This has been out for a few days, but I just found some of the details. Reason I'm posting this is that we've been using a 'dial-pay' merchant account for years, but NOT on a smart phone. We've been planning on getting one and moving to Square - which is certainly more cost effective save for the data charges. Best I can figure we'll save a bit, but it'll be much more convenient.
My bio includes over fifty years in IT and data communications, so this article kind of waves a red flag in my face. The folks that brought us all that compliance stuff will probably jump onto this fairly soon - and it could be very justifiable, but also very inconvenient. The article doesn't get into how much information is sent to the carrier other than "logs every text message". Don't have a clue what the fallout will be, but I keep remembering all the PR about how tech makes lives SOOOOO much easier (NOT!).
Comments
Since Square doesn't include the account number in the text message, how is this an issue for us?
Couple of comments and then I'm dropping it all.
First, what they're doing is sending some amount of undisclosed information TO YOUR CARRIER each time you use a smart phone (iPhones included). This means Square may (or may not) have everything secured - it could include AT&T, Verizon, T-Mobile, etc., and someone somewhere else will figure out what has to happen. Since none of the carriers is saying what specific data is being sent to them from your phone, who can tell what'll happen.
I also agree with having to take tests or pay - that's why we switched to a provider that has their network end-to-end and we're not bothered by that anymore.
I'm not planning on bird dogging this issue, as it doesn't affect us unless we switch as we'd planned to early next year. The entire issue (if there is one) should be resolved by then and anyone using Square should be the first to know if there's a problem.
Beads, let's trade beads.... :)
I totally agree with Gary. I was sick and tired of having to take the PCI compliance tests or pay a whopping fee for not doing so with my previous merchant account. Square is much safer, there are no paper receipts to store, destroy or lose, and nothing is stored for me to access other than the amounts I was paid and the photos I generated for emails. I'll keep using Square on my Android and do so without worry.
if it gets too much like "1984", I'll be going back to an unsmart phone and using cash only. Maybe barter. :-)
Walt consider the source. PCI compliance is the rule of the industry. Any device that 'stores' customer data needs to be compliant. Square stores nothing on the phone at anytime. Once it is transmitted there isn't anything left on the device. Lots of previous discussions on the forum can be found.
Bottom line, your are good and safe to use Square.
Actually, the question would be: Do you trust the network that the data is being transmitted through? The mechanism for swiping CC's is the same whether it's "The Square" or any of the wireless CC machines that people use to take CC's at a show. It all goes over an encrypted, secure, network. Keep in mind that "The Square" is only 1 of over 10 companies that offer swiping cards through your smart phone. "The Square" is preferred by us because we aren't paying a monthly fee if we don't do a show one month.
The only information I was able to find was that the Square translates the cc information into sound in order for the phone to accept it and transmit it and someone could write an application on their own phone to translate that sound back into the cc information. So it comes down to - do you trust the person using the square?
Walt - why don't you keep your eye on this and report back when you have some concrete information that says that credit card data is being compromised by using the Square. Until then......
You bring up a good point. I definitely have some concerns with those apps. I'm kind of a computer geek and I have a group of friends who discuss things all the time. One important discussion is about security. There are plenty of applications for the computer that keeps me protected. There are none for the phone, though. One of the reasons why I got an I-phone instead of an Android based phone is because there was some question about how secure the Android phones were.
-
1
-
2
of 2 Next