Last week, news emerged that RSA has suffered a serious security breach that has left many wondering whether the millions of SecurID tokens in use around the world are really that secure after all. I’d be very surprised if RSA didn’t suffer financially as a direct consequence of this breach but RSA as a business will survive.

Jack Dorsey’s new venture, Square is hot at the moment. It’s a credit card reader and associated service that plugs into your iPhone or iPad and lets you take credit card payments. Square takes 2.75% and deposits the rest of the money into your bank account the following day. The device itself is free. All you need is a US address and a US bank account and you can start accepting payment by credit card.

Credit card fraud amounts to billions of dollars every year. Stolen credit card details sell for up to $50 but turning the stolen details into cash isn’t straightforward – fraudsters normally buy goods online which they then re-sell for cash. It would be much easier if you could simply set up a bank account under an assumed name (not that difficult in this age of identity theft), fill it with money debited from the stolen credit cards and then withdraw it the following day.

In theory, Square doesn’t allow this because the card has to be physically swiped through the device.

Except it doesn’t. Major Malfunction and Zac Franken have discovered that it’s possible to spoof the Square system into thinking that a card is present when, in fact, it’s not. This obviously opens up the risk that Square could become a vehicle for large-scale fraud and I can’t help wondering what the credit card companies would do if that were to happen.

Could Square fall victim to its own failure to build a secure platform?

I’d completely forgotten that I’d registered with eFinancial Careers until I got an email (see below) telling me that they’d been hacked and my personal data had been compromised. Under the circumstances, I can’t help wondering whether it might be a good idea to force companies to delete registered users’ accounts (and the attendant personal data) if the user fails to log in over an extended period of time.

Everyone knows that cyber-criminals are constantly targeting banks and other financial institutions but you don’t often get to read about how they’ve successfully siphoned off €45m worth of certificates. Even worse, spot trading of emissions permits has been halted as a result of the breach (although, as with most commodities markets, most carbon trading is done using derivatives, so the impact isn’t quite as bad as it sounds at first).

There have been persistent rumours that the London Stock Exchange was the target of a concerted attack last year but, as is so often the case with these sort of rumours, the LSE’s keeping quiet.

It’ll  be interesting to see if further details emerge about the Emissions Trading Scheme attack.