Square Is Discontinuing Monthly Pricing On February 1, 2014

An anonymous reader writes "Mobile payment startup Square has decided to discontinue its monthly pricing option on February 1, 2014. The company says it does not plan to reinstate monthly pricing at any point. If you are currently enrolled in monthly pricing, Square will give you "a grace period" through the end of January 2014, after which the per-swipe rate will apply to transactions. On January 2, monthly pricing subscribers will be billed their last monthly fee, which will cover the rest of the month."

wut?

[AntiBasic]

wut?

Re:wut?

[digitalchinky]

It appears to be some kind of slashvertizement for a mobile credit card reader that plugs in to the headphone jack of an iphone.

Re:wut?

I personally don't think equiangular polygons should have the right to decide pricing schemes. IMNSHO humans, and only humans, should be able to make choices like that. Otherwise what's next, a glorified calculator deciding when to fire people? It's wrong, I say, WRONG!

Re:wut?

Yes, but not just iphones.

Re:wut?

Very nice. That deserves a 6, at least.

Re:wut?

I know right? I honestly expected this to be about Square Enix and their turmoil in the industry and their predicted eventual death at the rate they are going.

Re:wut?

This actually is a pretty significant (and possibly bad) move on square's part. I know a few small business owners in Seattle who switched to square because the per-swipe fees were taking too large a cut of their profit. I would imagine this could push them away from Square.

Re:wut?

[Joining+Yet+Again]

It's humorous for two reasons:
1) "Square" the business name can be confused with "square" the algebraic shape;
2) Executives and beancounters are often perceived as "glorified calculators".

Mod parent up for being funny. +2 very funny, I say.

Re:wut?

THIS

I thought the game company square had some sort of built in way to swipe a credit card that I've never heard of it..

Re:wut?

[blackraven14250]

This is actually a widely-used credit payment processor, particularly by local businesses, so this is definitely a change that will have a fairly wide-reaching impact.

Re:wut?

[larry+bagina]

And you made it humorous for a third:

Square
1. (n; adj) A person who is regarded as dull, rigidly conventional, and out of touch with current trends.

Big deal.

[viperidaenz]

It's a hit to larger companies, not smaller ones.
Switching from $275/mo flat rate to 2.75% means if you're selling more than $120,000pa, you pay more, if you're selling less, you pay less.

next story please.

Re:Big deal.

[aaronb1138]

Really a good sized hit to small to middle sized businesses.. you know the mom & pop shops, indie food trucks (the minority) and such that manage to support 2-5 people with corporate incomes of 250k-2m per year.

A small company with CC swipes of $120k / year with an assumption CCs only being half their income, and the rest cash or invoices (checks), barely supports 1 person if the net margins are very high, in the 20-40% range and tax sheltering is very good.

Glad to see how well educated the techie community is on basic finance and business concepts.

Of course, we know that with the standard margin in CC processing being 3% for many years, it was very expected by any reasonable person that Square would ditch flat rates once they had little enough competition and a large enough base.

Re:Big deal.

[Joining+Yet+Again]

A small company with CC swipes of $120k / year with an assumption CCs only being half their income, and the rest cash or invoices (checks), barely supports 1 person if the net margins are very high, in the 20-40% range and tax sheltering is very good.

Barely? Either you live somewhere particularly expensive, or you suffer upper-middle, "Wait, you mean people can live on THAT LITTLE?" disease.

Re:Big deal.

[peragrin]

and yet you know nothing of how much a business needs to earn to pay a single person $40k a year.
Just because the company has $120,000 in revuene, doesn't mean the owner earned $120k. Now you have to take off expenses which is on that figure probably close to 95% of it.(depending on how the equipment was purchased)

Re:Big deal.

[squiggleslash]

I suspect he's right. While many Slashdotters have experience of being contractors, and setting up a small business to legally manage that, that's not typical of a normal small business which will generally involve: a small number of employees, but more than one; rent; non-trivial supplies; capital costs; etc. A single person business who works out of a laptop and smartphone and has no other costs other than travel isn't unusual but it's not typical.

Think in terms of what it costs to run a pizzaria, one of the classic small businesses. You have yourself, you have a group of employees to the point you generally have a minimum of two on duty (besides yourself) during opening hours, more at busy periods. You need to rent a shop, which doesn't have to be huge, but it'll cost considerably more than those cheap single room "offices" you see advertised as "starting at $500/month!" by the road. And, of course, you need flour, water, anchovies... oh and gas, and electric, and phone service, and advertising and printing...

Now, this doesn't mean going into pizza making forces you to live in poverty or go bankrupt, far from it, because pizza is popular, and people are willing to pay quite a bit for a decent pizza. Or even half decent pizza. That's why there are so many pizza chains. But the question isn't "why doesn't pizza make a profit", it's "How much turnover do you need before Square's monthly rate becomes better and does a typical small business qualify", and it seems hard to believe that an average pizzaria has a turnover so low it wouldn't qualify. Even if the franchisee, at the end of the day, goes home with a salary of $50,000, that's just one small part of the costs.

Re:Big deal.

[Joining+Yet+Again]

"probably close to 95% of it" is one of those ass-pulled stats.

I co-owned a small business with my partner of the time about a decade ago. Revenue was never more than $17,000/month, most of which was from reselling products to consumers. Our best seller started off with a 600% margin, yet still undercut all competitors, because we adapted a solution normally sold in bulk to a different market.

Even as others emulated us, we could achieve 50% margin years later. Why? the big boys didn't want to sell "own brands" at all, and none of the smaller players would have been able to afford a race to the bottom with us - I in-sourced nearly everything technical (to me), made it an academic challenge to continually minimise overheads, tried to maintain the best possible relationship with regulars so they'd be keen to maintain a community on our web site, and turned part of the house into a warehouse. Hard work, but fun as hell.

Re:Big deal.

[zippthorne]

If you're selling less than $120k, you're not a company. You're barely even in business at all. That's revenue, not profits.

Re:Big deal.

The BS alarm just went off...

Re:Big deal.

I agree with most of what you wrote, but hold the anchovies.

Re:Big deal.

[viperidaenz]

Selling $120k through this single method of payment.

Re:Big deal.

[Ksevio]

$120,000 per year is only around $500 per work day (~$330/day). You don't have to have a large business to hit that amount

Re:Big deal.

Where are these so-called "mom and pop shops" that make two million per year (or 5500 per day)? For some reason, you smell like a Republitard Teabagger. That, or you've fallen for a few too many "work from home for 20000 per week!" scam emails.

Re:Big deal.

[viperidaenz]

Again, this is via a single method of payment.You don't have to be a large business to accept cash, cheque or invoice.

Re:Big deal.

He didn't say profit, he said corporate income. Essentially any store that supports two or three people with a very low margin product is going to have very high turnover, often in the millions.

Re:Big deal.

Sounds like he's talking about the sex toy shop, or maybe fake "custom" auto parts (how come there are ten vendors of the exact same HKS knock off exhaust setup who have their name stamped in the metal) or some other industry with weird high margins are tolerated by consumers, largely due to ignorance and communal fleecing.

Swipe?

[thegarbz]

So after many years of regulations, encryptions, standards, tamper proof systems, migrating from a magnetic strip to the chip and pin for even greater security, this company's innovation pisses all that against the wall?

Man... I would not do business with anyone who wants to swipe my credit card through an iPad.

Re:Swipe?

In just over 1 year you won't have to. At least in Canada, after 2015 debit card companies will no longer need to include a magstripe unless they really want to. I expect credit card companies will follow suit quickly. Magstripe fraud is costing both huge amounts.

At that point square's equipment will be as good as garbage. I'm sure as a backup for places that refuse to upgrade they'll still be able to take imprints, just like 50 years ago.

Re:Swipe?

Their app for Android sucks and that dongle won't always read the cheap cards many chumpass banks use. The banks won't embrace any new technology until forced to do so. Europe has had proximity smart cards for years. Square is square and there are many services who're cheaper and much more technologically savvy with NFC and other contactless payment opitons.

Re:Swipe?

Europe has had proximity smart cards for years.

So does the US. But in both places, where you can use them is quite limited. The idea that Europe is ahead on contactless payments is ludicrous.

Re:Swipe?

[gl4ss]

*So does the US. But in both places, where you can use them is quite limited. The idea that Europe is ahead on contactless payments is ludicrous.*

hong kong had the best system of places where I've been. could pay at 7/11, the metro and lots of other places. and you got the deposit back when leaving.

however.. square has little point to exist in areas where the payment service providers provide you with mobile terminals. in finland practically all cc readers in smaller shops are of the variety that uses cellphone network for connection and has a battery.. we use them for chip+pin payments everywhere. even snack kiosks, pizza deliveries and what have you have them. 100% of kebab establishments have them too.

even so much that I think people would think twice or thrice before letting a delivery boy or random dude read their card with a reader attached to a cellphone and give their pin..........

Re:Swipe?

[mysidia]

I'm sure as a backup for places that refuse to upgrade they'll still be able to take imprints, just like 50 years ago.

50 years ago? It was common about 20 years ago.

Also; I made a purchase at a store that did an imprint, about 6 to 8 months ago.

Re:Swipe?

[PRMan]

My brother runs a small booth that sells superhero t-shirts and memorabilia on the weekends. Do you think that he shouldn't take credit cards? Or that his taking of credit cards would be more "legitimate" if it didn't go through his cell phone? Utter nonsense.

And if he's wrong about the legitimacy of the transaction the company will just reverse it on him and he loses the money, not you. And that's happened all of once for $80 over a 2 year period.

Re:Swipe?

[thegarbz]

Really? I thought Australia was one of the last to embrace chip+pin and yet I now see contactless readers absolutely everywhere. The last time I used the chip was about 2 months ago and only because the PayPass reader at the the local Thai takeaway wasn't working.

Re:Swipe?

[thegarbz]

No he shouldn't. Not unless he's willing to buy/lease a proper solution from his bank which embraces the proper security protocols established by the industry. A lot of effort has been put into card readers to make them safe from tampering by the merchant themselves. Not just software either. Simply opening one of the card readers will completely brick them. Want to access the circuit board without opening by drilling into the side? Nope that'll typically trigger a trip grid around the inside of it.

The only thing that is utter nonsense is that we've pissed all advances in security against the wall by releasing a device that reads a mag stripe (I'm not sure this is actually accepted in some countries anymore), and that has only a bit of software separating a potential fraudster from a credit card. I'm not worried about the transaction being illegitimate and your brother being out of pocket, I'm worried about potential fraud by your brother (who I don't know at all and thus could very well be into that).

There's a reason chip+pin was introduced and that was to separate a merchant even more from the customer's credit card. Now there's no reason for you to hand your card over to the waitress anymore and wait while she disappears with it in the back room. The signal going via the cell isn't the issue, the issue is the hardware itself. Yes I consider it as illegitimate as someone taking a card imprint, something which would also make me drop the goods right there and walk away.

The merchant should not have access to a card either physically or via a non-tamper-proof and non-certified piece of equipment. Period. Don't like it? Use cash.

Re:Swipe?

[BKX]

Simply opening one of the card readers will completely brick them.

Probably not. I've repaired and/or replaced many keypads and phone jacks on CC terminals over the years. I've done this for readers made by several different companies and many levels of features, including Hypercom (the most popular brand), and terminals that have RFID readers and external pinpads. Opening them up has always been easy, and they accept my soldering iron and screwdrivers just fine. I doubt there's much in the way of tamper-proofing on the portable ones either, even though I've never worked on them, considering the lack of tamper-proofing on anything else they make.

Re:Swipe?

[Joining+Yet+Again]

And then you made purchases at various outlets in Prague, Adelaide and Ouagadougou, about 5 to 7 months ago.

Re:Swipe?

[Joining+Yet+Again]

Yeah but contactless really just means no need to give authorisation by touching a PIN pad. So it's limited it to £20/€25 purchases. The amount of time taken to tap 4 numbers is always dwarfed by how long it takes to authorise and take payment, print and collect receipt.

Re:Swipe?

[drinkypoo]

The only thing that is utter nonsense is that we've pissed all advances in security against the wall by releasing a device that reads a mag stripe (I'm not sure this is actually accepted in some countries anymore), and that has only a bit of software separating a potential fraudster from a credit card.

They don't even need to swipe your card, dude. They can do it by the numbers. There is no security in credit cards whatsoever. All that technological whizbang bullshit they've put on them doesn't close the human loophole.

There's a reason chip+pin was introduced and that was to separate a merchant even more from the customer's credit card. Now there's no reason for you to hand your card over to the waitress anymore and wait while she disappears with it in the back room.

Unfortunately, most credit cards don't actually have chip+pin. I've never even seen one that does.

Re:Swipe?

[drinkypoo]

however.. square has little point to exist in areas where the payment service providers provide you with mobile terminals. in finland practically all cc readers in smaller shops are of the variety that uses cellphone network for connection and has a battery..

Population of Finland: Who gives a fuck? Population of the rest of the world, which doesn't have a kiosk on every corner: A lot more! I have literally never seen a chip+pin credit card, and I can count on one hand the number of times I've seen someone advertising contactless payment.

Re:Swipe?

[Ashe+Tyrael]

Depends where you are I suspect. In the UK, all new cards over the last few years have been chip and pin.

Re:Swipe?

however.. square has little point to exist in areas where the payment service providers provide you with mobile terminals.

Square isn't just about the mobile concept. They provide an e-receipt (I believe it's a text link, though they may have an email option).

Re:Swipe?

[gl4ss]

maybe because you drink poo or something, live in a nyc basement where "drug stores" take magstripe with "signature" without anyone even looking at the card or the signature and never left anywhere where people want to do something, a little bit, to avoid cc fraud.

the most popular manufacturer of those readers in use in finland(which can read magstripes as well) is SAGEM and they don't do them just for finland.. and the reason they need connectivity while on the go is so that they can use debit cards which authenticate against the bank on every transaction.

Re:Swipe?

[ganjadude]

not that your fear is misplaced but perhaps you should do a little bit more research on the topic. Square devices are just as secure as those fancy pin readers (disclosure - I work for a pin pad company now) When the card is swiped in a square device, the owner of the device has no electronic record of the numbers to keep for his own use, just like a store does not have a card number to keep for its own use. Sure a hacker may be able to break the encryption and get the information, but it does not seem that likely, no more likely than putting a skimmer on an ATM or gas pump anyway

Re:Swipe?

[colinnwn]

In the USA my understanding was PCI requirements were going to make all companies switch to non-imprintable cards? All of my cards issued in the past year are completely flat.

Re:Swipe?

[ganjadude]

the ones from verifone Do in fact have a "tamper detected" error if the device is tampered with in any way, in fact it can be a little to touchy at times. It does not "brick it" per se, but it does have to be sent back to verifone for reprogramming and the store is sent a new one. at least thats how my experience has been

Re:Swipe?

[BitZtream]

Thats because you utterly fail to understand any part of the process. This isn't insightful, its just the opposite, it shows ignorance.

First off, the strip on your card, not encrypted in the first place, its just data. Encrypting it offers nothing of value as you would then just end the encrypted blob, which anyone could also copy and send. You can read it with a modified 8 track player and some software (this is essentially how square works) or any of the thousands of various card readers that hook up to a PC as if it were a keyboard.

None of the data stays on the iPad, its simply forwarded off to squares servers to do the real work.

Do you think its a better setup to do the card reading on a virus and malware infected PC instead, you know, one of those PCs that you run your card through every day at the gas station or restaurant you eat at instead of the walled garden that Apple built.

If this bothers you, it just shows you're ignorant of the actual security concerns. You should be far far more concerned with the waiter or mcdonalds employee you hand your card through that can just snap a pic of it when you're not in sight.

Re:Swipe?

[TomGreenhaw]

You would be better off if you only swiped through an iPad. All these iPad swipers are encrypted and tamper proof with decryption only possible at the card processor. The majority of the regular swipers you see at retailers do not use the end-to-end encryption.

Re:Swipe?

[BitZtream]

Square is fully PCI compliant because IT DOESN'T STORE YOUR INFORMATION and USES SSL TO TALK TO ITS SERVER. Thats ALL the security you get ANYWHERE on the client side IN THE BEST CASE situation.

Stop spewing shit you know nothing about. 99.999% of the PCI rules are written around the fact that people STORE the credit card numbers. The instant you stop storing card information, PCI becomes ridiculously less complex.

Welcome to what Square does ... it makes all the PCI compliance issues a problem for Square admins, and lets your business do business, not worry about IT.

Chip + Pin might be great, but as has been said by others, I've NEVER seen one, so its not so great that the entire world snapped it up to save the billions in lost dollars ... did they?

You live in a fantasy world, or I suspect is more likely, don't actually own any credit cards.

Do you know that all the information you need to make a card transaction is ... VISIBLE ON THE CARD ... WITHOUT A CARD READER? Yes, thats right ... *gasp* they can just use the visible information on the card to take your money.

Re:Swipe?

[Alex+Pennace]

In the USA my understanding was PCI requirements were going to make all companies switch to non-imprintable cards? All of my cards issued in the past year are completely flat.

Perhaps only certain banks are doing it. Of the two cards that I got this year, both were embossed.

Re:Swipe?

[zero0ne]

That's BS and you know it - US CC companies have some of the best fraud detection around...

The second a charge on my CC goes through in a state I have never been or never lived in (or couldn't travel to within the time of my last legit charge), they are calling me and asking if the charge was valid.

Last time I purchased something on eBay, I received the very same phone call because it was over $1,000

Re:Swipe?

Square does not take debit.

Re:Swipe?

[wiredlogic]

Canadians love traveling to the states to get cheaper products with lower sales tax. They won't willingly sacrifice their mag stripes when they are needed to conveniently spend money in the US.

Re:Swipe?

[Lehk228]

the original readers used analog audio connector and were totally unprotected. then VISA threatened them and they improved the device

Re:Swipe?

[sam_nead]

Essentially every shop in the UK has a chip and pin reader. Contactless payment (with a home-grown card) is standard on the London underground. I assume it is only a matter of time before contactless payment spreads to the shops.

Re:Swipe?

When the power goes out at the local mall, business goes on as usual. There are skylights, so it as long as it's not totally dark outside, you can see just fine, and every shop has one of the little imprint slider things. Disallowing those would suck.

Re: Swipe?

Except for prescription drugs, of course.

Re:Swipe?

[Grishnakh]

That's Canada. Canada is a much, much smaller market than the US. The US will hang onto magstripe technology for decades, maybe more. Just look at how backwards our banking systems are here: people still use paper checks, there's no electronic funds transfer without huge fees, there's no real use of crypto, etc. Look at Europe to see what banking should be like; we in the US are at least a century away from getting that kind of technology, with the rate of change here.

Re:Swipe?

[Cimexus]

Sorry but he has a point. Square might do OK in the US for now, but wouldn't work anywhere else. Most countries (including most of Europe and east Asia, which definitely do have populations big enough to matter) have moved to chip and PIN cards and a good proportion of banks in those countries have made using the PIN compulsory.

I'm Australian but live in the US at the moment. I have three credit cards in my wallet: an Australian-issued Mastercard, an Australian-issued AMEX and a US-issued Visa. Both the Australian ones have a chip AND also have contactless payment (tap the card on the reader ala PayPass). They do both still have magnetic strips for legacy use, but if the reader has the capability of using the chip (most do in Australia), then the swipe won't work - it'll tell you to insert the card and type PIN instead. Contactless payment is pretty common too ... most of the big retailers (supermarkets, gas stations etc.) have it.

The US card has neither a chip nor contactless capabilities AFAIK - it's a plain old magnetic strip. I would have serious issues actually trying to use that card back home (or in most other countries), as plenty of places simply won't take a swipe anymore.

I have no idea why banking, payments and dealing with money is so backwards in the US (see also: checks still actually existing). I mean, they invented credit cards right? And much of the technology that underlies payment systems...

Re:Swipe?

[Cimexus]

Yeah they do have an email option (and I think it's actually the standard/default option?) I take taxis a lot when travelling for business in the US and they virtually all seem to use Square. It's pretty cool actually because once you pay using Square the first time and supply your email address, every other time you pay with that card, your email address is already pre-filled. So it's just swipe the card and you're done. The receipt is waiting in my inbox a few minutes later (which I need to claim expenses for work). The receipt even has a little Google Maps inlay with a mark showing the exact location on the map where the swipe was made (since the tablet or phone the Square reader hooks into generally has GPS).

Re:Swipe?

[Cimexus]

Australia was late to the game compared to Europe, but as you say, chip and pin is pretty ubiquitous now, and contactless is catching up fast. I'm Australian but have been in the US the last six months and I've not seen a single reader that supports EITHER of those techs here.

I have seen quite a few of these Square readers from TFA though.

Re:Swipe?

[Cimexus]

YMMV of course. I haven't seen a card issued in the last several years that doesn't have a chip (even in Australia which was notoriously late getting on the chip-and-PIN bandwagon compared to Europe ... I remember having issues using my Australian card in the UK in the mid-2000s because they all required a chip even a decade ago). I think it's only pretty much the US now where it's not standard.

Re:Swipe?

[radarskiy]

"Simply opening one of the card readers will completely brick them."

Irrelevant if you not trying to send fraudulent transactions over the network yourself. If you are just skimming cards then you don't need a real transaction at all. You sell the info and let other people make widely dispersed fraudulent transactions.

"There's a reason chip+pin was introduced and that was to separate a merchant even more from the customer's credit card. Now there's no reason for you to hand your card over to the waitress anymore and wait while she disappears with it in the back room."

The latter does not depend on the former at all. The handheld terminals I've had experience with in Europe will take chin+pin, chip+signature, and stripe+signature cards. Also, in all cases the merchants have still handled the card themselves.

Chip+pin was developed to shift liability from the CC network back to the card holder. If you claim a fraudulent transaction the CC company respond that you entered the PIN therefore it is your own fault so pay up.

"he merchant should not have access to a card either physically or via a non-tamper-proof and non-certified piece of equipment."

And how do you the normal customer recognize the certified equipment?

Besides which the whole thing is moot in the US since in the US I have not yet seen a terminal that will operate purely on chip+pin and I've only heard of one bank that even offers chip+pin. (I have one card that is chip+signature that typically works in Europe except for train ticket kiosks.)

Re:Swipe?

Square's solution actually has the potential to actually be more secure than any chip and pin. By using cell phones and tablets, Square could replace or augment the signature with a photograph of the person making the charge. A 4-digit PIN is much easier to fake than a photograph of someone's face. And in cases of fraud, there would be a photograph to aid police in finding the fraudster.

Re:Swipe?

[HereIAmJH]

My last card was like that. I just assumed it was because they printed it on-demand at the branch office, rather than having it mailed from their credit card processor. I don't know if that's an improvement in security. It still has a mag stripe on the back, and now anyone with an ID card printer ($800 with a quick google search) and a stripe encoder ($200 on Amazon) can make cards.

I was there getting my card replaced because someone hacked Harbor Freight and stole the track 2 info from cards. (CC#, expiration, CVV) It was an odd experience because the person ahead of me was also getting a card replaced due to fraudulent charges at the exact same Home Depot in New York state. (we live in the mid-west)

Re:Swipe?

[HereIAmJH]

The US card has neither a chip nor contactless capabilities AFAIK - it's a plain old magnetic strip. I would have serious issues actually trying to use that card back home (or in most other countries), as plenty of places simply won't take a swipe anymore.

Chips and contactless cards have been available in the US for a long time. They just aren't universal. I had an Amex Blue card nearly 15 years ago that had a chip in it. And in 2005 they launched a contactless card. Discover also had an oddly shaped card a few years ago that was contactless. I don't think the chipped cards gained acceptance because retailers didn't want to change their readers, and I don't know if Visa or Mastercard ever made any effort to get chipped cards on the market. I wouldn't be surprised if contactless cards aren't widespread simply because they are contactless. I have seen quite a few chains install the contactless readers. But if I have to choose over a reader where I swipe my own card, or a contactless reader where I have no idea what the true range is, I'm going to choose to swipe.

As far as Square's business model, you're focusing on the wrong part of the device. They are about giving small businesses the ability accept and process credit cards. They offer a mag reader because that is the most common device in the market that they are targeting. When they want to enter other markets they will simply create a new device that works through their current protocol. The card reader is a small part of their service, and I don't know why they would be limited to a single technology.

Re:Swipe?

[thegarbz]

No it shows you're ignorant of the direction in the industry. The world over is doing everything in its power to get rid of magnetic stripe readers for EXACTLY the reasons you specify, yet here we have a system and service that actively embraces it.

It does bother me now. It wouldn't bother me if this was a product of 10 years ago, but it's not. It's a product of 10 year old technology at a time when the entire industry is trying to move away from it *because of the security concerns*.

As for the ummmm PC connected to card reader ... don't make me laugh, calling someone ignorant then coming up with a statement like that. NONE of the credit card processing EVER touches the PC. Most machines aren't even connected to the PC. Those that are accept only an input detailing the transaction, and reply with a pass/fail.

Re:Swipe?

[thegarbz]

They don't even need to swipe your card, dude. They can do it by the numbers. There is no security in credit cards whatsoever. All that technological whizbang bullshit they've put on them doesn't close the human loophole.

That loophole only exists if someone has my card. I don't give it to anyone. The swipe machine is brought out and people say here you go, and you do the rest of the transaction yourself.

Unfortunately, most credit cards don't actually have chip+pin. I've never even seen one that does.

I haven't seen one in about 3 years that doesn't have chip+pin. I have occasionally swiped my card when I've had a mental blank and the machine beeps at me saying I need to insert the chip.

Re:Swipe?

[thegarbz]

The square device can suffer from a MITM. The older one didn't even encrypt the data from the swipe card when it got sent to their servers. Magnetic swipe cards do not support pin numbers.

I'd be slightly more happy if they didn't use a magnetic reader, but they don't. The fear is misplaced because magnetic swipes are an ancient outdated technology with very few protections and which some countries are in the process of actively outlawing.

Re:Swipe?

[thegarbz]

Just because you've not seen Chip+Pin doesn't mean you should be actively supporting the continued use of your outdated technology.

I think we have a fundamental misunderstanding because you live in a country which is quite backwards on credit card security. I haven't seen a magnetic stripe reader in use in a very long time, I haven't owned a credit card without chip+pin for at least 3 years and even when I did I never used that card.

In other use the vast majority of internet traffic isn't encrypted either so why start now right?

Re:Swipe?

[thejynxed]

The Verifone models are also what quite a few stores use around here as well. I can confirm they are touchy, and "die" often (I think due to customers poking them too hard or something during debit transactions), but they also are all the models where you can swipe a normal card OR "tap" the chip-enabled cards to perform the transaction (which I guess helps our foreign tourists out, as there is only one card & card company here that offers them, so, useless to us locals).

There's been a few times where that tamper detected error has shown up where it's only been a loosened hex screw on the backplate due to the way those things mount on the swivels - they can eventually work loose over time. It went away if the terminal was shut off, the screw tightened, then the terminal restarted.

Re:Swipe?

[Kalriath]

Really? When I go to the supermarket, I just tap my Amex against the pinpad, the transaction is approved in around 200ms. The operator says "would you like a receipt?" and if I say no, I walk out. If the amount is more than $80, I have to enter a PIN, but otherwise it's pretty much instant.

Re:Swipe?

[Kalriath]

The number of merchants (I'm in NZ) who have an ancient reader that doesn't have a card slot on the pinpad or who claim "oh that doesn't work, you have to give it to me so I can do it on this side" is staggering. Even more staggering is how many merchants persist in swiping the card before checking for a chip and inserting it (some banks actually advise that this is a fraud indicator, and you should not shop at these places).

It is not flat

[thsths]

I can see two problems with this statement:

It is not a flat fee.

And it is not per swipe.

In fact, it is a commission or a share.

Oh, and it is of course not a benefit for the customer, as much as square is wiggling around the issue. They remove a price plan, and thereby increases prices.

Re:It is not flat

[kramerd]

The plan was $275/month or 2.75% per swipe. However, the 275 per month was limited to the first $10,000 (ie $275 in fees). After this, it defaulted to the 2.75% anyway. Therefore, if you chose monthly, and didn't use it all, you actually paid a higher price. By definition, you could always just take the 2.75%, so I don't know why anyone would ever choose the monthly plan in the first place.

Re:It is not flat

[therealobsideus]

Actually, any single transaction over $400 was processed at 2.75%. All transactions over a monthly limit of $21,000 was processed at 2.75%, which equals a p.a. amount of around $250,000 a year. So this is essentially a huge blow to the small businesses (restaurants, food carts/trucks, pedicabs, etc etc). And they're selling it as a way for businesses to save money, by keeping the same 2.75% they've always charged per swipe. Oh, and the restaurant I managed (a small hole-in-the-wall) switched to Square's monthly plan because it saved us around $500 a month in processing fees vs phone or broadband based machines. Now I'm going to have to go back to that restaurant, I guess, and help them find a new solution - restaurants are low margin and our owner barely makes a hundred bucks a month of the restaurant, after paying food costs, rent and employing 11 people.

Re:It is not flat

[LynnwoodRooster]

If they're netting $100 at the end of the month, the problem isn't the use of this CC provider or that one - it's a fundamental lack of understanding about pricing of product and cost controls. They are off a few orders of magnitude in terms of profitability to be a going, micro-restaurant business...

Re:It is not flat

[therealobsideus]

There are other problems, sure, but this was easily fixed :P Truth be told, the owner didn't (doesn't) care about the restaurant as long as it doesn't lose her a lot of money. She mostly is across the country catering on-scene locations.

Advertisement

This _might_ deserve a blurb in a payment industry trade rag, but why /.?

Are we covering all merchant fee plan changes in the that industry now?

Re:Advertisement

because iPad.

Re:Advertisement

This may very well deserve to be in a industry rag, but they'd still have to pay for the advert. Crap "story", crap product. Crapdot. Reporting the trash that others won't touch.

Re:Advertisement

[alostpacket]

It may be a bit of an ad, but they are fairly well known in the mobile world as a very successful startup. They have also contributed a ton of open-source libraries https://github.com/square

in other words...

they're adopting the pricing scheme of every other payment processor, including paypal and intuit (both of which have a very similar device and service), google checkout (wallet) and ordinary credit card merchant accounts.

Re:in other words...

Hot damn, one of the two on-topic posts to a slashvertizement gets a -1 Overrated.

Well, at least Bin Laden got what he deserved.

Bitcoin fees...

[hawks5999]

unchanged.

Re:Bitcoin fees...

[Joining+Yet+Again]

The charges for anyone paying with hairs on my genitalia are also unchanged.

And that's a scarce resource produced at a decreasing rate, hard to counterfeit.

WHY AREN'T YOU ALL USING MY PUBES AS CURRENCY, LIBERTARIANS?

What is Square?

[asmkm22]

I can't keep up with all the little new web companies that come out anymore. What are they, and why is this change important? At least mention it in the summary.

Re:What is Square?

[Chas]

Square is a payment processor.

Their "schtick" is including a credit card magstripe reader that plugs into the headphone jack of an iPhone or iPad.

It's actually fairly useful, as it allows all sorts of businesses to take credit cards that would, otherwise, be too small to afford some form of mobile payment acceptance. It also allows the vendor to e-mail receipts to their customers if the customer so chooses.

I use them at conventions as a backup if our normal credit card readers stop working for any reason.

Re:What is Square?

A lot of people think, "Square == iPad == hipster scum," and that's the end of their attention span. Yes, the hipsters had them first, but from the local overpriced coffee shop they spread to the Vietnamese boba tea place and then to all the Chinese take-out joints. I've seen cabbies with the devices in several cities (although I always pay with cash, because I'll be damned if I'm letting some cabbie swipe my card on his phone). It's a big deal for people with large numbers of low price transactions, and for those who accept credit cards only at special events a few months out of the year (i.e. seasonal Christmas merchants). It lets anyone, any mom-and-pop joint, do credit card business quickly and easily, with a free gadget that hooks onto an iPhone or iPad, although the restaurants all have the $300 counter-based version now. Square is much bigger than hipster-scum-trend-of-the-week. That said, 2.75% is worse than some credit card merchant accounts.

The way I understood it (my best friend runs a boba tea joint, and we were talking about Square), you got the $275 flat fee for monthly totals under $250K, which means that you benefit most if you're in the $10K (where flat becomes better than percentage) to $250. Let' say sells drinks for an average of $5/drink, with about 100 customers a night average; at 30 days, that's $15,000, so he's losing $137.50 by switching to percentages. Not going to kill him; he actually does better than the figures above, and his profit margins are obscenely high anyway, but I bet he'd rather give a twenty-five cent raise to his employees than give that money to Square.

Re:What is Square?

[therealobsideus]

The $250k limit is a pa limit. It's actually $21k a month, and any transaction after that goes to 2.75%. Same for any transaction over $400. Running a drink place (coffee shop, etc) - sure, costs are a lot lower. But to that Chinese take out, or the small hole in the wall breakfast joint that is only open from 7am-2:30pm yet manages to employ 13 people... that's a huge blow to the owner who doesn't get much profit (if any) out of the business to begin with. In my small example, switching to Square and using monthly pricing started giving her (the owner) a profit of around $400 a month which she put aside each month to try and expand so she could hire more people.

And here I was...

[thatbloke83]

...thinking that this was a post about the computer game Final Fantasy XIV or something... Turns out it's some stupid I-don't-know-what that can be easily used to steal your credit card info.

Pointless...

Gone

I would cancel this so fast who even needs it.

Free Final Fantasy XIV?

Am I mistaken?

EMV is so much more than chip-and-pin

The EMV standard includes "online PIN", "offline PIN", etc. and every terminal that does EMV is programmed by the issuing bank with their own preferred order of whether to try chip-and-pin first, chip-and-signature first and all of the other variations. BTW, in the UK it would be illegal for "all" new cards to have been chip-and-pin because the 2010 Equality Act requires merchants to accept chip-and-signature cards from persons with disabilities http://www.payyourway.org.uk/special-focus/chip-signature-–-alternative-pin/. Tesco got in trouble over that recently.

Here's an explanation from Visa of why they think chip-and-signature as first choice makes the most sense within the US given the way US telecoms charge, US law, etc http://blog.visa.com/2012/01/13/as-u-s-chip-adoption-advances-visa-provides-guidance/. More or less its because in the US we can afford for terminals to talk to the Visa servers to authenticate the card instead of needing "offline PIN" authentication that the terminal and card can do on their own.

As the US banks are issuing chip-and-signature-first cards to their patrons, you are now free to make jokes about Americans being mentally disabled.

Was I the only one?

[The_Star_Child]

Who thought they were talking about Square-Enix?

Re:Was I the only one?

[ArcadeMan]

I thought this was about FF XI finally going free-to-play.

Not a surprise, was clearly a loss-leader

[krs440]

This shouldn't be a big surprise...the flat rate plan was clearly a loss-leader meant to gain marketshare.

Most of the fee you pay to companies like Square doesn't go to them. It goes towards the "Interchange Fee" charged by Visa, MasterCard, and AMEX. These interchange fees vary based on card type (for example, fees are higher on "reward cards"...that's what funds the "reward"), and transaction type ("card not present", for example, has a higher rate). Check over the interchange fees for Visa and MasterCard, and you'll see that Square doesn't have a lot of room to move below 2.75% and still make money.

The three big players in this "mobile payments" space are Paypal Here (2.7%), Intuit's GoPayment (2.75% flat, or $12.95/M + 1.75%) or, the aforementioned Square (2.75%). At the moment, if you're swiping more than $1295/M, Intuit's $12.95+1.75% would be the best choice...unclear though, how long that plan will be around since it's a loss-leader as well.

The market that's more curious to me is the "card not present" market...payment processors for websites. Stripe seems to be the darling of the Slashdot crowd, but their pricing is horrible. They offer 2.9% + $0.30 per transaction, and won't offer to discount it until you're doing $1M+ per year. Contrast with Paypal's Payment Pro which drops down first to 2.5%+$0.30 once you hit $3k/month, then down to 2.2%+$0.30 once you hit $10k/month. Stripe has a few features that PPP doesn't, but they would need to be real important to you to pay that much more.

Re:Not a surprise, was clearly a loss-leader

[zippthorne]

The confusing thing is that all these companies exist at all. Shouldn't the credit card processing networks themselves be offering these services? Why should my payment go through a shady pseudo-bank (paypal) AND a credit processing network before getting to the real bank actually disperses the money and which I have promised to pay back?

Re:Not a surprise, was clearly a loss-leader

[krs440]

Before the likes of Paypal, Square, etc, things were as you described. A small number of stodgy companies controlled most of the market share for merchant accounts. These companies exist because they saw that the needs of a large part of the market was being ignored.

Re:Not a surprise, was clearly a loss-leader

[Kalriath]

The market that's more curious to me is the "card not present" market...payment processors for websites. Stripe seems to be the darling of the Slashdot crowd, but their pricing is horrible. They offer 2.9% + $0.30 per transaction, and won't offer to discount it until you're doing $1M+ per year. Contrast with Paypal's Payment Pro which drops down first to 2.5%+$0.30 once you hit $3k/month, then down to 2.2%+$0.30 once you hit $10k/month. Stripe has a few features that PPP doesn't, but they would need to be real important to you to pay that much more.

But wait, there's more! An actual bank will probably charge you 2.0%+$0.30 for virtually zero volume (I'm on 2.2%+$0.50 NZD so about $0.40 USD but we're known for being more expensive). Plus, an actual bank will offer you the benefit of the 3DS liability shift (which PayPal/Stripe will not).

So why does anyone use these services again?

Re:Not a surprise, was clearly a loss-leader

[krs440]

At least in the U.S., an "actual bank" doesn't offer a service that will process Visa (Debit+Credit), MC (Debit+Credit), AMEX, and Discover. You're paying for the aggregation into a single API, as well as a single business process for auth, chargebacks, etc. So, paying 2.2% + 0.30 works for me, and I can rationalize the slight upcharge.

Re:Not a surprise, was clearly a loss-leader

[krs440]

Also, don't believe the "Qualified Rate". Chase PaymentTech, for example, says their rate is 1.79% + 0.24. But, there's a big asterisk that the rate applies only to "qualified transactions". Reward cards, for example, aren't qualified, and in many niches, these will account for 30+% of transactions. While they do have their warts, the Stripe, Paypal, etc, don't have these tiers. The rate is what's shown...no tiers, no "qualified rates".

Re:Not a surprise, was clearly a loss-leader

[Kalriath]

What you're referring to that Stripe and Paypal offer is what's called a "Blended Rate" if you get it from a bank. Mine is blended, but I could also opt for what's called "Interchange Plus", where instead I'm charged the Interchange rate (what the issuing bank charged the acquiring bank to process the transaction) plus a margin.

Off-topic, but ...

[thomst]

Slushdot's fortune cookies need a thorough overhaul.

Just as a for-instance, I keep seeing "There's no such thing as a free lunch" attributed to Milton Friedman. Phrase finder attributes the original statement to journalist Paul Mellon, in a January, 1942 editorial response to a speech by then-vice-President Henry Wallace. It notes that the phrase is associated with Friedman only because he appropriated it as the title of his 1975 book - but he would have been in grade school when Mellon's editorial was first published.

That's far from the only sin of mis-attribution (or, much worse, non-attribution) in the fortune database. I'm CONSTANTLY seeing quotes from Bill Griffith's fabulous Zippy the Pinhead strips (mostly Zippy's own non-sequiturs) show up without attribution to either Griffith (their actual author) or Zippy (his mouthpiece). The same is true of many great Steven Wright lines - and there have to be plenty of others whose authors I don't recognize.

Full disclosure: I'm a writer. Proper attribution is important to me. I'm known for the extent to which I research my work - which makes proper attribution all the more important from my perspective.

Re:Off-topic, but ...

[krs440]

Attribution can be tricky. You seem pretty sure that the original statement should be attributed to Paul Mellon, and mention it's from January, 1942. What about this? http://news.google.com/newspapers?nid=1144&dat=19380705&id=ZysbAAAAIBAJ&sjid=BE0EAAAAIBAJ&pg=1516,6094461 It's the July 5th, 1938 edition of the Pittsburgh Post Gazette, specifically, a story entitled "Economics in Eight Words". The last line is "There ain't no such thing as free lunch". I assume that the difference of "There aint" vs "There's" and the missing "a" aren't terribly important. I have no idea if this is the first occurrence of it either.

Re:Off-topic, but ...

[thomst]

krs440 noted:

Attribution can be tricky. You seem pretty sure that the original statement should be attributed to Paul Mellon, and mention it's from January, 1942. What about this? http://news.google.com/newspapers?nid=1144&dat=19380705&id=ZysbAAAAIBAJ&sjid=BE0EAAAAIBAJ&pg=1516,6094461 It's the July 5th, 1938 edition of the Pittsburgh Post Gazette, specifically, a story entitled "Economics in Eight Words". The last line is "There ain't no such thing as free lunch". I assume that the difference of "There aint" vs "There's" and the missing "a" aren't terribly important. I have no idea if this is the first occurrence of it either.

If you read the reference I cited (pause for derisive laughter from the peanut gallery), you'll note that IT draws a distinction between the two formulations. Like Friedman with the more formal phraseology, Robert A. Heinlein is frequently credited with "There ain't no such thing as a free lunch." In fact, he DID come up with the acronym TANSTAAFL (in his 1966 novel The Moon Is a Harsh Mistress), which is now widely used, but, as you point out, he certainly didn't coin the parent observation.

So, yes, proper attribution can be obscure. But I still say that's NO excuse for obvious mis-attribution, and no excuse whatsoever for leaving out attribution of living authors' _bon mots_ altogether - especially when the source of those IS indisputable.

Re:Off-topic, but ...

[krs440]

Sorry, you lost me. I did read your reference. Yes, it mentions the variation, which is what cause me to do a little searching to see the earliest documented reference I could find with minimal effort. I'm clearly not the expert you are on attribution. However, as a layperson, crediting Paul Mellon for a minimally reworded version of a phrase doesn't seem much better than crediting someone who bothered to use it for a book title.

Re:Off-topic, but ...

[thomst]

krs440 stated:

Sorry, you lost me. I did read your reference.

The aside was directed at the peanut gallery - not at you. (Your user number indicated that you ought to be familiar with the /. habit of responding to postings without having first read the article to which they refer. It's practically an article of faith around here. The notion that the gallery would bother to read a link posted within a comment is still less likely. Your research citation made it pretty clear that you're the exception that proves the rule.),/p>

Yes, it mentions the variation, which is what cause me to do a little searching to see the earliest documented reference I could find with minimal effort. I'm clearly not the expert you are on attribution. However, as a layperson, crediting Paul Mellon for a minimally reworded version of a phrase doesn't seem much better than crediting someone who bothered to use it for a book title.

Again, they're not the same quote. "I love it!" and "I'm lovin' it! (tm McDonalds) are not the same statement. They may well MEAN the same thing, but they are not the same quote.

I'm not a particular partisan of Mr. Mellon. If you can find an earlier citation for his exact statement, I'll happily acknowledge it. I'm equally sanguine about accepting that the "ain't" variant came first. My concern is with /.'s fortune file being RIFE with shit like this. Mis-attribution and non-attribution are equally bad things. The editors take a lot of heat for maladroit editing, but nobody (except me, and now thee) seems to have noticed that the fortune cookie database is as full of crap as the articles - and then some. It bothers me more than somewhat, and I thought it was overdue that someone pointed it out.

As it happens, that someone turned out to be yours truly.

Square was there to lose the money

[YesIAmAScript]

The credit processing networks didn't offer an equivalent service because doing so would cause them to lose money.

Money losing market-niches are generally rather sparsely occupied.

Now I guess Square is established enough they are going to vacate that niche too.

'good' news

[Laconique]

For our business, we have been using Square only because of that pricing model. Their customer service is one of the worst I have ever encountered (they think Twitter is a good place for businesses to discuss credit card processing publicly), they make a lot of decisions that are cute but either useless or in fact make things worse and less productive. I have been so frustrated with them for months but couldn't go elsewhere because of the rates. This change sucks but at least now I can walk away without any problems.

Signature debit

[tepples]

I don't know about Canada, but my Chase (U.S.) debit card has a Visa logo on it and works with any merchant that takes Visa cards. Or are you referring to EFTPOS-only debit cards that can't be used in a machine that takes signatures?

Re:Signature debit

[BalthCat]

Canadian debit cards work almost universally via the Interac system, which is a PIN protected EFTPOS-only network. Only recently have your foul CC perversions made their way to this side of the border. (They use the same machine though, so I'm not sure what you mean by "machine that takes signatures". I'm assuming a mag stripe CC does the same handshaking as Interac, except it doesn't check a PIN and relies on the laughably insecure singature instead.) My bank recently issued me an online VISA debit card, which is even wierder and less secure! No mag stripe, no chip, no PIN, for internet use! I guess that's Interac's fault for not evolving fast enough I guess?

CVV2 = credit card PIN

[tepples]

Canadian debit cards work almost universally via the Interac system, which is a PIN protected EFTPOS-only network.

ATM cards likewise use PIN protected EFTPOS through the PLUS and Cirrus networks, which behave like Interac. It's just that because more shoppers demand to use an actual credit card than an "ATM card" at a retailer, U.S. merchants have by and large chosen to join the credit card networks more often than PLUS and Cirrus. Grocery chains here in the States tend to be on both the credit card networks and the EFTPOS networks.

I'm assuming a mag stripe CC does the same handshaking as Interac, except it doesn't check a PIN and relies on the laughably insecure singature instead.

The magnetic strip of a credit card has a CVV1, a number that's not printed anywhere on the card and helps distinguish swiped transactions from keyed transactions. The signature mostly provides more evidence of intent in a fraud case.

No mag stripe, no chip, no PIN, for internet use!

Cards for Internet use have the CVV2 number on the signature panel, which acts as a slightly less secure PIN to confirm that at least the card was present. Merchants that store credit card numbers MUST NOT store the CVV2.

Re:CVV2 = credit card PIN

[BalthCat]

Yeah, my client cards have Cirrus/PLUS logos, or at least one of them. I've used my bank card in the US that way.

I never considered CVV1 to be that secure, because all you need is the card to commit the fraud. The signature is practically useless. The CVV2 is the same, because it's ON the card in question. That's why I like Interac so much by comparison, it always requires the PIN. (Well, OK, now it has a tap-thing where you can make small purchases without a PIN.) I have lost my Interac client card so many times I'm on #31 (the temporary replacement card they give you counts, so I've probably actually lost around half of that number) and none of the lost cards has represented a significant security risk as far as I'm aware. I've lost fewer credit cards, but that's a combination of using them less, not having them as long, and worrying about them more (probably in that order), but each one could have been used at a merchant and undoing the damage would have been annoying at best.

Considering the success of Interac in Canada, I don't think there's a GOOD excuse that CCs have taken so long to go PIN, and that chip tech has taken so long to cross the Atlantic. I do hear that US banking's a mess because it is (or was) a Frankenstein patchwork of organizations, but that's not a GOOD excuse :P