Square launched at Starbucks today, and it is an interesting step forward in the world of mobile commerce – not just for Starbucks, but for other Square retailers.
For all of the good and not-so-good features of Square’s new app, remember that it is Square’s “Model T Ford.” They are just getting started in the world of feature-rich apps for consumer use. Also, integration with traditional POS systems is new for Square. Overall, this is a good start that Square will use as a foundation for future development. Here are the eight key elements of Square’s new smartphone app, including its use at Starbucks:
1) IT WORKS: The fact that this system functioned on launch day is remarkable, given Starbucks’s 7,000 stores have been working on this implementation for only three months. There is always the possibility of a major software problem with the product launch on such a large-scale. But, software glitches did not happen with Square & Starbucks. [Do you have information to the contrary? Just comment on this article.]
2) SECURITY AT STARBUCKS: So far, Starbucks is using a static QR code solution, similar to the method used with Starbucks’ original app. But Square adds another layer: Geofencing. The idea is that if you are not standing near (or in) a Starbucks, the Square app will not let you pay. Unfortunately, if someone steals a screenshot of my Square QR code, the stolen QR code will work at POS whether the authorized phone is at that location or not – which was a small source of fraud for Starbuck’s original app. In the future, an obvious upgrade for Square is to reject a transaction if the QR code and the geolocated phone are not at the same place at the same time. Even if you are not in a Starbucks, a bad guy can steal your QR code by simply putting your phone into ‘airplane mode.’ Why? Without a network connection, the Square app automatically displays the Starbucks QR code. So, Square did not create any new security problems compared to the original Starbucks app, but Square did not yet fix this problems either.
3) SECURITY AT OTHER RETAILERS: According to the Square app, a customer should be able to go to any retailer that uses the Square dongle and say, “Put it on [your name here].” In theory, an image if the customer’s face should appear on the merchant’s Square-enabled mobile device, and the merchant should be able to process the transaction with neither the customer’s square app, nor the customer’s credit card; just a password. Square calls the feature “Hands-Free Checkout.” Unfortunately, none of this seems to work yet, despite what the
Square app claims. The retailer I visited had no option on their square app to allow for this, and they had no updates to the retailer’s Square app available to enable this. [If anyone has used this successfully, please leave a comment.] The square app lists all of the local merchants that use the Square dongle, but none of these merchants are compatible with the Square app or the pay-by-face feature…yet.
4) NO STORED VALUE CARD. To use the Square product, the funds come from a credit/debit card that you link to the app. So there is nothing for the customer to reload, unlike Starbuck’s original app, which is convenient. But, that means there is no buffer either. One of the security layers that I enjoyed about the original Starbucks app is that I replenish funds manually (not automatically). So, at any given moment, I have about $30 available on my Starbucks App – if someone steals it, $30 is all they can get. Square, however, is linked to a credit card that has an available balance of much more than $30, which means that technically my exposure is a lot more, too. As Square adds more security layers to their app, and to their POS software, that concern will dissipate. And when the Square software allows the cashier to see my picture on their screen (an upcoming Square feature), that concern is virtually eliminated.
5) RECEIPT ON MY PHONE. This is a convenient feature. As Square migrates to other retailers, the application will be obvious; no more paper receipts to retain because all of the data is available on the Square smartphone app.
6) FULL MENU: This is simple but convenient feature. All of Starbucks’ menu items are easily visible through the Square App.
7) NO LOYALTY PROGRAMS, YET. I like my stars on the Starbucks app. They are credited automatically whenever I use my Starbucks app, and I get the (nearly) instant gratification of being able to see the reward points – little gold stars – accumulate on the Starbucks app. Square does not yet have the ability to add ongoing reward programs, although some retailers are able to offer discounts through the Square app.
8) NOT EMV COMPATIBLE. This debate is only getting started: Is a cloud-based transaction (like Square) inherently less secure than an EMV transaction? We have plenty of data that tells us the EMV is more secure than a magnetic stipe card (witness the sustained 70%+ drop in face-to-face fraud in the UK). However, we have no such data showing that applications that store credit cards in the cloud (like Square) are more or less secure than EMV transactions. We know that the current QR codes used by Square are much less secure than EMV, but Square can fix that as new technology like NFC/TSM and biometrics become more available for consumers and merchants alike. Square’s ‘pay-by-face’ method is actually a bio-metric solution, which will be effective in fighting face-to-face fraud.
Regardless of the shortcomings of Square’s 1.0 app, I am confident that future iterations of the Square app and Square POS will overcome these hurdles, and add many more benefits for the consumer. Stay tuned to Square; they are only just getting started.
DIY CyberGuy with David W. Schropfer 
Published by