Are you concerned about a malicious employee using their own iphone to steal the money? Why couldn't they give you their own square terminal? On that note, when you pay cash why can't they just pocket whatever you give them?

I don't see why you care anyway, they would be stealing from the store, not from you. You would already have whatever item you are buying.

A colleague of mine owned a lunchstand, where the cook brought in his own receipt printer and used it for a large portion of daily business, and later bought the business.

Because I can somewhat trust the Square terminal will show the correct amount? If I swipe some random persons iPhone, whats stopping them from showing a $10 total and charging $1000?

Is the iPhone gonna print a receipt?

This is an interesting to think about. Say you're at an ice cream stand that has a Square Reader (the little square hockey puck reader) that's paired with an iPhone running Square's payment reader.

The merchant rings you up for $5, shows you the phone in their hand indicating the cost, and the Square Reader lights up to show it's ready for payment. You pay via inserting your credit card, which processes in a few seconds, and then the payment is complete. The merchant is no longer showing you the phone, and presumably hits "No Receipt".

However, the merchant actually has a second out of sight device that is set to charge $500 and is actually paired with the Square Reader. Because you've paid with a physical card, there's a good chance you won't notice the charge till you go to pay your credit card or check your bank account.

This would probably be a short-lived scam, as the merchant's malicious Square account would have to be linked to a bank (I think this is the only option), which would identify them. I'm pretty sure Square requires ID verification of some sort as well. So reporting this malicious transaction to your bank/credit card would flag them.

Additionally, if you're paying via a mobile wallet, you'll likely get an immediate notification saying "You paid $500 to Malicious Ice Cream Vendor".

Now let's think about Apple's new plan. It could be that Apple layer's it's own mandatory interface that shows "Pay $5 to Ice Cream Vendor" regardless of the app being used. Maybe this is actually the employee's phone instead of the company's device, but that's the same as the employee stealing cash out of the register, so not really your issue.

Or Apple could not layer it's own UI, and just open up the radio as an API. Apple could require that apps that use this API to have some additional verification to prevent someone from making an app that displays "Charge $5" when it's really charging $500.

All that being said, I only see smaller merchants using iPhones + Square Readers. Maybe some boutique stores, food trucks, etc. Once a store gets large enough, they usually want dedicated hardware, even if it's a Square Stand.

---

Here's Square's hardware page if you want visuals: https://squareup.com/au/en/hardware

Wouldn't you just get a notification on your phone from your credit card or bank app to say how much the transaction is for and to whom. Then you'd know straight away that something is wrong.

Can’t you turn on in your bank app to get a push notification immediately on every transaction? I have this turned on for both of my credit card accounts, so literally within a second or two of tapping or inserting (whether physical card, or Apple Pay on the watch or phone) I get a notification telling me how much was just charged to my card.

Useful for double checking that something hasn’t gone wrong and I haven’t been charged the wrong amount! I’d also see if a fraudulent transaction went through.

Why do I currently trust any contactless payment terminal to debit the right amount from my Visa card ? The trust is built with every transaction.

The first time I used one of those strange little white terminals it seemed a bit dodgy ... but you pretty quickly come to trust that what's on the screen is what gets debited.

Also I doubt Apple would leave a nice app-accessible text field on the Tap To Pay dialog where I can insert my fake amount. Right ?!

You don't have to trust them, you trust your credit card company. All you have to do is tell them its fraud and the charge goes away.

So, yes, it is a concern about a malicious actor. Likely an employee, but hey, with just an iPhone and a big enough store, can't anyone just pretend to be an employee?

I would like to go to a store where I trust the business, the employee, and the entire pipeline. I understand that is idealistic, but yes, this is how I feel. It's like saying "why do you care if the employee is underpaid, you're saving money", which describes the whole tipping culture in the US.

To accept the payment successfully you must have a merchant account and have completed some KYC with one of Apple's payment partners though, surely?

Square readers are dirt cheap, like $60 or less. If an employee wanted to defraud their workplace like that, it's no barrier. They'll be caught when the shop reconciles things.

Why would you need a special surround? And why is that an issue for you the consumer?

A bunch of the Square payments are done using a company owned iPad that sits in a Square holster