an app called 'square'?

Link: https://squareup.com/

Big con, IMO, the application isn't registered as meeting PA-DSS requirements for payment application security. They claim that their internal systems meet PCI-DSS (Level 1) requirements. That's good. However, last I looked, the PCI Security Council hadn't yet approved any mobile applications or systems.
PA-DSS & Mobile Applications FAQ.

People are using these applications, so I wouldn't necessarily argue against them. But understand that this is still an open question to the card payments industry. No one with credentials in this field certifies these applications... yet.

Remember, there have been several examples of late of people able to hack private data right off iPhones and Android devices. Even if the data is only there for a few seconds, it's still a security hole.

So I like the backend security that Square is using (as long as they aren't lying to us). But this is very much an open question in the Payment Card Security community.

For what it's worth, I know a number of merchant friends who use Square, and none have had any complaints. (Several have been so thrilled with Square that they've canceled their land-line based credit card transaction stuff.)

They've been successful enough that Quicken and a few others have launched competing mobile transaction tools.

As long as those friends are aware that they'll be held responsible for a data breach/compromise. The odds aren't high, but there's no safety net here.

With a PA-DSS qualified application, there's someone else to face the music, sort of an insurance.

I believe it has been written up in newspapers, too, so you might want to Google for articles (NYTimes, Wall Street Journal esp.).

BTW, it also works with iPad.

--Ken