x
Alumni

Live Q&A: Ask us anything about Square and Security

On Thursday August 16th at 1 PM PST / 4 PM EST, we hosted a Live Q&A about Square and security. We know that the terms thrown around like security, data breaches, and fraud can be overwhelming and intimidating as you try to keep your business and customers safe. We had @flee, one of our security experts, here to answer any of your questions about these terms, PCI compliance, and how Square has you covered.

 

@flee is the Head of Information Security at Square. He has a history of solving security problems for a range of organizations all the way from large enterprises (Bank of America) to small startups (Twillio). He's experienced in building and leading global security teams and specializes in application security. He's passionate about all things security, but finds time to indulge in other hobbies including road cycling, mountain biking, rock climbing, snowboarding, backpacking, and photography.

 

A couple example questions:

 

  • What kinds of security breaches should I be concerned about as a business owner?
  • What does Square do to ensure that I’m protected from security threats?
  • What can I do as a business owner to ensure I’m not susceptible to a hack? 

API-Webhero_Medium.jpg

21,380 Views
Message 1 of 29
Report
1 Best Answer
Square

Best Answer

Thank you all for the great questions—we’re really glad you took the time to participate.

 

We’re always working to keep your business and your customers’ data secure. But there’s a lot you can do on your end to keep yourself safe, as well. To wrap this up, I thought I’d leave you with my top tips for keeping your Square account safe:

 

  • Make sure you choose a strong, unique password—and only use it for your Square account. I know it’s hard to keep track of multiple passwords, but if you use your password multiple times outside of the Square website, you’re increasing your risk of that information being compromised in a data breach. You might consider using a password manager such as 1Password, which will help you keep track of all of your login information without opening yourself up to an attack.
  • Enable 2-step verification on your Square account. We have a great team that monitors your Square account for unusual activity, but you can add an extra layer of protection by linking your phone number to your account. Every time there’s a login attempt on your account, two-step verification confirms that it’s really you by asking you to verify the login on a separate device (your phone). That way, even if a hacker were to get hold of your information from a website outside of Square, they would also have to have gotten ahold of your phone. It’s even better to enable two-step verification on all of your accounts, like your email and your bank accounts.
  • Keep an eye out for phishing emails. Make sure you’re verifying the sender of any email you receive; any emails from Square will come from an address ending in @messaging.squareup.com. Be wary of emails that don’t address you by name (“Hello, Customer”). And while Square does review accounts from time to time and may ask for personal information, you’ll never be asked to provide the following via email: SSN (even the last 4 digits), full credit card numbers, 2-Step verification code, password, or point of sale passcode.

View Best Answer >

16,165 Views
Message 28 of 29
Report
28 REPLIES 28
Alumni

That's probably more of a disputes question @Gretsimac@René can jump in here!

3,782 Views
Message 22 of 29
Report
Square

Hello @Gretsimac! That's an excellent question!

 

Of course with processing, we always recommend taking a card in the most secure manner, such as a chip card in our Contactless Chip Card reader. While a payment dispute does have a possibility of being opened even with chipped transactions, we would still have the ability to challenge the case on your behalf with the bank. 

3,775 Views
Message 23 of 29
Report

Could you explain what a BAA is and why it's important, and what it means for sellers that Square has one of these? 

3,818 Views
Message 24 of 29
Report
Square

Hi again @DianaP - BAA stands for “business associate agreement”. Here’s a full definition on this page with more information about how it relates to HIPPA. It gets a bit technical, but I don’t want to misrepresent so click through to learn more. For the tl;dr (too long; didn’t read aka simplified answer), on Square it means that sellers who are in the healthcare space can process payments.

3,801 Views
Message 25 of 29
Report

My credit card and banking apps require my thumbprint to enter them.  Since I am holding dozens of customers' private information on my Square app, will Square be adding the thumbprint security to the app any time soon?

3,809 Views
Message 26 of 29
Report
Alumni

We ran out of time to answer this one live @emailbuff, but we'll be getting back to you soon. Thanks again for adding it!🙏

3,795 Views
Message 27 of 29
Report
Square

Best Answer

Thank you all for the great questions—we’re really glad you took the time to participate.

 

We’re always working to keep your business and your customers’ data secure. But there’s a lot you can do on your end to keep yourself safe, as well. To wrap this up, I thought I’d leave you with my top tips for keeping your Square account safe:

 

  • Make sure you choose a strong, unique password—and only use it for your Square account. I know it’s hard to keep track of multiple passwords, but if you use your password multiple times outside of the Square website, you’re increasing your risk of that information being compromised in a data breach. You might consider using a password manager such as 1Password, which will help you keep track of all of your login information without opening yourself up to an attack.
  • Enable 2-step verification on your Square account. We have a great team that monitors your Square account for unusual activity, but you can add an extra layer of protection by linking your phone number to your account. Every time there’s a login attempt on your account, two-step verification confirms that it’s really you by asking you to verify the login on a separate device (your phone). That way, even if a hacker were to get hold of your information from a website outside of Square, they would also have to have gotten ahold of your phone. It’s even better to enable two-step verification on all of your accounts, like your email and your bank accounts.
  • Keep an eye out for phishing emails. Make sure you’re verifying the sender of any email you receive; any emails from Square will come from an address ending in @messaging.squareup.com. Be wary of emails that don’t address you by name (“Hello, Customer”). And while Square does review accounts from time to time and may ask for personal information, you’ll never be asked to provide the following via email: SSN (even the last 4 digits), full credit card numbers, 2-Step verification code, password, or point of sale passcode.
16,166 Views
Message 28 of 29
Report

I am trying to figure out HOW to add encryption to my website. How do you do that? I am really new at this, so I know what I need to do, just not how to do it.

1,976 Views
Message 29 of 29
Report