Snapchat to launch Snapcash to send Money to Friends

Mobile messaging company Snapchat is launching a new service that lets users send money to one another, in a partnership with online payments company Square.

The service, dubbed Snapcash, allows Snapchat users to link their debit cards to their accounts and quickly send money to a contact by starting a chat on a smartphone, typing in a dollar sign and an amount and hitting a green button, Snapchat has explained recently.

The move marks the latest sign of expansion plans for Los Angeles-based Snapchat, which lets users exchange photos that automatically disappear after a few seconds. The company has been valued at $10 billion in its most recent fundraising effort, and is considered a growing threat to Web companies including Facebook and Twitter.

“We set out to make payments faster and more fun, but we also know that security is essential when you’re dealing with money,” Snapchat said.

The company said that debit card information will be stored by Square and that Square will process the payments, transferring money between bank accounts. Snapchat said Snapcash is available in the United States for users age 18 and above.

Researchers discover How to Steal Credit Card Data using Square

Researchers attending the Black Hat security conference have demonstrated two ways in which Square - a mobile gadget that enables Android, iPhone, iPad, and iPod touch users to accept credit card payments - can be hacked to steal credit card data, with very little technical hardware required and "no technical skills at all."

Adam Laurie and Zac Franken, directors of Aperture Labs, discovered that due to a lack of encryption in the current Square app and free dongle for swiping cards, the mobile payment system can be used to steal credit card information, without even having the physical credit card.

Square works by converting credit card data into an audio file that is then transmitted to the credit card issuer for authorization.

In order to bypass the need to swipe a card, Laurie wrote a simple program - in less than 100 lines of code - that enables him and Franken to feed magnetic strip data from stolen cards into a microphone and convert that data into an audio file. Once that file is played into the Square device via a $10 stereo cable, the data is sent directly to the Square app for processing.

Laurie and Franken's hack proves that the Square app cannot distinguish between a true swipe on the dongle and an audio file fed to the app without swiping. In theory, the team could buy stolen credit card data in underground online markets and start up a practically skill-free criminal shop.

The duo was also able to pull money from a Visa gift card that is not officially allowed to be "cashed out."

Square is due for an update and Franken noted that he heard the company is planning to release new dongles that encrypt credit card data.