Just How Secure is the New 'Square Cash' Money-Transfer App?

The Square Cash service makes transferring money as easy as sending an email. But is it secure? CIO.com blogger James A. Martin says the security in place looks solid but could definitely be stronger.

Square Cash is an amazingly simple, free service that lets individuals exchange money. It’s so simple, though, you may wonder just how secure it really is. Square is the company that developed the Square credit-card reader. If you’ve ever bought a meal from a food truck or a fancy coffee from an upscale java joint, you’ve probably swiped your card through a Square reader.

The free Square Cash app is available for Android via Google Play and iTunes for iOS, or you can visit Square's website to download the software. To get started, you just enter the amount of money to send, up to $250 per week or, if you qualify, up to $2,500 per week.

Square%20Cash.jpg

Next, you enter the cash recipient’s email address. (Square Cash can access your contacts to simplify this process.) Then you hit the send button.

For your first Square Cash transaction, you’re asked to enter Visa or MasterCard debit card information. You don’t have to enter these details again after your initial transfer. And that’s it. You’re done.

The recipient receives an email notification that explains who sent the money and the amount. All they have to do is click the "Deposit Cash" button in the email and then enter their Visa or MasterCard debit information the first time they use Square Cash. The transfer takes one to two business days.

Neither party has to create a Square Cash account, and the transfer really is as easy as sending or opening an email. Neither party pays Square a percentage of the transaction. PayPal also offers free person-to-person payments, as long as the funds come directly from a personal bank or PayPal account. Using PayPal isn’t hard—but it’s not as easy as Square Cash, that’s for sure.

So just how secure is Square Cash?

Square says information submitted by customers is "encrypted and submitted to our servers securely, regardless of whether you're using a public or private WiFi connection or a data service on your phone (such as 3G, 4G or EDGE)."

The Square Cash service is compliant with PCI Data Security Standard (PCI-DSS) Level 1. When transferring data, Square uses standard protocols such as SSL and PGP and requires cryptographic keys of least 128 bits in length. You can read more about Square’s network and server security here.

While all that sounds good, I wish the app came with its own optional passcode lock, which really seems like a no-brainer. Judging from comments on the Square Cash Google Play download page, I’m not alone here.

I feel fairly comfortable with Square's security, and I plan to use Square Cash on occasion. But we all know that email can, and does, get hacked.

This much is clear: Short of handing over dough, Square Cash is the easiest way to pay and get paid using a mobile app.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO October 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.