Accept Credit Cards with Square? You are not PCI Compliant!
Square the trendsetting product developed by Twitter Co-Founder Jack Dorsey is no longer considered a PCI Compliant device. Square has always stated on their website squareup.com that their device and service within PCI compliance and are a responsible way for people to accept credit cards. The PCI DSS standards, which are established by the PCI Securities Council, have been scrambling to analyze and establish best practices for businesses and consumers with this rapidly changing new technology. These standards or best practices are intended to protect consumers from credit card fraud and identity theft.
What is Square?
Square has made a device that plugs into the headphone jack on your smart phone and essentially turns your phone into a credit card reader without having to have a traditional merchant services account. This allows individuals and businesses to accept credit cards with minimal effort and expense. When a card is swiped the information is sent to a simple application at which time it is encrypted and sent for authorization.
Why Was Square PCI Compliant Previously?
The mobile payment marketplace is experiencing unprecedented grow and development which has made it nearly impossible for new products and payment methods to be fully analyzed. Square was considered to be compliant under the previous version of the PCI DSS guidelines, however, mobile payment technology did not exist a short time ago when those policies were amended.
Under the latest version of the PCI Compliance Guidelines all devices are now mandated to be compliant through “end to end” encryption meaning that all data collected upon swipe is encrypted before it is transmitted. This was previously only a requirement for PIN Pad devices.
What the New PCI Compliance Regulations Mean to Square.
Because information is not encrypted upon swiping the credit card through the credit card reader this leaves a serious security error in the process because it is very easy to intercept sensitive data directly from the card reader prior to getting sent to the application. The Square card reader can also be turned into a card skimming device with minimal programming knowledge. Square will now be forced to rebuild their credit card reader to encrypt credit card information upon swipe and prior to transmission to be considered within the PCI compliance standards to accept credit cards.
What this means to users of Square.
Not being PCI compliant is more serious than most small business owners realize. Not only can the user of a non PCI Compliant device be open to consumer lawsuits but can also be held responsible for any and all costs associated with a data breach that results in credit card fraud. For more details on why you should care about PCI Compliance visit our merchant services blog on 5 Reasons Why You Should Care About PCI Compliance.
Square was reprimanded by credit card terminal giant VeriFone upon the discovery that their credit card reader was not compliant as being irresponsible. In response Square did state that they were PCI compliant (at the time) but that they were looking into creating an encrypted device. There is no deadline or estimation on when the encrypted card reader will be available, however, with these new industry regulations we are sure that they will step up their game.
What to do if you currently use Square
The mobile payment marketplace is growing faster than any other sector of the payments industry which is great news if you are currently using square and wish to have a more secure device. Square’s success in offering a simplified merchant services account to not only individuals but to businesses as well was unprecedented. This did not go un-noticed and there are now many competing devices most of which are designed around a traditional merchant services account with mobile credit card reader that meet the new standards.
The Merchant Doctor, however, has a program that allows individuals and businesses to accept credit cards and has been developed to compete directly with Square. The application takes just 3 minutes and the card reader is offered for free with no contract, no minimums, and no fees. The mobile application is incredibly robust with more options and highly user friendly features that the squareup mobile application did not offer. In addition the Merchant Doctor solution is end to end encrypted keeping your business and your customers safe and secure while expanding your sales. For 13 things that you will love about PhoneSwipe check out our merchant services blog.
Here is a quick graphical comparison of the services offered by Square vs the Merchant Doctor’s mobile solution to accept credit cards:
If you have any questions or would like more information on what a mobile payment solution could do for your business or on the Merchant Doctor’s mobile payment solution contact us we will be happy to help in any way possible. You can apply now in 3 minutes or to learn more about how to accept credit cards on your IPhone, Ipad, or Android device.