Slashdot Mirror

← Back to Stories (view on slashdot.org)

Square Debuts New Email Payment System

Posted by Soulskill on from the all-about-the-benjamins dept.

cagraham writes "Mobile payment company Square — best known for their smartphone credit-card swipers — has launched a new payment service called Square Cash. The service doesn't require users to sign up or make an account. Instead, they just email the person they'd like to transfer money to (with the amount as the subject), and CC 'cash@square.com.' Square asks the sender for their debit card info, and then sends a link to the recipient, who can transfer the money into any account they want within 1-2 business days."

19 of 240 comments (clear)

  1. Ummmm... by Anonymous Coward · · Score: 5, Insightful

    This has got to be the most insecure payment system ever.

    1. Re:Ummmm... by Russ1642 · · Score: 4, Informative

      You shouldn't send that kind of account info by email.

    2. Re:Ummmm... by Catskul · · Score: 4, Informative

      You don't send account info via email. Read the article, or even just the summary more carefully.

      --

      Im not here now... Im out KILLING pepperoni
  2. Really? by mcmonkey · · Score: 4, Insightful

    Account details over email and 1-2 business days?

    Why not just put cash in an envelope and send USPS? At least that way you can't lost more than the cash you send.

    1. Re:Really? by Anonymous Coward · · Score: 4, Informative

      You don't send your account details in the email. They give you a link where you go to provide the details.

    2. Re:Really? by ljw1004 · · Score: 4, Informative

      RTFA. "If this is your first time using the service, Square will email you a link to its service, where you’ll be asked to enter your debit-card information."

    3. Re:Really? by hawky · · Score: 5, Interesting

      We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

    4. Re:Really? by Anonymous Coward · · Score: 5, Insightful

      Sounds like an easy way to do a phishing scam.

    5. Re:Really? by n7ytd · · Score: 4, Insightful

      We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

      So now can you spoof another e-mail from your co-worker to yourself, CC'ed to square and get more money from him in less than 5 minutes?

  3. Interac by neoform · · Score: 5, Interesting

    Isn't this exactly the same thing as an Interac e-Transfer?

    I've been sending money via email for many years this way.

    --
    MABASPLOOM!
  4. What could possibly go wrong? by Shirogitsune · · Score: 4, Interesting

    Obviously this is a front for the NSA so they can get rid of the traditional means of tracking bank transactions and just lump it all into the haystacks of email data the already collect! Government efficiency at it's finest! Brilliant!!

  5. Sounds ready for abuse by Anonymous Coward · · Score: 5, Insightful

    So the From:, Subject, To:, and Cc: headers are what makes this work?

    Not a bad idea, really, except that it can all be trivially spoofed, and the resulting set up/confirmation emails can be trivially intercepted and abused at will. Plus, of course, no easy drop-in encryption, and in the end it piggybacks on existing systems, so all the risks associated with them (like credit cards) will be neatly folded into the deal too.

  6. Bitcoin by Austrian+Anarchy · · Score: 4, Informative

    I still prefer the Bitcoin schemes. Now, if I only had some bitcoin to toss around :(

    --
    Time Bomber the Book coming soon.
  7. Ridiculous that it takes a 3rd party by metrix007 · · Score: 4, Informative

    Why does the US have such an antiquated banking system? Hell, a lot of places still need checks because they won't take plastic!

    I've had bank accounts in the UK, Australia, Germany, Canada and the US.

    Canada is basically the US in this context..banks are no better. They do have email money transfers though.

    Which is something every other damn country has. A way to transfer money between bank accounts of individuals securely and free. The only option in the US has been paypal or chase quickpay.

    Not to mention the reliance on checks (ridiculous!) and the problems with ACH fraud. Again, in no other country has my account number been secret information which I have to protect. The worst thing people could do is put money into my account.

    So many issues....

    --
    If you ignore ACs because they are anonymous - you're an idiot.
  8. Re:Won't take off, but may Rip You Off by icebike · · Score: 4, Insightful

    Drug Deal!

    Except Drug Dealers don't keep Bank Accounts. Its a cash and you are carrying business.

    This requires you to give Square Your debit card info, and makes your recipient give you THEIR bank details.
    Seriously, the NSA couldn't have dreamed up a move invasive scheme. What could possibly go wrong with that?

    Left unsaid in the linked article, (and also the Square website) is how square is going to monetize this, other than by
    *cough* losing one out of a hundred payments. They claim the service is free. FAQ Here to both parties. So, how do they finance that, other than getting a piece of the debit card fee? (Senders have to use a Debit card).

    One wonders just how much the debit card fee is jacked up to allow Square to assume the risk for this type of service, and handle the deluge of complaints and lost payments claims. And how many will be suckered into handing over their bank info to a 419 email purportedly from Square.

    World Plus Dog is rushing to mobile payments, but I'm not so sure this is well thought out.

    --
    Sig Battery depleted. Reverting to safe mode.
  9. Re:Sorry, what? by ImprovOmega · · Score: 4, Informative

    From what I understand Square is a credit card processing service, which means they fall under certain other regulations. Not quite the same as banks, but certainly not out in the wild west as far as regulations go. I've known several small business owners who used them for credit card payments for a while now and both owners and customers seemed happy enough with the results.

  10. Training users to click on links in their inbox by Floyd-ATC · · Score: 5, Insightful

    How many times must people be hit in the head with a clue bat before they understand that this is a Bad Idea[tm]

    --
    Time flies when you don't know what you're doing
    1. Re:Training users to click on links in their inbox by Animats · · Score: 4, Interesting

      How many times must people be hit in the head with a clue bat before they understand that this is a Bad Idea[tm]

      Big companies are encouraging this, by sending emails that meet all the criteria for phishing emails. I just got a receipt email from Virgin Mobile after making a payment. The path taken by the mail goes through "mh.nextel.m0.net", "oms16.dc1.prod" (which isn't even a valid TLD), and "cmil278.amdocs.com". The mail text is base-64 encoded HTML only, no text version. That just screams "hostile code".

      How are people supposed to recognize phishing emails with legit companies sending crap like that?

      "m0.net" says on their site "This domain is owned by Acxiom Digital, a leading provider of email marketing solutions for Global 2000 enterprises."

  11. Open Relays FTW by Fenixfyre42 · · Score: 5, Funny

    telnet random.openmailrelay.com 25 HELO victim.domain.com MAIL FROM: victim.email@victim.domain.com RCPT TO: dummy.prepaid.card.email@badguy.com DATA CC: cash@square.com SUBJECT: $1,000,000 Here is the payment I promised. . QUIT Profit!