Home News Square Digital Receipts: Sensitive Information Routed Incorrectly, Embarrassingly

Square Digital Receipts: Sensitive Information Routed Incorrectly, Embarrassingly

TL;DR: Merchant mobile payment company Square, Inc. “has forwarded receipts documenting transactions as mundane as a cup of coffee and as sensitive as an obstetrician’s visit to people who were uninvolved in the purchases,” according to The Wall Street Journal (WSJ). “In some cases, neither the purchaser nor the recipient could say why Square sent receipts to the people it did,” causing embarrassment and potentially worse. The company does not verify contact information it has from cardholders.

Square Digital Receipts Sometimes Go to Unintended Recipients

Square has access to mountains of users’ data, small businesses racking up hundreds of millions of debit card and credit card swipes, detailing spending patterns unrivaled by any other tech company in its class. The company also mixes such data with contact details from users unaware they need to opt-out of the Square’s digital receipt program in order to not contribute to consumer behavior profiles.

Besides the obvious honeypot danger, add to it the problem of those receipts landing within inboxes of people not directly associated with transactions. The unintended consequence can lead to all manner of public announcements most would just assume stay between themselves and the immediate merchant.

Square Digital Receipts: Sensitive Information Routed Incorrectly, Embarrassingly

As Peter Rudegeair explains, “digital receipts could be received by the wrong person for a variety of reasons, including consumers sharing a credit-card number, accidentally sending the receipt to a recycled phone number or seller or buyer error.” Square’s digital receipt program has become a marketing/customer-engagement service business unto itself. Profiting off user information through credit card purchases is due to the fact such info can be often more revealing than net browsing or social media activity.

“The company relies on consumers to input an email address or phone number that it then syncs to a particular card,” Rudegeair noted. “It doesn’t verify whether the contact information it associates with a card belongs to the cardholder, but it provides a link with each emailed receipt that lets consumers decouple a card from an email address,” which would seem to go directly to the problem’s root.

Back in 2017, a Square executive put the matter starkly to investors. “We know who bought what from whom, on what day, with what payment instrument. And with something as simple and fundamental as a digital receipt, we can create a valuable customer directory and a suite of tools that take advantage of it.”

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH. 

Square Digital Receipts: Sensitive Information Routed Incorrectly, EmbarrassinglyCONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.