SumUp, a mobile payments rising star, recently announced an API that allows third party apps to accept credit card and cash payments without leaving the app. Prior to the API, SumUp users and customers were required to use the SumUp app in isolation from the merchant app to utilize the slick mobile payments platform.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
French fintech startup Bankin’ has announced a new API that expands its consumer and business financial offerings to include payment processing. The new Bridge Pay API uses bank transfers to process payments and is being utilized by 12 major French banks.