Advertiser Disclosure

💳 Save money on credit card processing with one our top 5 picks for 2021

Is Square Safe For Customers? Everything You Need To Know About Square Payments Security

    Emily Hale
  • 4 comments
  • Updated on:
Advertiser Disclosure: Our unbiased reviews and content are supported in part by affiliate partnerships, and we adhere to strict guidelines to preserve editorial integrity.
Emily Hale

Emily Hale

Emily is a Content Strategist based in Indianapolis. She enjoys discovering new topics and planning content that empowers small business owners to make better choices for their businesses. When she's not in the thick of doing research for Merchant Maverick, she likes painting, meandering through nature and spotting wildlife, or relaxing with her rescue pup, Jetta.

We've done in-depth research on each and confidently recommend them.

We've done in-depth research on each and confidently recommend them.

Sources

Leave a comment

4 Comments

Responses are not provided or commissioned by the vendor or bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the vendor or bank advertiser. It is not the vendor or bank advertiser's responsibility to ensure all posts and/or questions are answered.

    Christopher Bulin

    I have read and reread this article, the question I have since Square does some of the labor such as SAQ, encryption and audits for the merchant, and they clearly state they are pci compliant. That doesn’t mean as a business accepts payments via Square that they (business) are compliant by definition of PCI -DSS, any business that accepts and processes credit cards is to meet the requirements. Especially if using a mobile device.
    According to the SAQ’s by definition most businesses that swipe transaction on a phone and or tablet are subject to the requirements of SAQ C:
    * Mobile device (smartphone/tablet) w/ a card processing application or swipe device
    SAQ C: has a 160 questions, is subject to vulnerability scan and does not need a penetration test. However although only 12 core requirements, there are numerous sub-requirements, so if they don’t require the business to “validate” compliance, how can Square tell a merchant they are compliant? Yes they are involved in every aspect of the development of their systems, while it is their possession but once it leaves their warehouse and is placed in the merchants environment that’s where the meeting of the requirements is crucial and according to Square they are unable to validate. Which means a business would not be meeting the requirements.

      This comment refers to an earlier version of this post and may be outdated.

      Jessica Dinsmore

      Hi Christopher,

      As long as you use Square according to their stated terms of use, you should be PCI compliant. But if you do something like write down card numbers instead of plugging them into the vault, etc., you’re risking your business and your ability to process through Square.

        This comment refers to an earlier version of this post and may be outdated.

        Derek Boczenowski

        Great Article!

        I did have one question though. PCI has multiple controls around making sure the Point of Interaction devices have not been tampered with, and to ensure that security awareness training and other documentation is in place. Obviously, Square cannot validate this as part of PCI. Since Square is assuming merchant ID responsibility, how should the customer protect against the controls that Square cannot possibly manage?

          This comment refers to an earlier version of this post and may be outdated.

          Jessica Dinsmore

          Hi Derek,

          Square has a few safeguards in place that may address some of your concerns, but there are some best practices a merchant can do as well. First, you should know that Square redesigned their card readers to prevent tampering. If anyone attempts to open it up or rig it to copy data to another source, they won’t be able to because it is designed to break when it’s tampered with in any way. Additionally, Square Terminal and Square Register can only run through their own apps, and all card data — no matter how the sale is input, gets encrypted. So even if someone were to “break into” your system, they are only going to get the last 4 digits of the credit card number anyway. Square reduces the PCI scope of the merchant because your servers, your phone, or your device never actually transmits or stores data, it’s only through the reader or Square app.

          That being said, of course you should safeguard your password, and make sure to change it if an employee leaves, because they could potentially sign into your dashboard if you don’t safeguard your information, or use limited sign-ons for your staff. Square is no more or less secure in payment security than any other POS system. These systems use encryption and may even be tokenization, but there is still room for human error or deceit for that matter.

          An employee may jot down a card number, for instance. It’s up to the merchant to ensure it’s not a company-wide approach to make imprints of credit cards, or record them in a spreadsheet. You can’t do much about a bad apple, but making sure you’re doing what you can to follow PCI compliance, including using a fully PCI compliant system like Square is a good move.

            This comment refers to an earlier version of this post and may be outdated.

          Leave a Reply

          Your email address will not be published. Required fields are marked *

          Your Review

          Comment moderation is enabled. Your comment may take some time to appear.
          Please read the "User Review and Comment Policy" before posting.

          Share

          We Recommend Helcim 🏆

          Helcim has exceptional service and an advanced platform that we highly recommend for businesses in Canada and the US. Get three months free when you sign up with Helcim through our links!

          Get Started

          Get started with no commitment today.

          We recommend Square Credit Card Processing to UK businesses 🏆

          Square Payments is a secure and reliable credit card processing platform. It's advanced solutions and broad feature-set makes it a great fit for most businesses.

          Get Started

          No credit card required

          We Recommend Stax by Fattmerchant 🏆

          We love Fattmerchant as a credit card processor for its predictable pricing, excellent service, and integrated billing features. Get started today and get your first month for $5 with an exclusive Merchant Maverick promo.

          Get Started

          Get started with no commitment today.

          Our unbiased reviews and content are supported in part by affiliate partnerships, and we adhere to strict guidelines to preserve editorial integrity. The editorial content on this page is not provided by any of the companies mentioned and has not been reviewed, approved or otherwise endorsed by any of these entities. Opinions expressed here are author’s alone.

          Sign up for the Maverick Newsletter

          • Please select topics of interest

          • We occasionally send out emails with special offers.
          • This field is for validation purposes and should be left unchanged.