want to do cash back. Oddly enough, there are even a few credit cards with no fee for cash back - I have one for Sam's Club (Walmart's Warehouse store) where I can get up to 60 cash back per visit and up to 200 per month without a fee. I suspect that allows them to make slightly smaller bank deposits and so they encourage using it.

Re:Sorry.

[fahrbot-bot]

I don't have a debit card - and never will. They're evil, and unnecessary/stupid for people that have a CC and pay it off every month...

The merchant's fees for a debit card tend to be fixed, but for a credit card they're a percentage (I think this is the same in the US as it is here). There's also no limit beyond the amount in the account, and it's much more difficult to reverse the transaction, i.e. more trusted by the merchant.

If I were buying a car, I'd use a debit card (my credit limit is £3000, though they'd probably increase it if I asked). I paid the deposit to rent this flat using a debit card. Airlines usually charge a fee for paying by credit card, which they don't charge if paying by debit card.

All probably true, but your account can't get drained with a CC and you can simply challenge a bad expense on your CC statement w/o having to pay for it while it's under review (and other CC protections are at least, if not better, than for a DC). While you have to ask (beg) your bank to get your funds back stolen with a DC and handle any bounced payments, etc... (which a nice bank *might* handle and waive fees) - I don't like that. You also get a one-month float on your CC charges.

I have a no-fee CC and I buy most things using it and pay it off every month; I have never paid interest. I also have another CC from BofA that supports virtual CC numbers (Shop Safe) for on-line purchases (each number/ccid is unique and I can set the limit and exp data, the first merchant to use it is the only vendor that can use it, and I can revoke it at any time).

As for buying a car, I'd simply write a check (same as debit card), though my platinum CC credit limit is actually sufficient for buying a car :-)

Ultimately, I like having a buffer between my merchants and my bank account.

Re:Sorry.

Rewards points and consumer protection. I put all of my monthly disposable expenses on my AMEX and pay it off each month. I get extra value from that as opposed to using cash or debit card. Rewards add up quick when you spend $2000 a month on it...

Are you aware of how many protections you get when you purchase things on an AMEX?

I don't pay any fees on my credit cards... Who does that?!

Re:Sorry.

[black3d]

On my debit card I get the regular VISA protection which I've had to call on a couple of times to get fraudulent charges removed. My partner has had the bank call her to ask if her debit card was really being used in Manilla. Generally I guess the protection you get varies between banks and providers, but I've been happy with the service I've received. One of the limitations of a debit card is that you can't perform "I got the service I paid for but decided I didn't like it so want my money back" charge-backs.

Rewards, now there's the first real reason I've heard that it can be useful to have a credit card. :) I'm not denying there are any positives to CCs, was simply calling out OP on his inability to name them, and his labelling of debit cards as "evil and useless" as somewhat ridiculous considering the alternatives. Most people can't pay off their CC each month and end up in debt. CCs let people spend beyond their means - it's the whole idea of them. Unfortunately, also, many folks DO pay fees on their credit cards. Also, many people are stupid. Just saying, debit cards aren't, per se. :)

Re:Sorry.

[fahrbot-bot]

On my debit card I get the regular VISA protection which I've had to call on a couple of times to get fraudulent charges removed.

See here's your confusion. Charges are removed with a credit card, funds are restored using a debit card. I don't want to have to ask my bank for my money back (that's the evil part). While your ultimate protection using a DC may be similar (or equal) to that of a CC, your immediate protection is greater using a CC.

Now you're correct that a CC is dangerous in the hands of the undisciplined, but, as I said, I have *always* paid off my CC every month. As for the benefits of a CC over cash? A one-month float on my money is one, not having to carry cash is another.

Finally, as I said elsewhere, I like having a buffer between my merchants and my bank account.

Re:Sorry.

[Violet+Null]

If you have the cash to pay off a credit card, then I can't see any good reason to have a credit card instead of a debit card. To pay more fees? How's that a bonus for you?

I have an American Express Blue Cash card; I get ~$400 in cash back every year, and there's no annual fee.

(In addition, the last I looked, the consumer protection on a credit card was better than a debit card, though that may have equalized in recent years.)

Re:Sorry.

[Cimexus]

I used to think like you, but once you get a credit card that has perks like free travel/car rental insurance, X% cashback on purchases etc etc. I realised credit cards can be a good deal. But only if:

- It's a zero-fee card (no annual fee); and
- You have the discipline to ensure it's paid off each month so you incur no interest.

(Additional point relevant only to the US: keeping a credit card or two open helps build your credit score too. This is not a concern in other countries like Australia that work on a negative credit reporting system rather than a positive one).

Re:Sorry.

[repetty]

Credit card buyer protection is all the reason that I need.

It's my negotiating sledgehammer. I *always* win.

End of story.

I have sent you $50!

[TheSpoom]

Simply click this link and input your debit card details! I promise nothing bad will happen.

Re:Won't take off, but may Rip You Off

[cayenne8]

One wonders just how much the debit card fee is jacked up

Thankfully...I don't have/use a Debit Card. I ask my bank for a plain, simple non-debit ATM card.

I use that when I need cash to carry around for the week...and I'm good to go.

I still prefer the anonymity of cash, and since it doesn't abstract the spending of your money (much like chips in a casino)...I have a better feel where my money is going every week for living expenses (groceries, etc).

Exchange cost

[tepples]

Probably because someone doesn't think BTC is going to go up enough to offset the cost of wire transfers in and out of the USD-BTC exchanges.

Re:Won't take off, but may Rip You Off

[shaitand]

Square requires your debit card info and SQUARE gets the recipients bank account details not the guy paying.

Gmail has started to roll this out too.

[oOkathyOo]

Starting this past May or so, many Gmail users received a new "Attach Money" option that lets them send money through a Gmail email. It's integrated with their Google Wallet, which stores credit card info and uses that for payment. You can see more details at: https://support.google.com/mail/answer/3141103?hl=en I saw the "attach money" option appear just last month for me, while composing a new email. It seems a lot more convenient than registering for a new Square account and using their strange "subject and cc" method. I'd expect the Gmail version to be much more likely to catch on than this Square one.

Re:Gmail has started to roll this out too.

"It's free to send money using your Google Wallet Balance or your bank account linked to Google Wallet. To send money using your credit or debit card, there is a flat fee of 2.9% per transaction (minimum $0.30)."

Re:Gmail has started to roll this out too.

[tapi0]

I don't know about you, but if my email provider suddenly added an 'attach money' option and stored my card details I'd be thinking of moving to another provider that didn't integrate everything. I'm sure there's more checks and balances and probably a 'verified by visa' stage each time (please god, I hope so). But my gut feeling is not good on that one.

It does look as if google have some good systems in place to detect hijacks, but the sheer amount of 'my gmail account has been hijacked" tales you hear don't add up to a warm fuzzy. At least with the system here (and the Canadian forebearer) they're separate entities.

Re:Gmail has started to roll this out too.

[linuxguy]

> ... if my email provider suddenly added an 'attach money' option and stored my card details I'd be thinking of moving to another provider that didn't integrate everything.

Wouldn't it be easier to not share your credit card details with the email provider? Rather than move away to another email provider?

Re:Gmail has started to roll this out too.

[tapi0]

I'd be thinking of it as I'd consider it a sign that they weren't thinking things through properly, from my perspective not theirs obviously.

Re:Gmail has started to roll this out too.

[linuxguy]

I imagine that you buy stuff over the internet, or hand your credit card to a high school kid working a part-time job at a restaurant. Do you perform the same level of evaluation at all these places?

Re:Gmail has started to roll this out too.

[tapi0]

Yes to the first, no to the second (I think it's a uniquely American thing, to hand over credit cards to anyone to take away, and often unsigned? Or maybe I just watch too much TV - do you really do that?)

And my point was that if my provider had two services - email and credit card storage, of which I may be happy to trust and use both - and then one day, as the parent states, a new 'attach money' option appeared then I'd be wary. It sounds like there was no option and whilst I may trust both services independently I'd like the option to decide if I wanted to link the two. Therefore the provider isn't winning my confidence.

the decision to not hand over my card details was not available as I was already using the service that, until that point, remained separate. Of course, as I said in my opening statement - there may be other safeguards that would make me think differently but in the presented scenario I'd be concerned.

Squaresoft

[tepples]

Given how video game companies have been faring

From what I understand Square is a credit card processing service

I think it might have been a pun on Square Enix, the company behind Rad Racer and Chocobo Racing.

Re:Squaresoft

From what I remember, they were first just Square, then Squaresoft, then Square Enix.

Re:Won't take off, but may Rip You Off

[icebike]

Square requires your debit card info and SQUARE gets the recipients bank account details not the guy paying.

Yes, good catch, that't what I meant to type, but my fingers occasionally get ahead of me.

Still, Square ends up knowing a whole hell of a lot about people who may use the service exactly once.
We can only hope they have good security, because a break-in of their site could cause wide spread
financial chaos.

They have to keep lots of backup, simply to protect themselves and research transactions. Presumably all of their data is heavily encrypted, and they have off-site backups other than the NSA.

Re:Won't take off, but may Rip You Off

[AJH16]

I don't know about having a better feel where your money is going. I can get an exact list of everything I purchased in an easily accessible online format. It is hard to have a better idea where my money is going than that. Granted, I use credit cards only as the consumer protection laws are far better for credit cards than debit. Someone makes off with your debit card, you are screwed, someone makes off with your credit card, as long as you report it reasonably quickly, you owe nothing for charges that aren't you.

That said, you have to have the personal responsibility to not spend more than you have, but if you can do that, you get great credit from great companies with great perks. I save 1% on everything I purchase and 5% on all my gas purchases, and when I go to buy a house, my credit is so good it will save me serious money on interest rates. It also got me a 1.99% interest rate on my car purchase, which is cheap enough to mean that I'm better off investing money rather than paying off my car early.

Re:Won't take off, but may Rip You Off

[demonlapin]

If you like the cash lifestyle, it's a lot easier to get a few thousand out of the bank at a time.

Re:Won't take off, but may Rip You Off

[shaitand]

It's not really anything more than you provide with any credit card processor. You give Paypal as much or more.

Re:Won't take off, but may Rip You Off

[Capt.DrumkenBum]

Thankfully...I don't have/use a Debit Card. I ask my bank for a plain, simple non-debit ATM card.

Just how stupid are you? They gave you exactly the same card with exactly the same functionality as everyone else. Then they told you your card is special, and you bought it?
The only thing special is you... In a short bus kind of way.

Re:Won't take off, but may Rip You Off

[Charliemopps]

Except Drug Dealers don't keep Bank Accounts. Its a cash and you are carrying business.

Funny, you clearly have no idea what you're talking about. The majority of "deals" are made between friends. Yes, Street corner guys can't use this, but if you're been buying from "John" for the past 15 years, you're not going to really worry about a paper trail. The quicker people realize that this isn't some secret underworld invisible to normal people, and that its really just all of US going about our daily lives, the better off we all will be. It's a lot like the common notion in the 50s that women didn't have children outside of wedlock. It's laughable now.

Cash for blood

[koan]

A web based catheter system, where is it?

Most important question

[Vrtigo1]

What prevents someone from spoofing an e-mail from you to send themself money?

Let's say you meet up with some guy in a parking lot to conduct some sort of craigslist transaction. You agree to pay him using Square and you e-mail him the cash. At this point he knows you have a debit card linked to your Square account, so what prevents him from forging an e-mail from the e-mail address you used to send him cash, to him, CC'ing cash@square.com and putting 5000 in the subject line? Will Square then deduct the $5k from your bank account and send it to him?

Sure you can argue that SPF and such exist to prevent e-mail spoofing, but in reality a lot of e-mail domains don't implement SPF and even if they do a lot of recipients don't check it. E-mail seems like a horrible mechanism to control financial transactions because it is inherently insecure.

Re:Most important question

[Atzanteol]

The confirmation email Square sends back to the sender is supposed to deal with this it seems.

Re:Won't take off, but may Rip You Off

[icebike]

Except I can receive money in my paypal account as long as they have my tax id for tax purposes, and I can spend that money directly out of that account at a large number of merchants without giving access to my bank account.

Re:Won't take off, but may Rip You Off

[icebike]

The majority of "deals" are made between friends.

Maybe in your little upper middle class world scoring you pot for the weekend.
In the real world Street Corner Guy does most of the business.

And neither John nor Street guy puts any of that money in the bank.

Re:Won't take off, but may Rip You Off

[CastrTroy]

Do you have a bank loan at 1.99% for your car, and pay the dealership in cash, or did you get the 1.99% through the dealership. In many cases, the "low" interest rates you get from the dealership are only offered because the price of the car is high to compensate. Tell the dealership you'll pay cash, and the price of the car will drop significantly.

Old News

[VortexCortex]

"Square ... has launched a new payment service called Square Cash."

AKA: Final Fantasy I thru X

"The service doesn't require users to sign up or make an account."

Yep, but they make you grind harder than ever for credits...

Re:Won't take off, but may Rip You Off

[Zak3056]

Do you have a bank loan at 1.99% for your car, and pay the dealership in cash, or did you get the 1.99% through the dealership. In many cases, the "low" interest rates you get from the dealership are only offered because the price of the car is high to compensate. Tell the dealership you'll pay cash, and the price of the car will drop significantly.

This is really only true when you're talking about manufacturer subsidized loans ("0% financing through GMAC with approved credit!"), which usually are not available in conjunction with manufacturer rebates--which almost EVERY car on the market has (even Toyota these days). In some cases, the rebates are absurdly large (pickup trucks) so you can see massive swings in the price of the car if you forego the manufacturer financing. Overall, dealerships typically MAKE money on finance deals (kickbacks from the banks/credit unions for writing the loans).

That said, walking into the dealership with a cashier's check DOES tend to short circuit the negotiating process... not because the dealership is somehow losing money on a loan, but rather because the finance manager is no more immune to having cash waved under his nose than anyone else is.

Hyperwallet (Canada)

[future+assassin]

in the mid 2000's use to do that with Beam Cash although you needed an account http://www.hyperwallet.com/consumer/help/beam-cash-email-money-transfers.html

Re:Won't take off, but may Rip You Off

[Zak3056]

Just how stupid are you? They gave you exactly the same card with exactly the same functionality as everyone else. Then they told you your card is special, and you bought it?

The only thing special is you... In a short bus kind of way.

Some (though not all) banks (for example, Bank of America) still offer cards that only work with a PIN in the ATM, and do NOT work as debit or credit cards. Your abusive post above merely proves that you're not only an asshole, you're also an ignorant one.

Re:Won't take off, but may Rip You Off

Parent's claim meets most peoples common sense. Do you have any evidence otherwise?

How is this different from Google?

[linuxguy]

Google lets me send money to other people. How is this different? I may have missed an important detail.

Re:Won't take off, but may Rip You Off

[Capt.DrumkenBum]

So you believe that a software flag that says your card wort work at the ATM somehow makes your card different?
I stand behind my assessment of your stupidity.

Re:Won't take off, but may Rip You Off

[icebike]

I think you will find that common sense isn't all that common.

John, usually works for Street Corner Guy anyway.

Re:Won't take off, but may Rip You Off

I believe this is distinctly more common with credit unions. Credit unions are covered under a different federal organization, but for most purposes are interchangeable with banks in the US. They also didn't bother to deregulate credit unions when they were deregulating banks, so most credit unions weathered the recent economic times far better than banks.

virtual paymend cards not supported

[hugetoon]

I tried a 1$ transfer using a virtual payment card (I can obtain a one time card number on my bank site limited to a specific amount, this is usefull for online purchases). I could not link this card: "Card not supported".
Too bad, i really wanted to test their service with a spoofed mail after doing first transaction normally.
There is no way I'll be providing them my real card number.

Hint: they do not brag about being PCI DSS certified (not even compliant) that certainly means they are not.
They only say: "You’re safe with us. The privacy and security of your financial information is our top priority." which is not very reassuring to say the least.

Re:virtual paymend cards not supported

[vanyel]

It has to be a debit card; since Paypal stopped doing virtual cards, I don't know of any debit cards that do them any more. I have Discover and Citibank credit cards specifically because they do support them, though that doesn't help here.

And actually, they do brag about being PCI DSS certified in their "Security" section.

Which doesn't mitigate the fact that they are setting up a phishing gold mine: "click here to enter your debit card number and receive some free money!"

Re:Won't take off, but may Rip You Off

[Cederic]

ATM cards that don't offer POS payment capabilities do exist. Why do you think otherwise?

Re:Won't take off, but may Rip You Off

So, no evidence?

Kids

This is what happens when 20-something year olds get funding for their great idea without understanding how stuff works first.

Re:Won't take off, but may Rip You Off

[Paco103]

You're right, the cards are all the same. They're just a piece of plastic with a magnetic strip that has a bunch of software flags. Considering that the software is the entire way any of this works, yes, changing some flags makes it different.

Re:Won't take off, but may Rip You Off

[mythosaz]

Mostly because he's retarded...

You can certainly get a non-debit bank card.

Wells Fargo's look like this:

http://www.adamhunter.net/wallet2010/walletpics/8-atm.jpg

transfer the money into any account?

[greggman]

I do not think this phrase "any account" means what you think it means. I suspect I can not transfer money into or out of my Japanese accounts. Something I would love to be able to do.

Re:Won't take off, but may Rip You Off

Maybe in your little upper middle class world scoring you pot for the weekend.
In the real world Street Corner Guy does most of the business.

And neither John nor Street guy puts any of that money in the bank.

I will fully admit I and my friends fall in the "little middle class world" category, but there is no "scoring" pot for the weekend here. You base your purchase times and amounts around the harvest cycle. One to two weeks of open house, then nothing for four months. Best plan ahead.

All the "John's" accept cash, credit, paypal, even bitcoin has been mentioned on occasion.

Remember back when paypal let you select "Other" for the payment reason? It was always a blast to fill in "sexual favors" in that spot, before they started taking that seriously and locking accounts :/

If you want to argue none of us live in the "real world", then more power to you I guess...

But that Street Corner Guy is dangerous as fuck, and best to not involve yourself with if at all possible.
Of course it isn't always possible, and for anyone in that situation - I'm sorry
But Street Corner Guy, bank account or no, could be a fed, and decidedly does not procure product out of his asshole (at least one hopes) - He gets it from a grower - An upper middle class dude with a bank account and a house suitable to contain such an operation.

Poor dude having to stand on the corner is desperately trying to make a few tiny bucks while not getting arrested or robbed... That is not where its at, and real world or no, no one that can avoid it wants anything to do with that.

Re:Won't take off, but may Rip You Off

[icebike]

So your own homework son.

Re:Won't take off, but may Rip You Off

[Tom]

Left unsaid in the linked article, (and also the Square website) is how square is going to monetize this, other than by *cough* losing one out of a hundred payments.

No need to get paranoid there. Many online services are introduced for free and fees are added on later. Unless I'm horribly mistaken, PayPal started out that way, too.

Better system

At work we developed something better. Text the amount and phone number to a short code and we'll debit that from your account and credit it to the recipient.

But alas, Europe only because the US has an archaic banking system.

Re:Won't take off, but may Rip You Off

[icebike]

What the hell fun would it be not getting paranoid on Slash dot?

Re:Won't take off, but may Rip You Off

[mcgrew]

Nope, no drug dealer in the world (illegal anyway) will sell drugs for a credit card* or a check and they wouldn't use this. They want cold hard cash.

* they do take LINK

Just sent twenty bucks.

[Seor+Jojoba]

It works. You have to give them credit - the process is extremely simple. I could see it taking off. From a security perspective, it's not great. But it's also not as bad as some people here are making out. You don't send any information over email other than the email addresses of the sender and receiver, and sender's intent to send $x to seller. Phishers are likely to pattern "you've got money" emails off of these Square emails to people. But these are just another variation on "give me info/money, so I can send you money" scams. Same common sense defenses apply--If you aren't expecting money from somebody, don't give out personal info. And then there are more sophisticated man-in-the-middle attacks combined with spoofing the "you've got money" email or replacing content in it. Those are the ones I'd worry about, but they are also much harder to set up. When you go to your online banking website, do you worry about someone spoofing the whole site (or at least the login) and making the DNS point towards the spoofed site? I do, but not enough to stop using it.

Re:Won't take off, but may Rip You Off

Eh, I will stick with my preconceptions.

I'm assuming it'd be like paypal

[Chirs]

so if your bank lets paypal deduct money for free (mine does) then this should be free too.

If your bank is charging for electronic transactions like this, find a better bank.

in Canada we can

[Chirs]

it's called Interac e-Transfer

It's not free, though.

a few reasons for credit cards

[Chirs]

1) Rewards. Yes, this currently means that everyone is subsidizing the guys using high-rewards credit cards, because the merchants pass on the fees to everyone.
2) Extended warranty. (I've gotten hundreds of dollars of value from this alone.)
3) Price protection.
4) Some places really prefer credit cards (car rental companies, for example, or gas stations that want to pre-charge you for a fill so you can't run off without paying).
5) Ease of contesting charges. The credit card company will refund your money and go after the vendor to sort things out.

As for fees, there are many credit cards with no fees to the end-user.

I've heard the opposite

[Chirs]

Since they make money on the financing deals, they're actually happier if you finance the car than if you buy it outright.

Tested it myself, screenshots.

[mediocrist]

I sent my girlfriend $5 to try it out. It went down like this.

Send an email to her composed as such:

To: girlfriend@gfmail.com
Cc: cash@square.com
Subject: $5
Body: Ladida whatever

She received the email, and immediately afterwards we both received an email stating I was sending her funds.

My Email: http://imgur.com/f264wIG
Her Email: http://imgur.com/F8GhpJ9

When I hit the link card button, it brought me to a secure site and asked for my debit card #, expiration date and zip code. No name or anything else.
Once I filled in the info and hit confirm we both received another round of emails.

Mine: http://imgur.com/vDFnETA
Hers: http://imgur.com/nEaJdd5

She clicked on the link to deposit cash and was given the same screen asking for a debit card number, exp. date and zip code. Nothing else.
After she confirmed, another round of emails went out.

Mine: http://imgur.com/4shFvyz
Hers: http://imgur.com/88Xprw4

The charges appeared instantly on our two accounts as follows.

Mine: http://imgur.com/bNHDB5u
Hers: http://imgur.com/Pz6V7On

I sent another $5 to her account to catch screens from the website. Turns out when you're already linked an account to your email, you just get an email asking to confirm instead of having to relink your bank account. Once you hit the confirm button, money is sent.

My confirm email: http://imgur.com/vxoiS7t

She received an email waiting for me to confirm and an email saying that funds were deposited with the same text as before. She didn't have to do anything for the second payment and it was deposited into her account once i confirmed.

There were no charges or fees at all.

Re:Tested it myself, screenshots.

So now the scam is back on the table.

Sure the scammer needs to both buy something real from you and also hack you if they want money but there is always the mitm attack:

Eve hacks Adams computer (or a gateway somewhere in between, don't ask me I'm not a hacker).
Alice tries to send a transaction email to Bob.
Eve Intercepts e-mail.
Eve resends the email to Square as payment from Alice to Eve same amount.
Alice gets email from square asking to confirm payment of known amount at known date. COnfirms
Eve is rich and Bob is still waiting for money.

Version 2.

Alice tries to send a transaction email to Bob.
Eve Intercepts e-mail.
Eve resends the email to Square as payment from Alice to Eve same amount.
Eve sends a payment to Bob.
Bob transfers funds into own account.
Alice gets email from square asking to confirm payment of known amount at known date. Confirms
Eve now has Alice's money and Bob has Eve's money for same amount.
Eve now sends a new payment request on $HUGE AMOUNT spoofed from Alice to Eve.
Eve intercepts "Confirm" email. And sends reply to Square.
Alice has no more money, Eve is rich

Now Square know where this money is going, so the cash has to be withdrawn or wired abroad quickly but that's the same as any wire-scam. You also need a goalie (some homeless dude to stand for the account) of course.

Re:Tested it myself, screenshots.

[mediocrist]

I don't know if you can just intercept an email, preventing it from reaching its' final destination. I know you can intercept it and read a copy of it. I don't see any more risk in this setup than traditional systems. If your system is that compromised there are several ways to get your card information directly as opposed to working within a system that has the attacker's debit card (read: bank account not credit account) attached for deposits.

I don't think any system is protected perfectly from theft, real cash included. Square Cash works smoothly. I'm curious what information they're getting that makes waiving charges worth it.

Re:Tested it myself, screenshots.

You clicked a link in an email about money! Are you insane?

Re:Won't take off, but may Rip You Off

[Overzeetop]

We used this. Offered cash, on the spot. Dealer said "sure, but I for the same price you can have 0% for 4 years." They were firm on the price. We took the 0%.

Re:Won't take off, but may Rip You Off

Just how stupid are you? They gave you exactly the same card with exactly the same functionality as everyone else. ...

Some (though not all) banks (for example, Bank of America) still offer cards that only work with a PIN in the ATM, and do NOT work as debit or credit cards.

My bank also does this. Had to ask for the ATM only card, but it was available. Card does not have Visa/MC or any network options (Cirrus or Plus).

Re: Won't take off, but may Rip You Off

I got a good discount and rebates. It was manufacturer backed for qualified buyers and was run by a bank loan that the manufacturer kicks towards. Bank likes the low risk investment since the collateral is worth as much as the amount of the loan and I like that I can use higher risk investments since I'm young and don't need stability in my portfolio at the moment.

Re:Won't take off, but may Rip You Off

[cayenne8]

Just how stupid are you? They gave you exactly the same card with exactly the same functionality as everyone else. Then they told you your card is special, and you bought it? The only thing special is you... In a short bus kind of way.

Not sure what you're smoking today...but yes. The debit card has the visa symbol on it and can be used to buy things.

A regular, plain ATM card does not have the VISA logo, and it can ONLY be used with my PIN code to withdraw cash from the ATM, it cannot be used to make purchases on its own.

and if only the value didn't fluctuate insanely...

[SuperBanana]

I still prefer the Bitcoin schemes.

Why, aside from the fact that all the Cool Kids are supposedly Doing It?

It's a royal pain in the ass to participate in the bitcoin system, your transaction history is by definition public, and the value of the bitcoins you send to someone fluctuates like crazy. Anyone who takes bitcoins for compensation is insane.

Re:and if only the value didn't fluctuate insanely

[rosencreuz]

Anyone who takes bitcoins for compensation is insane.

Actually, offering payments in other currencies is done because of demand. Fluctuation is something which must be always considered. If a currency has high fluctuations you add a high risk margin on top of your exchange rate to compensate the possible loss because of possible fluctuation. Treasury departments are very aware of this currency trading risks and they can calculate the risk margin very precisely.
tl;dr High fluctuation means higher prices for the customers. Bitcoin as payment currency is not insane at all, if there'll be more demand, everyone will do that.