I don't know if you can just intercept an email, preventing it from reaching its' final destination. I know you can intercept it and read a copy of it. I don't see any more risk in this setup than traditional systems. If your system is that compromised there are several ways to get your card information directly as opposed to working within a system that has the attacker's debit card (read: bank account not credit account) attached for deposits.
I don't think any system is protected perfectly from theft, real cash included. Square Cash works smoothly. I'm curious what information they're getting that makes waiving charges worth it.
When I hit the link card button, it brought me to a secure site and asked for my debit card #, expiration date and zip code. No name or anything else.
Once I filled in the info and hit confirm we both received another round of emails.
She clicked on the link to deposit cash and was given the same screen asking for a debit card number, exp. date and zip code. Nothing else.
After she confirmed, another round of emails went out.
I sent another $5 to her account to catch screens from the website. Turns out when you're already linked an account to your email, you just get an email asking to confirm instead of having to relink your bank account. Once you hit the confirm button, money is sent.
She received an email waiting for me to confirm and an email saying that funds were deposited with the same text as before. She didn't have to do anything for the second payment and it was deposited into her account once i confirmed.
Slashdot Mirror
Because you get another email from Square asking you to confirm.
To: friend, Cc: square, Subject: $5, Body: anything
Receive email from square with a link for debit card info the first time you do it
Done
Receive email from friend sending you $5
Enter debit card info into link first time you do it
Done
From that point on, anytime you send that email or receive funds, it'll happen automatically
To: friend, Cc: square, Subject: $5, Body: anything
Done
I don't know if you can just intercept an email, preventing it from reaching its' final destination. I know you can intercept it and read a copy of it. I don't see any more risk in this setup than traditional systems. If your system is that compromised there are several ways to get your card information directly as opposed to working within a system that has the attacker's debit card (read: bank account not credit account) attached for deposits.
I don't think any system is protected perfectly from theft, real cash included. Square Cash works smoothly. I'm curious what information they're getting that makes waiving charges worth it.
I sent my girlfriend $5 to try it out. It went down like this.
Send an email to her composed as such:
To: girlfriend@gfmail.com
Cc: cash@square.com
Subject: $5
Body: Ladida whatever
She received the email, and immediately afterwards we both received an email stating I was sending her funds.
My Email: http://imgur.com/f264wIG
Her Email: http://imgur.com/F8GhpJ9
When I hit the link card button, it brought me to a secure site and asked for my debit card #, expiration date and zip code. No name or anything else.
Once I filled in the info and hit confirm we both received another round of emails.
Mine: http://imgur.com/vDFnETA
Hers: http://imgur.com/nEaJdd5
She clicked on the link to deposit cash and was given the same screen asking for a debit card number, exp. date and zip code. Nothing else.
After she confirmed, another round of emails went out.
Mine: http://imgur.com/4shFvyz
Hers: http://imgur.com/88Xprw4
The charges appeared instantly on our two accounts as follows.
Mine: http://imgur.com/bNHDB5u
Hers: http://imgur.com/Pz6V7On
I sent another $5 to her account to catch screens from the website. Turns out when you're already linked an account to your email, you just get an email asking to confirm instead of having to relink your bank account. Once you hit the confirm button, money is sent.
My confirm email: http://imgur.com/vxoiS7t
She received an email waiting for me to confirm and an email saying that funds were deposited with the same text as before. She didn't have to do anything for the second payment and it was deposited into her account once i confirmed.
There were no charges or fees at all.