Say things are wildly successful and people come to expect that merchants will be taking a pic of your credit card with their phone. So you easily hand over your card to some random person to take a pic of it - assuming they are using Card.io.
However, what is to prevent nefarious people from just taking a pic with their own app or their own camera ?
So what would be good would be if there is some way to indicate (quickly) to the cardholder that the user is actually using Card.io to take the pic, rather than the Camera app - so they are not paranoid about people stealing their numbers.
Maybe turning the flash light red (is that even possible?) or something subtle that is a unique indicator that Card.io is being used and not some other app.
With Square, it is that little dongle - although I know that once Square gets big enough and the incentive gets large enough for people to create knock-offs of that dongle, I think it's much harder than say using a Camera.
Otherwise, awesome app.
When you're sitting in a restaurant and hand over your credit card, the waiter is now in total posssesion of it.
They could take a picture of it.
They could go to their laptop and make purchases from China.
They could run out the backdoor and never return it.
Handing over your credit card is a common enough thing, because you are protected from fraud by the credit card companies policies---not by your own regard for if the person you're giving your card is trust worthy or not.
Not saying other avenues of fraud don't exist or cardholders aren't as vulnerable without it.
Just stating what I think will likely be a side-effect, that these guys should at least pay attention to.
Based on developer interest, a common use case will be scanning your card from an app on your own phone - in that case, you're scanning your own card, and you're in control. But this us a great suggestion for retail usage.