x
Alumni

Live Q&A: Ask us anything about Square and Security

On Thursday August 16th at 1 PM PST / 4 PM EST, we hosted a Live Q&A about Square and security. We know that the terms thrown around like security, data breaches, and fraud can be overwhelming and intimidating as you try to keep your business and customers safe. We had @flee, one of our security experts, here to answer any of your questions about these terms, PCI compliance, and how Square has you covered.

 

@flee is the Head of Information Security at Square. He has a history of solving security problems for a range of organizations all the way from large enterprises (Bank of America) to small startups (Twillio). He's experienced in building and leading global security teams and specializes in application security. He's passionate about all things security, but finds time to indulge in other hobbies including road cycling, mountain biking, rock climbing, snowboarding, backpacking, and photography.

 

A couple example questions:

 

  • What kinds of security breaches should I be concerned about as a business owner?
  • What does Square do to ensure that I’m protected from security threats?
  • What can I do as a business owner to ensure I’m not susceptible to a hack? 

API-Webhero_Medium.jpg

Message 1 of 28
9,616 Views
1 Best Answer
Square

Best Answer

Thank you all for the great questions—we’re really glad you took the time to participate.

 

We’re always working to keep your business and your customers’ data secure. But there’s a lot you can do on your end to keep yourself safe, as well. To wrap this up, I thought I’d leave you with my top tips for keeping your Square account safe:

 

  • Make sure you choose a strong, unique password—and only use it for your Square account. I know it’s hard to keep track of multiple passwords, but if you use your password multiple times outside of the Square website, you’re increasing your risk of that information being compromised in a data breach. You might consider using a password manager such as 1Password, which will help you keep track of all of your login information without opening yourself up to an attack.
  • Enable 2-step verification on your Square account. We have a great team that monitors your Square account for unusual activity, but you can add an extra layer of protection by linking your phone number to your account. Every time there’s a login attempt on your account, two-step verification confirms that it’s really you by asking you to verify the login on a separate device (your phone). That way, even if a hacker were to get hold of your information from a website outside of Square, they would also have to have gotten ahold of your phone. It’s even better to enable two-step verification on all of your accounts, like your email and your bank accounts.
  • Keep an eye out for phishing emails. Make sure you’re verifying the sender of any email you receive; any emails from Square will come from an address ending in @messaging.squareup.com. Be wary of emails that don’t address you by name (“Hello, Customer”). And while Square does review accounts from time to time and may ask for personal information, you’ll never be asked to provide the following via email: SSN (even the last 4 digits), full credit card numbers, 2-Step verification code, password, or point of sale passcode.

View Best Answer >

Message 28 of 28
4,401 Views
27 REPLIES 27
Alumni

That's probably more of a disputes question @Gretsimac@René can jump in here!

Message 22 of 28
1,341 Views
Square

Hello @Gretsimac! That's an excellent question!

 

Of course with processing, we always recommend taking a card in the most secure manner, such as a chip card in our Contactless Chip Card reader. While a payment dispute does have a possibility of being opened even with chipped transactions, we would still have the ability to challenge the case on your behalf with the bank. 

Message 23 of 28
1,334 Views

Could you explain what a BAA is and why it's important, and what it means for sellers that Square has one of these? 

Message 24 of 28
1,377 Views
Square

Hi again @DianaP - BAA stands for “business associate agreement”. Here’s a full definition on this page with more information about how it relates to HIPPA. It gets a bit technical, but I don’t want to misrepresent so click through to learn more. For the tl;dr (too long; didn’t read aka simplified answer), on Square it means that sellers who are in the healthcare space can process payments.

Message 25 of 28
1,360 Views

My credit card and banking apps require my thumbprint to enter them.  Since I am holding dozens of customers' private information on my Square app, will Square be adding the thumbprint security to the app any time soon?

Message 26 of 28
1,368 Views
Alumni

We ran out of time to answer this one live @emailbuff, but we'll be getting back to you soon. Thanks again for adding it!🙏

Message 27 of 28
1,354 Views
Square

Best Answer

Thank you all for the great questions—we’re really glad you took the time to participate.

 

We’re always working to keep your business and your customers’ data secure. But there’s a lot you can do on your end to keep yourself safe, as well. To wrap this up, I thought I’d leave you with my top tips for keeping your Square account safe:

 

  • Make sure you choose a strong, unique password—and only use it for your Square account. I know it’s hard to keep track of multiple passwords, but if you use your password multiple times outside of the Square website, you’re increasing your risk of that information being compromised in a data breach. You might consider using a password manager such as 1Password, which will help you keep track of all of your login information without opening yourself up to an attack.
  • Enable 2-step verification on your Square account. We have a great team that monitors your Square account for unusual activity, but you can add an extra layer of protection by linking your phone number to your account. Every time there’s a login attempt on your account, two-step verification confirms that it’s really you by asking you to verify the login on a separate device (your phone). That way, even if a hacker were to get hold of your information from a website outside of Square, they would also have to have gotten ahold of your phone. It’s even better to enable two-step verification on all of your accounts, like your email and your bank accounts.
  • Keep an eye out for phishing emails. Make sure you’re verifying the sender of any email you receive; any emails from Square will come from an address ending in @messaging.squareup.com. Be wary of emails that don’t address you by name (“Hello, Customer”). And while Square does review accounts from time to time and may ask for personal information, you’ll never be asked to provide the following via email: SSN (even the last 4 digits), full credit card numbers, 2-Step verification code, password, or point of sale passcode.

View Best Answer >

Message 28 of 28
4,402 Views