People often wonder how it is that we can release a secure credit card reader that encrypts (or scrambles) your credit card information as you swipe your card, but which also works at any website. Doesn’t the website need to be able to decrypt (or un-scramble) the information before completing the purchase? How is this possible?

It’s a good question. On the surface, it seems utterly impossible - hence the reason nobody has done it before. And, believe me, there were times in development where we did think it might be impossible, but either through insanity or genius (I’d like to think the latter, but probably a little of both), we forged on, believing we could solve a problem that people thought was unsolvable. Turns out that we did. And here’s how we did it:

First of all, every (legitimate) website already implements a measure of security, called SSL or HTTPS, which they use to secure the transfer of information from themselves to your web browser, and vice versa. The problem with this approach is that it’s highly beatable. Cyber criminals know how to bypass this security fairly easily, and can steal your information or tamper with your session, without you even knowing about it. It’s not because SSL security is poor – data encrypted with SSL is actually very secure – the problem is that it only protects the information as it leaves your computer, but doesn’t protect it within your computer. It’s like travelling in an armored bus that picks you up a block from your house – you’re safe while you’re travelling in the bus, but you’re completely exposed from the moment you leave your house until you get to the bus stop.

This is a problem, and everyone knows it. That’s why there’s talk of finding a replacement for SSL for web transactions. But, there are millions of websites and hundreds of millions of web browsers out there that all rely on SSL, so changing the system isn’t really feasible.

But why fix what ain’t broke? If the armored bus is plenty strong, don’t buy a new bus – just move the bus stop! SSL has proven to be very secure when used correctly. There’s no need to replace it. We just need to start using it correctly. Instead of encrypting sensitive information only as it leaves your computer, we need to encrypt the information at the point of origin. For credit card data, this means encrypting it as you swipe your card.

What we’ve done with SmartSwipe is exactly that – we’ve moved the bus stop into your living room. Your data is encrypted with SSL inside the SmartSwipe device, and transferred directly to the merchant in a format they expect, using the SSL encryption that their website already knows how to process. We’re using SSL the way it was intended to be used – to actually protect information.

So there you go. The reason why we work at any website is because we leverage what they already have in place, and we make it secure. As long as the site uses SSL (and all legitimate ones do - you should never shop at any website that doesn’t use SSL), the SmartSwipe can secure your transaction at that website.