x
Your opinion in 1 minute.
Help us improve by answering 4 quick questions.
Take Survey Now
18.227.89.244
18.227.89.244
Start Thread
Can't find what you're searching for? Start Thread
Announcements
Stay tuned and register for all of the exciting Community events on our Events Calendar!
katieand
Alumni
‎07-13-2018 02:53 PM

Live Q&A: Ask us anything about Square and Security

On Thursday August 16th at 1 PM PST / 4 PM EST, we hosted a Live Q&A about Square and security. We know that the terms thrown around like security, data breaches, and fraud can be overwhelming and intimidating as you try to keep your business and customers safe. We had @flee, one of our security experts, here to answer any of your questions about these terms, PCI compliance, and how Square has you covered.

 

@flee is the Head of Information Security at Square. He has a history of solving security problems for a range of organizations all the way from large enterprises (Bank of America) to small startups (Twillio). He's experienced in building and leading global security teams and specializes in application security. He's passionate about all things security, but finds time to indulge in other hobbies including road cycling, mountain biking, rock climbing, snowboarding, backpacking, and photography.

 

A couple example questions:

 

  • What kinds of security breaches should I be concerned about as a business owner?
  • What does Square do to ensure that I’m protected from security threats?
  • What can I do as a business owner to ensure I’m not susceptible to a hack? 

API-Webhero_Medium.jpg

Labels:
21,392 Views
Message 1 of 29
Report
1 Best Answer
flee
Square
‎12-10-2018 03:45 PM

Best Answer

Thank you all for the great questions—we’re really glad you took the time to participate.

 

We’re always working to keep your business and your customers’ data secure. But there’s a lot you can do on your end to keep yourself safe, as well. To wrap this up, I thought I’d leave you with my top tips for keeping your Square account safe:

 

  • Make sure you choose a strong, unique password—and only use it for your Square account. I know it’s hard to keep track of multiple passwords, but if you use your password multiple times outside of the Square website, you’re increasing your risk of that information being compromised in a data breach. You might consider using a password manager such as 1Password, which will help you keep track of all of your login information without opening yourself up to an attack.
  • Enable 2-step verification on your Square account. We have a great team that monitors your Square account for unusual activity, but you can add an extra layer of protection by linking your phone number to your account. Every time there’s a login attempt on your account, two-step verification confirms that it’s really you by asking you to verify the login on a separate device (your phone). That way, even if a hacker were to get hold of your information from a website outside of Square, they would also have to have gotten ahold of your phone. It’s even better to enable two-step verification on all of your accounts, like your email and your bank accounts.
  • Keep an eye out for phishing emails. Make sure you’re verifying the sender of any email you receive; any emails from Square will come from an address ending in @messaging.squareup.com. Be wary of emails that don’t address you by name (“Hello, Customer”). And while Square does review accounts from time to time and may ask for personal information, you’ll never be asked to provide the following via email: SSN (even the last 4 digits), full credit card numbers, 2-Step verification code, password, or point of sale passcode.

View Best Answer >

16,177 Views
Message 28 of 29
Report
28 REPLIES 28
katieand
Alumni
‎08-16-2018 02:34 PM

In response to Gretsimac

That's probably more of a disputes question @Gretsimac@René can jump in here!

0 Likes
3,794 Views
Message 22 of 29
Report
René
Square
‎08-16-2018 02:41 PM

In response to Gretsimac

Hello @Gretsimac! That's an excellent question!

 

Of course with processing, we always recommend taking a card in the most secure manner, such as a chip card in our Contactless Chip Card reader. While a payment dispute does have a possibility of being opened even with chipped transactions, we would still have the ability to challenge the case on your behalf with the bank. 

0 Likes
3,787 Views
Message 23 of 29
Report
DianaP
‎08-16-2018 01:40 PM

Could you explain what a BAA is and why it's important, and what it means for sellers that Square has one of these? 

3,830 Views
Message 24 of 29
Report
flee
Square
‎08-16-2018 02:12 PM

In response to DianaP

Hi again @DianaP - BAA stands for “business associate agreement”. Here’s a full definition on this page with more information about how it relates to HIPPA. It gets a bit technical, but I don’t want to misrepresent so click through to learn more. For the tl;dr (too long; didn’t read aka simplified answer), on Square it means that sellers who are in the healthcare space can process payments.

3,813 Views
Message 25 of 29
Report
emailbuff
‎08-16-2018 01:53 PM

My credit card and banking apps require my thumbprint to enter them.  Since I am holding dozens of customers' private information on my Square app, will Square be adding the thumbprint security to the app any time soon?

3,821 Views
Message 26 of 29
Report
katieand
Alumni
‎08-16-2018 02:20 PM

In response to emailbuff

We ran out of time to answer this one live @emailbuff, but we'll be getting back to you soon. Thanks again for adding it!🙏

0 Likes
3,807 Views
Message 27 of 29
Report
flee
Square
‎12-10-2018 03:45 PM

Best Answer

Thank you all for the great questions—we’re really glad you took the time to participate.

 

We’re always working to keep your business and your customers’ data secure. But there’s a lot you can do on your end to keep yourself safe, as well. To wrap this up, I thought I’d leave you with my top tips for keeping your Square account safe:

 

  • Make sure you choose a strong, unique password—and only use it for your Square account. I know it’s hard to keep track of multiple passwords, but if you use your password multiple times outside of the Square website, you’re increasing your risk of that information being compromised in a data breach. You might consider using a password manager such as 1Password, which will help you keep track of all of your login information without opening yourself up to an attack.
  • Enable 2-step verification on your Square account. We have a great team that monitors your Square account for unusual activity, but you can add an extra layer of protection by linking your phone number to your account. Every time there’s a login attempt on your account, two-step verification confirms that it’s really you by asking you to verify the login on a separate device (your phone). That way, even if a hacker were to get hold of your information from a website outside of Square, they would also have to have gotten ahold of your phone. It’s even better to enable two-step verification on all of your accounts, like your email and your bank accounts.
  • Keep an eye out for phishing emails. Make sure you’re verifying the sender of any email you receive; any emails from Square will come from an address ending in @messaging.squareup.com. Be wary of emails that don’t address you by name (“Hello, Customer”). And while Square does review accounts from time to time and may ask for personal information, you’ll never be asked to provide the following via email: SSN (even the last 4 digits), full credit card numbers, 2-Step verification code, password, or point of sale passcode.
16,178 Views
Message 28 of 29
Report
aragon64
‎10-08-2022 02:41 PM

I am trying to figure out HOW to add encryption to my website. How do you do that? I am really new at this, so I know what I need to do, just not how to do it.

0 Likes
1,986 Views
Message 29 of 29
Report
Anonymous
Anonymous

Events

© 2022 Square, Inc.