Quote:
Originally Posted by Rathji
Just to further clarify. Email is built in such a way that it can't really be secure without a large amount of extra work on both client sides. If all you are doing is CCing this address in an email, none of those precautions could possibly be taken.
|
The good news is that email providers like Google has anti-spoofing measures for Gmail.
But that's beside the point. I'm certain that Square, a company with the sole purpose of building software dealing with money, didn't build a money transfer platform solely based on "From" field in the SMTP.
There are a lot of interesting ways to defend against vulnerabilities such as using machine learning to detect fraud. Square hires some of the best engineers in the world and they have a dedicated security team to detect and prevent fraud. I'm sure they're using sophisticated techniques to protect their platform from simple vulnerability like email spoofing. I'm sure that was the first thing that every engineer at Square brought up when they started building this platform.
Here's more information about Square Cash security. You can tie in your mobile number to get a text confirmation.
https://squareup.com/help/en-us/arti...-cash-security