The Square service was officially launched in October 2010 and claimed some 165,000 active accounts as of January, Litan said.
Paul Rasori, senior vice president of global marketing at VeriFone, today said the company decided to make its claims public because the number of free Square card readers in use continues to grow.
VeriFone sells a similar device and fears that consumers will abandon all such technology due to potential security problems, he said. "They have been sending out these card skimmers to anyone who asks for them," Rasori said. "They have created a huge problem. We felt compelled to nip it in the bud."
Rasori said that VeriFone's mobile card reader encrypts cardholder data the moment a card is swiped, keeping it safe from malicious applications created to steal card data.
He said that VeriFone did not formally notify Square about its security concerns prior to going public with them today. He contended that Square has known about this issue for some time.
Litan and others, though, faulted VeriFone's approach and said it was unusual for a technology vendor to disclose a security vulnerability publicly before giving the other a chance to respond.
"We don't see this very often. You can't help but wonder if this is all being driven by competitive worries," she said. "Square is a very unique payment system, and credit card brands are worried about all this innovation" and the threat it poses to traditional payment systems, she added.
Sign up for Computerworld eNewsletters.