Square Cash Transfer over email - Calgarypuck Forums - The Unofficial Calgary Flames Fan Community

Brannigans Law · 10-17-2013, 07:53 AM

http://www.webpronews.com/square-cas...-email-2013-10

Quote:

Back in May, mobile payments company Square teased Square Cash – free money transfers via email. At the time, it was an invitation-only service. “Forget the ATM,” said Square.
Well, today’s the day – Square Cash is now live for all U.S. debit card holders. Square Cash offers free (yeah, free) money transfers via email with no account signup – all you need is an email (any email client will do) account and a debit card.
Square Cash is ridiculously easy to use. To send someone money, all you have to do is send them and email and Cc cash@square.com. In the subject line of the email, enter the amount you wish to transfer and then send the email. Upon your first money transfer, Square will prompt you to give them your debit card number. After that, it’s smooth sailing.

Haven't tried it yet but looks pretty awesome. Free for now too.

fundmark19 · 10-17-2013, 07:55 AM

"Well, today’s the day – Square Cash is now live for all U.S. debit card holder"

Does it even work in Canada?

Nsd1 · 10-17-2013, 10:53 AM

Don't all the large banks in Canada have interac e-transfer? It's pretty easy to use and it only costs a dollar a transfer.

topfiverecords · 10-17-2013, 11:09 AM

Interac e-transfer is just as easy and feels safer. There could be huge fraud with Square. Anyone that knows you use it could spoof your email address and send themselves funds from your account.

Northendzone · 10-17-2013, 05:08 PM

Personally, I can't see why I would use a 3rd party to do something my bank already does.Kevin O'Leary would poop all over this company if they were to ever venture into the Den.

FlamesPuck12 · 10-18-2013, 03:18 AM

Quote:

Originally Posted by topfiverecords

Interac e-transfer is just as easy and feels safer. There could be huge fraud with Square. Anyone that knows you use it could spoof your email address and send themselves funds from your account.

Quote:

At first glance, you might assume that an SMTP-spoofing program could convince Square that you’re sending money from an email address that isn’t yours. "When we built the product we were all thinking of the same thing," says Grassadonia, "but the product is 100 percent secure. Nobody is going to get taken advantage of via spoofing." Working within the existing structures of email is clever, but could be intimidating for some new users, who will have to take Square on its word.

http://www.theverge.com/2013/10/15/4...iphone-android

Hanni · 10-18-2013, 08:53 AM

Quote:

The company declined to provide any details about its anti-spoofing methods

Just trust us, don't worry about it.

Russic · 10-18-2013, 09:04 AM

^^ To be fair, they probably shouldn't divulge those.

Rathji · 10-18-2013, 10:44 AM

I wouldn't trust something like that unless they told me how it works, so I could confirm that it didn't have any major holes in it.

Security by obscurity isn't security at all.

Hanni · 10-18-2013, 01:22 PM

Quote:

Originally Posted by Russic

^^ To be fair, they probably shouldn't divulge those.

If that's the case then I have no problem paying Interac $1 for a transfer if it provides me some more peace of mind.

Don't get me wrong it's an interesting idea but I certainly wouldn't be jumping in at the outset.

Rathji · 10-18-2013, 10:14 PM

Just to further clarify. Email is built in such a way that it can't really be secure without a large amount of extra work on both client sides. If all you are doing is CCing this address in an email, none of those precautions could possibly be taken.

FlamesPuck12 · 10-18-2013, 11:11 PM

Quote:

Originally Posted by Rathji

Just to further clarify. Email is built in such a way that it can't really be secure without a large amount of extra work on both client sides. If all you are doing is CCing this address in an email, none of those precautions could possibly be taken.

The good news is that email providers like Google has anti-spoofing measures for Gmail.

But that's beside the point. I'm certain that Square, a company with the sole purpose of building software dealing with money, didn't build a money transfer platform solely based on "From" field in the SMTP.

There are a lot of interesting ways to defend against vulnerabilities such as using machine learning to detect fraud. Square hires some of the best engineers in the world and they have a dedicated security team to detect and prevent fraud. I'm sure they're using sophisticated techniques to protect their platform from simple vulnerability like email spoofing. I'm sure that was the first thing that every engineer at Square brought up when they started building this platform.

Here's more information about Square Cash security. You can tie in your mobile number to get a text confirmation.
https://squareup.com/help/en-us/arti...-cash-security