There are two good reasons Square doesn't do this that I can think of off the top of my head.
First, CNP vs CP card processing rates. http://en.wikipedia.org/wiki/Card_not_present_transaction
Every credit card has the CC number encoded in to the back of the card, but in addition to that, it has a couple bytes of extra information. That extra information qualifies the merchant for a lower processing rate if they SWIPE the card. That means, when you take a picture, you are paying closer to 3.5% instead of 2.75% for every transaction. (rates quoted are square's cp vs cnp rates)
Some merchants are extremely sensitive to this, other aren't. The larger a merchant is, the more likely they are going to care. On the other hand, no merchant wants to lose a sale, 3.5% of a sale is still better than 100% of a lost sale.
The other reason is based on UX. It feels really weird to have someone take a picture of your credit card using their cell phone. The apps that use this technology might be doing anything with that image.
Otoh, more people should take credit cards!
(edit: Sidenote, Square considered doing this before the swiper was invented, during the very first month or so. Doesn't mean it is a bad idea, just that Square moved away from it in favor of a swiper.)
If you AB tested giving someone a screen where they put in their credit card number, or a screen where they just took a picture of it, you might find that people are more willing to take a picture. People are probably more comfortable with a photo of their credit card being taken on their own phone than someone else's phone. To the app, both of these are CNP transactions.
To be fair, any company that gets my credit card number (restaurants, Walmart, Amazon, every random e-shop on the internet) could be doing anything with my credit card, so this concern isn't exactly new or very scary.
Consumers have an irrational understanding that swiping a credit card is safe. Taking a picture of it is likely the sketchiest action a merchant could take, in the eyes of the average uneducated consumer.
We should be moving away from credit cards. They are becoming an archaic technology.
Also, how would a phone lead to more fraud? You could authorize each transaction by cryptographically signing it after entering a passphrase. With a credit card anyone that steals your numbers can charge to it.
The fraud prevention mechanism for magnetic cards is mostly reactive and doesn't require "passphrases" or "cryptographically signing," which is a big usability win.
Since issuers are on the hook for unauthorized charges, and generally make money from transaction fees, it's in their best interest to find a good compromise between fraud protection and usability. Adding consumer software and a wide variety of commoditized portable computing devices into the mix doesn't seem worth the cost.
But the, why doesn't having a photo of the card in-question also qualify for a CP?
I think Square moved toward being able to swipe because it's more 'traditional'. People were going to be upset about vendors taking a pic of their card.
socmoth, CrazedGeek, and tbgvi are right that this is considered a CNP transaction and rates are higher. However, our focus is on mobile developers, not retail merchants. By taking friction out of the mobile checkout flow for those developers (because customers don't have to type out their cc number), conversions are higher, and thus revenues are higher.
Regarding the user experience: folks are used to scanning barcodes with RedLaser, business cards with CardMunch, and checks with PayPal and the Chase mobile app. If we can make credit card purchasing easy and fast on the phone, that's a good user experience.
Thanks for the feedback!
I can see the title on HN: "Card.io - fast and easy workouts"
Anything that increases conversions is great! Best of luck! I look forward to seeing it in the wild. In fact, are there any merchants in SF I can watch use it yet?
Doesn't seem that card.io is trying to get merchants to use this as a Square replacement at this point.
Of course, I'm not sure how this is useful, since I understand that in-app purchases need to be tied to the App Store account, but it might be more useful for Android.
One interesting tidbit on this front, from someone who spends a lot of time admiring credit cards: Only some cards have silvery ink on top of the numbers. Some others have silvery plastic underneath the main ink layer (usually part of the card's overall graphic design), so the numbers become more silvery with wear, not less. And yet others have no silver anywhere at all. TAANSTAFL. :)
Say things are wildly successful and people come to expect that merchants will be taking a pic of your credit card with their phone. So you easily hand over your card to some random person to take a pic of it - assuming they are using Card.io.
However, what is to prevent nefarious people from just taking a pic with their own app or their own camera ?
So what would be good would be if there is some way to indicate (quickly) to the cardholder that the user is actually using Card.io to take the pic, rather than the Camera app - so they are not paranoid about people stealing their numbers.
Maybe turning the flash light red (is that even possible?) or something subtle that is a unique indicator that Card.io is being used and not some other app.
With Square, it is that little dongle - although I know that once Square gets big enough and the incentive gets large enough for people to create knock-offs of that dongle, I think it's much harder than say using a Camera.
Otherwise, awesome app.
When you're sitting in a restaurant and hand over your credit card, the waiter is now in total posssesion of it.
They could take a picture of it.
They could go to their laptop and make purchases from China.
They could run out the backdoor and never return it.
Handing over your credit card is a common enough thing, because you are protected from fraud by the credit card companies policies---not by your own regard for if the person you're giving your card is trust worthy or not.
Not saying other avenues of fraud don't exist or cardholders aren't as vulnerable without it.
Just stating what I think will likely be a side-effect, that these guys should at least pay attention to.
Based on developer interest, a common use case will be scanning your card from an app on your own phone - in that case, you're scanning your own card, and you're in control. But this us a great suggestion for retail usage.
(edited to add that this is Mike from card.io)
There's also FaceCash by Think Computers/Aaron Greenspan.
From what I can tell, this just does the scanning and doesn't actually process the transaction though? Could be wrong on that. Also, 15 cents per scan seems expensive.
-Mike from card.io