Phone Swipe

Square Compare

MOBILE SERVICE COMPAIRISON

ITEM

App Store Rating

Application Fee $0 $0
Monthly Minimum $0 $0
Card Reader $0 $0
Shipping $0 $0
Contract NO NO
Qualified Rate 2.75% 2.69%
Non Qualified Rate 3.5% + $.15 3.49% + $.19
High Volume Pricing Option $275 Monthly Fee Over $7500/Month Special Rates
Service and Support Email and Twitter Only 24/7 Live Phone
Real Time Product Inventory
Capture Customer Emails
Secure Encrypted Card Reader
Customer Tips Percentage Only
Signature Capture
Multiple Card Readers
Cash Payments w/email Receipts
Add Discount at Checkout
Store and Send Capable
Multi Merchant Login
Custom Email Receipts

Square, the innovative product brainchild of Twitter Co-Founder Jack Dorsey, can no longer claim to be PCI Compliant.

Square has maintained on their website SquareUp.com that their device and service fall within PCI compliance guidelines and is a safe way to process credit card payments. The PCI DSS best practices guidelines established by the PCI Securities Council who had to revise their standards to accommodate this with this rapidly changing new technology. The PCI Compliance standards or best practices are intended to protect consumers from credit card fraud and identity theft.

What is Square?

Square is a credit card reader that plugs into the headphone jack on your smart phone and turns your phone into a credit card terminal without the need for a traditional merchant services account. It is intended to allow individuals and businesses to accept credit cards with minimal effort and expense. To make a sale the merchant or individual simply swipes the credit card through the card reader and the information is sent to a simple mobile application downloaded from the Android or iTunes Marketplace at which time it is encrypted and sent for authorization.

Why Does Square claim to be PCI Compliant?

PCI DSS guidelines can only cover current technology so when Square came to the marketplace mobile payment technology of this sort did not exist. Since Square’s introduction the mobile payment marketplace is experiencing unprecedented grow and development which has made it nearly impossible for new products and payment methods to be fully assessed by the DSS council. Square was considered to be compliant under the previous version of the PCI DSS guidelines, however, since mobile payment technology did not exist when those policies were created Square did technically fall within the standards.

Under the latest version of the PCI Compliance Guidelines, however, all devices are now mandated to be “end to end” encrypted meaning when a credit card is swiped it must be encrypted before it is transmitted in any way. No sensitive information may be stored for any amount of time during the transaction. These requirements were previously only a required for PIN Pad terminals.

How do the New PCI Compliance Regulations Affect Square?

Since credit card information is not encrypted while the credit card is swiped through the credit card reader this leaves a major security weak-point in the transaction because it is very easy to skim sensitive data directly from the card reader before it is sent to the mobile application. This makes the Square card reader easy to turn into a card skimming device with minimal technical knowledge. Square’s only option if they want to offer a PCI Compliant device is to rebuild their credit card reader to encrypt credit card information during the card swipe and prior to being sent to the mobile application to be considered within the PCI compliance standards to accept credit cards.

How Does this Affect Square Users?

Being non PCI compliant is more serious than many small business owners and individuals may realize. Users of a non PCI Compliant device could be open not only to lawsuits but can also be held personally liable for any and all costs associated with a data breaches that result in credit card fraud. In addition to that businesses could be putting their customers at risk. 

Square has been criticized by credit card terminal producer VeriFone when it was revealed that their credit card reader was not encrypted as being irresponsible. In response Square said that their processing practices were PCI compliant (at the time), however, that they were looking into creating an encrypted credit card reader. They did not indicate any deadline or prediction on when the encrypted card reader will be released. The new industry wide PCI regulations are sure force square to step up their game.

How do you protect yourself and your business if you currently use Square?

The mobile payment marketplace is growing at an exponential pace compared to other sectors of the payments industry which is great news if you are a square user and wish to have a more secure device. Square’s success in offering a simplified merchant services account to individuals and businesses as well was unprecedented. There are now many competing devices many of which are associated with traditional merchant services accounts. A majority of these services are offered with a mobile credit card reader that meets the new PCI standards.

ProMedia, however, has a program developed to compete directly with Square that allows individuals and businesses to accept credit cards.

The application process takes just 3 minutes and the card reader is offered for free with no contract, no minimums, and no fees. The mobile application is incredibly feature rich with more options and user friendly features than that offered by Square. The ProMedia solution is end to end encrypted keeping your business and your customers safe and secure while expanding your sales and profits. For more on the features and benefits of the ProMedia solution check out 13 Things That you will Love About Phone Swipe.