A new voice has joined the debate that has been raging since VeriFone CEO Doug Bergeron published his open letter regarding security concerns with Square's mobile POS product. 

ROAM Data CEO Will Graylin published a letter to the mobile payment industry via PYMTS.com on April 5, 2011, in which he said the problem of skimming facilitated by unsecure card readers "is very real and should be properly understood and addressed by industry regulators before it grows exponentially along with the exploding mobile commerce market."

ROAM is a manufacturer of the credit card readers that merchants attach to smartphones to use them as point-of-sale terminals. ROAM does not sell directly to merchants but instead offers its readers through third-party merchant resellers such as Intuit and Sage Payment Solutions.

Graylin said that consumers are likely unaware of the burden to merchants caused by credit card fraud, a burden passed along to consumers through higher prices.

"This is equivalent to us collectively writing a multimillion dollar check every single day to pay criminals for stealing our card data," he said. "The size of that check is directly proportional to the ease of access to card fraud tools."

Graylin went on to say that skimming is much easier for criminals to accomplish so long as credit card readers for smartphones are unencrypted. Graylin singled out Square's mobile POS card reader for making the required equipment easier for criminals to obtain.

"To pull off this kind of mobile skimming 'in the open' used to require sophisticated criminals to create a fake POS device that looks real," Graylin said. "In the case of Square's reader, the actual skimming device is the real device, since it has no encryption, no alteration is required and the readers are given away for free to anyone who asks for it. Combine that with the ease of smartphone software access and there is no doubt this problem can explode and be more dangerous than many people think."

Graylin's letter echoes much of what Bergeron said in his initial comments regarding Square. Critics of Bergeron's statement said it was merely a marketing ploy and an attempt by a larger company to bully a smaller rival. Before his company can be accused of the same thing, Graylin makes it clear that ROAM does not compete with Square.

In closing his letter, Graylin said the blame should not necessarily fall on Square, since no standards currently exist to mandate the type of encryption that would eliminate skimming. Until such standards are implemented, Graylin said, the pressure to provide cheaper, less-secure products would mean more companies providing similar unencrypted devices.

"We are relying now on industry regulators to issue new rules for new environments to keep fraud down and consumer trust high," Graylin said.