PCI compliance and self-assessment

GBI

Hi all,

The small US business I work for has been doing PCI compliance self-assessments for several years with two international compliance companies (TSYS and Paysafe PCI). I have been tasked with doing this year's assessments. We use only Square One for bookstore terminal, and a Square One web store.

I see that Square One is PCI-SSC compliant, and "Square does not require sellers to complete an SAQ or to self-validate since Square hardware and software complies with the PCI DSS." If we are an exclusively Square One user. Do we still need to be doing these assessments with these companies? It's all very confusing.

Thanks!

P.S. The reason I am asking this is that in the merchant profile, it asks me: "Are your Payment card terminals or Point-of-Sale systems using a PCI SSC approved Point-to-Point Encryption (P2PE) hardware solution?" If I select, Yes, and go to the next screen, I have no idea what to choose as my P2PE solution from the long list!

Laurie_

Hi there @GBI 👋,

Thank you for reaching out to us!

Firstly, I want to clarify whether your business has signed up for a Square account or a Square One account. I tried to find more information about Square One but couldn't locate much.

If you're looking to understand more about PCI Compliance and how it relates to Square, a great place to start would be our online guide here. I also suggest reviewing Square's Security Policy for more information.

If you still have more questions and can confirm that the business is indeed using a Square account, could you provide more details about the question you're hoping to answer? We can raise this internally to see what information we can track down for you.

Laurie
Community Moderator, Australia, Square
Sign in and click Mark as Best Answer if my reply answers your question.

GBI

Hi Laurie_

Thanks for replying! My confusion. We are using Square. For hardware, we are using a Square Reader connected to an Ipad with the Square software with internet access.

The small nonprofit I work for has been doing these compliance self-assessments and attestations for a few years. through the companies I mentioned in my first message. I recently inherited this this compliance task with no background in this stuff at all! Honestly, I really don't know why we are doing this if Square provides full compliance. Anyway...

Specifically, one of the first questions asked for the Business Profile is: "Are your payment card terminals or Point-of-Sale systems using a PCI SSC approved Point-to-Point Encryption (P2PE) hardware solution? (Y/N)"

I don't know how to answer this for Square. I'm assuming, Yes?