Is Square A Secure Way To Accept Credit Card Payments?
If you are a business owner who is considering using Square, why and how Square keeps your payments secure are pretty smart questions to consider. Unfortunately, security can be an extremely intimidating subject, especially when you also need a solid understanding of all of the guidelines and requirements for accepting credit cards.
Below, we outline some of the most important aspects of security that any business owner should think about when processing credit card transactions. We’ll also discuss how Square secures transactions and talk about why we like Square’s security procedures.
Table of Contents
PCI Compliance & What It Means For You
PCI is short for The Payment Card Industry Data Security Standard (PCI DSS). The set of guidelines established in the PCI applies to all businesses that accept credit card payments. In a nutshell, PCI compliance means upholding a set of security standards designed to ensure that every company that accepts, processes, stores, or transmits credit card data does so in “a secure environment.”
Every business, from your local mom-and-pop shop to solo entrepreneurs and big-box stores, must follow the guidelines provided by the issuing credit card company. Each credit card company has its own set of instructions and guidelines on properly securing and transmitting cardholder data — and all of that means that things can get pretty complicated and labor-intensive for the average business owner.
What Happens If A Business Isn’t PCI Compliant?
If PCI guidelines aren’t followed, customers and business owners are more vulnerable to breaches. You don’t have to go too far back into the news cycle to find coverage about major credit card breaches of big-name retailers. When hackers strike, it deals a terrible blow to the business’s reputation — in addition to bad press, the organization is required by law to let their customers know that their cards were exposed during a breach.
This scenario is bad for businesses but can be equally as stressful for customers; security hacks certainly affect the buying confidence of the public. No one is immune from being targeted, and that is why it is so important to make sure you are relying on a secure payment processing service.
According to PCI’s web page:
Many organizations treat compliance as a one-time, annual event. But only focusing on an annual compliance assessment can create a false sense of security…It’s only by achieving and maintaining compliance that your cyber defenses will be adequately primed against attacks aimed at stealing cardholder data.
Many businesses may not know that they are breaking some big rules when it comes to storing credit card information. For instance, it is never okay to keep credit card data information on file for any consumer unless it is on a PIN device or payment applications that are certified by the PCI Security Standards Council. Writing credit card information down in a ledger or keeping the numbers on a computer are big no-nos that could land your business in hot water — but the practice is more common than you may think.
Read on to find out why Square takes the guesswork out of securely processing and storing credit card data.
How Square Secures Payment Processing
Let’s take an above-ground view of the payment security Square provides right out of the gate.
- Payment Data: Square encrypts payment data as soon as you swipe or manually enter in the numbers during the sale. Payment encryption makes it harder for anyone to intercept payment data as it is being processed or stored. It’s important to note that as a merchant, your customer’s card numbers, magnetic-stripe data, and security codes are never stored on your device. This framework means that you don’t have to carry the burden of PCI compliance, which we’ll explain in further detail below.
- In-House Manufacturing Of Hardware: Square takes more control of security by maintaining the engineering and manufacturing of their hardware in-house. This internal focus ensures Square’s teams can navigate and adjust aspects of the entire development process. Keeping things in-house is another way to reduce the risks that may be introduced from third-party developers who may not follow the same security guidelines. Proprietary development and manufacturing by Square employees guarantees they have a vested interest and ownership in all parts of usability and effectiveness.
- Continuous Monitoring & Stress Testing: Square also remains proactive in security by taking a holistic approach to monitoring, testing, and threat intelligence. They take advantage of testing labs that are tasked with attempting to compromise areas of security in development and post-market.
In addition to the key differences listed above, Square also places strong safeguards internally through tight security policies and defined best practices for all employees.
How Square Carries The Load Of PCI Compliance
The good news for any business using Square to process credit card payments is that Square itself is PCI compliant. In other words, Square does all the work for you to maintain PCI compliance for every payment you take, no matter which credit card you swipe. You are freed from the burden of ensuring that the storage, processing, and transmission of credit card data meets PCI compliance guidelines.
This fairly big convenience is one reason that many businesses choose Square to process payments. PCI compliance can become costly, but when you consider that Square handles SAQ requirements, assessors, and the auditing process — all things that require a workforce, budgeting, and time — the value becomes even more substantial.
PCI SAQ, for instance, stands for the PCI Data Security Standard Self Harassment Questionnaire. These validation tools are intended to “assist merchants and service providers to report the results of their PCI DSS self-assessment.” There are several SAQ tools for different types of payment processing. From merchants who process card-not-present sales to merchants who use a specific type of terminal, there are separate SAQ tools that apply to every kind of processing method and equipment. As noted, Square handles the SAQ, so you don’t have to.
Not only does Square take a proactive approach in all issues with compliance, but the Square team also contributes to the PCI Board of Advisors. All of this means they have an inside perspective into the developing security standards, and they may understand what’s coming down the pipeline a lot better than some other processors. In fact, some of their developed technologies have driven the changes for the improved standards themselves. We think that’s a pretty great way to stay on top of security.
Is Square Right For Your Business?
If you would like to find out more about Square, we’ve got you covered. Check out How Much Does Square Charge, read our in-depth Square review, or find out more about customer financing through Square.
|Free App & Reader||Square eCommerce||Square for Retail||Square for Restaurants|
|Get Started||Get Started||Get Started||Get Started|
|Free, general-purpose POS software and reader for iOS and Android||Easy integration with popular platforms plus API for customization||Specialized software for more complex retail stores||Specialized software for full-service restaurants|
|Always Free||Always Free||Free Trial||Free Trial|