Industry News

At the Black Hat conference in Las Vegas this week, computer security experts Adam Laurie and Zac Franken demonstrated how to convert stolen credit card numbers into cash using popular Square personal credit card readers.

Square products allow people to accept credit card payments through mobile devices. Users are sent a reader called a dongle that sends swiped card data to an online Square account. Because the dongle plugs into a mobile device’s audio jack, Laurie and Franken realized it must convert credit card magnetic stripe information into an audio file.

Laurie had already written a program, Makstripe, that could capture credit card information and turn it into an audio file. By running an audio cable between his iPad and a computer running Makstripe, he was able to send a random credit card number as an audio file to Square, which accepted it and deposited a payment into Laurie’s account.

Laurie said criminals can set up untraceable accounts on Square and purchase cheap credit card numbers on the black market. For the 2.75 percent Square commission, the criminal can convert those credit card numbers to cash.

Square’s newest dongle encrypts credit card data, according to InformationWeek. Laurie said the app still accepts unencrypted information.

In other Black Hat news, researchers unveiled a homemade remote-controlled plane that intrudes on wireless networks it flies over, collecting high value information transmitted online, like credit card numbers.