Square Debuts New Email Payment System

cagraham writes "Mobile payment company Square — best known for their smartphone credit-card swipers — has launched a new payment service called Square Cash. The service doesn't require users to sign up or make an account. Instead, they just email the person they'd like to transfer money to (with the amount as the subject), and CC 'cash@square.com.' Square asks the sender for their debit card info, and then sends a link to the recipient, who can transfer the money into any account they want within 1-2 business days."

Interac

[neoform]

Isn't this exactly the same thing as an Interac e-Transfer [wikipedia.org]?

I've been sending money via email for many years this way.

What could possibly go wrong?

[Shirogitsune]

Obviously this is a front for the NSA so they can get rid of the traditional means of tracking bank transactions and just lump it all into the haystacks of email data the already collect! Government efficiency at it's finest! Brilliant!!

So can I send myself an email?

[gameboyhippo]

What's stopping Eve from sending herself an email from a novice computer user and having said user give out their card info? Since anyone can send an email using any email address, this feels problematic.

Re:Interac

[Catskul]

There are many systems like this including POP money. The difference AFAICT is that this does not require bank participation.

Re:Really?

[hawky]

We tried it. My co-worker sent me $15. After the initial email, we both tied our debit cards to our email addresses, and I had the funds in my account in less than 5 minutes. Since our cards are now linked I imagine it will be even quicker in the future.

Re:Training users to click on links in their inbox

[Animats]

How many times must people be hit in the head with a clue bat before they understand that this is a Bad Idea[tm]

Big companies are encouraging this, by sending emails that meet all the criteria for phishing emails. I just got a receipt email from Virgin Mobile after making a payment. The path taken by the mail goes through "mh.nextel.m0.net", "oms16.dc1.prod" (which isn't even a valid TLD), and "cmil278.amdocs.com". The mail text is base-64 encoded HTML only, no text version. That just screams "hostile code".

How are people supposed to recognize phishing emails with legit companies sending crap like that?

"m0.net" says on their site "This domain is owned by Acxiom Digital, a leading provider of email marketing solutions for Global 2000 enterprises."

Re:Really?

[pepty]

Were there debit card fees from the banks, etc?