Solved: I have ben asked for my PCI Attestation of Complia...

runningegg · ‎04-21-2022

In order to set up my food truck at the local state university, one request is as follows: "4. Vendor shall supply to FSA its latest Completed PCI Standards Counsel Assessment and Attestation of Compliance". Does Square offer this attestation, since they are the ones who are complying with PCI Standards? or is there a form that I need to complete?

Donnie-M · ‎04-21-2022

@runningegg What you may need to provide them with is that you are using Square for all payment processing and they are the PCI compliant entity involved.

https://squareup.com/us/en/townsquare/pci-compliance

https://squareup.com/help/us/en/article/3796-privacy-and-security

"

Square takes care of PCI compliance for your business

Square complies with the Payment Card Industry Data Security Standard (PCI DSS) so you do not need to individually validate your state of compliance.

Our hardware/readers have end-to-end encryption out of the box with no configuration required and at no additional cost—without monthly fees or annual assessment requirements. We maintain PCI compliant software at no additional cost to you, with no monthly contracts or long-term commitments. Providing you use Square for all storage, processing, and transmission of your customers’ card data, you don’t need to take any steps to validate your PCI compliance to Square, and you don’t need to pay any PCI-compliance fees.
Square is the merchant of record for every transaction. We deal with the banks on your behalf including PCI compliance, regulation, and processing. We advocate on your behalf to make sure that simple errors, honest mistakes, and disputes are resolved equitably.
Square’s technical approach to security is also designed to protect both you and your customers. We adhere to industry-leading PCI standards to manage our network, secure our web and client applications, and set policies across our organization. Square’s integrated payment system provides end-to-end encryption for every transaction at the point of swipe, dip, or tap and tokenizes data once it reaches our servers. Plus, we monitor every transaction from acceptance to payment, continuously innovate in fraud prevention, and protect your data like our business depends on it—because it does."

I would provide them with this information and see what they say. It can be sometimes daunting when doing work with a government entity, as some lawyer somewhere writes these types of forms. So your "attestation" is that you use square and they handle all pci compliance. If someone question's square's pci compliance they don't have a clue.

Donnie
Multi-Unit Manager
Order Up Cafe/Tombras Cafe/Riverview Cafe/City County Cafe
Roddy Vending Company, Inc.
www.OrderUpCafe.com

Using Square since July, 2017
Square Super Seller
Square Beta Team

"Good judgment comes from experience, and experience comes from bad judgment."

"You can have everything in life you want, if you will just help other people get what they want." Z.Z.
Do you want to have great restaurant menus that are easy to edit and don't cost a fortune? I use MustHaveMenus and you can too!
MustHaveMenus

View Best Answer >

Donnie-M · ‎04-21-2022

@runningegg What you may need to provide them with is that you are using Square for all payment processing and they are the PCI compliant entity involved.

https://squareup.com/us/en/townsquare/pci-compliance

https://squareup.com/help/us/en/article/3796-privacy-and-security

"

Square takes care of PCI compliance for your business

Square complies with the Payment Card Industry Data Security Standard (PCI DSS) so you do not need to individually validate your state of compliance.

Our hardware/readers have end-to-end encryption out of the box with no configuration required and at no additional cost—without monthly fees or annual assessment requirements. We maintain PCI compliant software at no additional cost to you, with no monthly contracts or long-term commitments. Providing you use Square for all storage, processing, and transmission of your customers’ card data, you don’t need to take any steps to validate your PCI compliance to Square, and you don’t need to pay any PCI-compliance fees.
Square is the merchant of record for every transaction. We deal with the banks on your behalf including PCI compliance, regulation, and processing. We advocate on your behalf to make sure that simple errors, honest mistakes, and disputes are resolved equitably.
Square’s technical approach to security is also designed to protect both you and your customers. We adhere to industry-leading PCI standards to manage our network, secure our web and client applications, and set policies across our organization. Square’s integrated payment system provides end-to-end encryption for every transaction at the point of swipe, dip, or tap and tokenizes data once it reaches our servers. Plus, we monitor every transaction from acceptance to payment, continuously innovate in fraud prevention, and protect your data like our business depends on it—because it does."

I would provide them with this information and see what they say. It can be sometimes daunting when doing work with a government entity, as some lawyer somewhere writes these types of forms. So your "attestation" is that you use square and they handle all pci compliance. If someone question's square's pci compliance they don't have a clue.

Donnie
Multi-Unit Manager
Order Up Cafe/Tombras Cafe/Riverview Cafe/City County Cafe
Roddy Vending Company, Inc.
www.OrderUpCafe.com

Using Square since July, 2017
Square Super Seller
Square Beta Team

"Good judgment comes from experience, and experience comes from bad judgment."

"You can have everything in life you want, if you will just help other people get what they want." Z.Z.
Do you want to have great restaurant menus that are easy to edit and don't cost a fortune? I use MustHaveMenus and you can too!
MustHaveMenus

I have ben asked for my PCI Attestation of Compliance. Does Square offer this?

Square takes care of PCI compliance for your business

Square takes care of PCI compliance for your business