Freedom, Business, Controversy and Fitness

Square Card Reader – Business in your pocket!

Square card reader – business in your pocket!

What is it? It’s a credit card reader that plugs into your iPhone or Android head phone jack. You go to their website and download their software. They even give you the square reader for free!

Perfect for your small business! Say for example you are a personal trainer an you want to do in home personal training (remember my personal training article) that’s where the money’s at! Ok so you go to the house and you charge $150 an hour you tell them $150hr cash $160-$175 credit and you can just whip out your phone and accept credit cards!

Or for example you are at a trade show/ flea market/ farmers market and you don’t have electric outlets for a credit card machine… Boom whip out your phone!

They have 2 types of payment plans one for really small businesses and one for small businesses

Payment plans:
1. Is 2.75% per swipe for the occasional sale
2. Is $275 per month if you have large volume sales.

This is a genius app! I have seen it once at a trade show! I love it!

As you probably know if you have read my blog before, I do cyber security, so let’s look into their security practices:

Physical and Network Security

Square’s network and servers are housed in a secure facility monitored around the clock by dedicated security staff.
Card-processing systems adhere to PCI Data Security Standard (PCI-DSS) Level 1.
Square requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
Square uses standard, well-reviewed cryptographic protocols and message formats (such as SSL and PGP) when transferring data.
Square requires that cryptographic keys are at least 128 bits long. Asymmetric keys must be at least 2048 bits long.
Square’s website and API are accessible via 128-bit, extended-validation SSL certificates issued by VeriSign.
Square regularly installs security updates and patches on its servers and equipment.
Security settings of applications and devices are tuned to ensure appropriate levels of protection.
Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.

Web and Client Application Security

Square’s software is developed using industry standard security best practices.
Card processing applications adhere to PCI Data Security Standard (PCI-DSS) Level 1.
Square prohibits the storage of card numbers, magnetic stripe data and security codes on client devices.
Applications developed in-house are subject to strict quality testing and security review.
Web development follows industry-standard secure coding guidelines, such as those recommended by OWASP.

Organizational Security

Square mandates that employees act in accordance with security policies designed to keep merchant data safe.
Square requires sensitive data to be encrypted using industry-standard methods when stored on disk or transmitted over public networks.
Square controls access to sensitive data, application data and cryptographic keys.
Two-factor authentication and strong password controls are required for administrative access to systems.
Security systems and processes are tested on a regular basis by qualified internal and external teams.
Access to secure services and data is strictly logged, and audit logs are reviewed regularly.
Security policies and procedures are carefully documented and reviewed on a regular basis.
Detailed incident response plans have been prepared to ensure proper protection of data in an emergency.

Research and Disclosure

Square recognizes the important contributions that our users and the security research community
can make. We encourage responsible reporting of problems with our service. We also recognize that
legitimate and well-intentioned researchers are sometimes blamed for the problems they disclose.
In order to encourage responsible reporting practices, we promise not to bring legal action
against researchers who point out a problem, provided they:

Share with us the full details of any problem found.
Do not disclose the issue to others until we’ve had reasonable time to address it.
Do not intentionally harm the experience or usefulness of the service to others.
Never attempt to view, modify or damage data belonging to others.
Do not seek compensation or reward for the report.
If you believe you have discovered a problem, please contact us at

The security settings sound right. Without more specific details, I can’t say for sure, but the encryption standards are industry standard.

I ordered one, I should get it this week any day now.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s