I'm not sure if I'm missing something, but desensitising the general public to devices that their card is being scanned through (and occasions where that might be appropriate) will surely lead to to an increase in card fraud.
What's to stop someone jailbreaking an ipad, writing a custom fake ui, clipping in a square scanner, and writing off a days worth of cheap merchandise down at the park for a haul of card details?
If this becomes common, will credit card companies still offer the same guarantees on transactions?
> What's to stop someone ... writing off a days worth of cheap merchandise down at the park for a haul of card details?
The fact that stolen credit card numbers, even with a full billing address and CVV2 code are still only worth a couple dollars on the black market. Your setup wouldn't even capture that, so your merchandise is probably worth more than the numbers. And you're putting yourself at pretty serious risk of getting caught by running this scam in person, when it's much easier to do some kind of phishing scam online anonymously, with more valuable results.
Stolen credit card numbers just aren't very valuable. If you're not living in a nation with an ineffective or corrupt legal system, what are you going to do with the numbers without a high risk of getting caught? Making your own plastic cards and magnetic tracks is expensive and you end up on security camera video using them. Ordering anything tangible online means linking your fraud to your physical location one way or another. You can order a bunch of porn or other intangibles, but that's a pretty low reward for all the risk.
In the end, it's a moot point anyway. Normal credit card terminals can be bought on eBay for less than an iPad and can be used for card theft just the same.
In europe we use chip and pin, so a fake app could collect the pin directly. If someone was to harvest 30 cards with pin, could they then visit an atm directly? Perhaps I'm underestimating the difficulty of cloning cards. If that is possible, CVV2 would be unnecessary.
I hear your point about normal credit card terminals being available. As a european I wouldn't expect to see one on a stall by the side of a road though, and would normally be suspicious of anyone suggesting that they accept credit cards under these conditions.
Perhaps I'm underestimating the difficulty of cloning cards.
I don't know how the bank cards work, but here in Portugal we now have a citizen's ID card that looks much like a bank card and can actually do cryptographic operations itself - it has a private RSA key that it can use to sign and encrypt data by request of the card reader. It's essentially impossible to clone the card, at least without breaking it.
EDIT: According to this article[1], PIN-and-chip bank cards are similar to what I'm describing.
And that's why you need a separate terminal to enter your PIN (at least here in the UK, although I'm fairly sure that also applied in Europe), and the PIN number is never transmitted to the actual POS application, just a token indicating success or failure.
Right, but in this instance the 'terminal' to confirm your pin and POS application are one and the same, and ultimately just replaceable software on an iOS device.
What's to stop someone jailbreaking an ipad, writing a custom fake ui, clipping in a square scanner, and writing off a days worth of cheap merchandise down at the park for a haul of card details?
If this becomes common, will credit card companies still offer the same guarantees on transactions?