What is Square? Square is a credit card reader that plugs into the headphone jack on your smart phone and turns your phone into a credit card terminal without the need for a traditional merchant services account. It is intended to allow individuals and businesses to accept credit cards with minimal effort and expense. To make a sale the merchant or individual simply swipes the credit card through the card reader and the information is sent to a simple mobile application downloaded from the Android or I Tunes Marketplace at which time it is encrypted and sent for authorization. Why Does Square claim to be PCI Compliant? PCI DSS guidelines can only cover current technology so when Square came to the marketplace mobile payment technology of this sort did not exist. Since Square’s introduction the mobile payment marketplace is experiencing unprecedented grow and development which has made it nearly impossible for new products and payment methods to be fully assessed by the DSS council. Square was considered to be compliant under the previous version of the PCI DSS guidelines, however, since mobile payment technology did not exist when those policies were created Square did technically fall within the standards. Under the latest version of the PCI Compliance Guidelines, however, all devices are now mandated to be “end to end” encrypted meaning when a credit card is swiped it must be encrypted before it is transmitted in any way. No sensitive information may be stored for any amount of time during the transaction. These requirements were previously only a required for PIN Pad terminals. How do the New PCI Compliance Regulations Effect Square? Since credit card information is not encrypted while the credit card is swiped through the credit card reader this leaves a major security weak-point in the transaction because it is very easy to skim sensitive data directly from the card reader before it is sent to the mobile application. This makes the Square card reader easy to turn into a card skimming device with minimal technical knowledge. Square’s only option if they want to offer a PCI Compliant device is to rebuild their credit card reader to encrypt credit card information during the card swipe and prior to being sent to the mobile application to be considered within the PCI compliance standards to accept credit cards. How Does this Effect Square Users? Being non PCI compliant is more serious than many small business owners and individuals may realize. Users of a non PCI Compliant device could be open not only to lawsuits but can also be held personally liable for any and all costs associated with a data breaches that result in credit card fraud. In addition to that businesses could be putting their customers at risk. For more information on why PCI Compliance is important visit our post on 5 Reasons why you should care about PCI Compliance. Square has been criticized by credit card terminal producer VeriFone when it was revealed that their credit card reader was not encrypted as being irresponsible. In response Square said that their processing practices were PCI compliant (at the time), however, that they were looking into creating an encrypted credit card reader. They did not indicate any deadline or prediction on when the encrypted card reader will be released.
Posted on: Tue, 11 Jun 2013 13:23:02 +0000
Trending Topics
Recently Viewed Topics
© 2015