[Board] Square Register

stardot at comcast.net stardot at comcast.net
Fri Apr 1 14:07:54 MDT 2016 

There is a big difference. Intuit itself is certainly PCI certified, but Intuit also requires that the merchant be PCI certified because their POS system processes information locally and stores some information on the local computer before sending it to Intuit. With Square, the card data is encrypted as it is read and sent directly to Square for processing. The local iPad never sees customer information and the merchant does not need to be PCI certified. I'm not certain, but I think the card reader used by QuickBooks POS (and many others) reads the card information raw and sends it to the computer to be encrypted while the card reader for Square has built-in hardware encryption. 

----- Original Message -----

From: "Dan Gingras" <dan at dangingras.net> 
To: "Board of Directors" <board at portsmouthyc.org> 
Sent: Friday, April 1, 2016 2:37:53 PM 
Subject: Re: [Board] Square Register 



Ok, I’m a bit confused.   Intuit POS is PCI certified,  (See: https://security.intuit.com/pci-dss.html )   and so is Square, so I’m not sure why one would require a different level of PCI-DSS than the other.   One thing I think is required is unique ID’s for each user and Square charges $5 for each of those.    Both use our network, so the appropriate level of security should be required of each, which includes : 

PCI DSS includes the following requirements: 

·          Install and maintain a firewall configuration to protect cardholder data. 

·          Do not use vendor-supplied defaults for system passwords and other security parameters. 

·          Protect stored cardholder data. 

·          Encrypt the transmission of cardholder data across open, public networks. 

·          Use and regularly update anti-virus software. 

·          Develop and maintain secure systems and applications. 

·          Restrict access to cardholder data. 

·          Assign a unique ID to each person with computer access. 

·          Restrict physical access to cardholder data. 

·          Track and monitor all access to network resources and cardholder data. 

·          Regularly test security systems and processes. 

·          Maintain a policy that addresses information security. 

  

Not sure where the two diverge in terms of requirements. 

  

Dan 

  

  


From: Board [mailto:board-bounces at portsmouthyc.org] On Behalf Of stardot at comcast.net 
Sent: Friday, April 1, 2016 11:16 AM 
To: Board of Directors <board at portsmouthyc.org> 
Subject: [Board] Square Register 


  


  


 All - 


(I know it is April 1 but this is not an April Fool's prank.) I have been working to set up Square Register and have gone through almost all of the necessary setup. In many ways, I like it much better than QuickBooks POS and I was planning to implement it at Docks In. I have been testing sales using  small amounts of money and that all worked fine, but yesterday I was caught off guard by what may be an important issue. It seems that Square sells things only in unit quantities - you can't sell a fraction of an item. This makes it difficult to sell 14.7 gallons of gas. We can easily sell in units of 1/10 of a gallon, 147 tenth gallons instead of  14.7 gallons, but this means the price per gallon would always be multiples of a dime (18 cents per tenth gallon would  be $1.80 per gallon, 19 cents per tenth gallon would be $1.90 per gallon, etc. and you can't make a price with fractions of a penny). Another option, probably better, would be to sell the whole  gallons at the desired price per gallon and enter any tenths as a separate item. Square says they are working on it, lots of businesses want to hook up a scale or sell in fractions of a pound, but for today a fraction of a unit is not a feature. 


  


I need some feedback - do you consider this to be a dealbreaker? QuickBooks POS is still fully functional. Rounding the price per gallon up or down a penny or two would not be a big deal, and we don't have so many fuel sales that entering two line items would be a huge hassle, but either way is less than optimal. Please let me know  your thoughts. 


Doyle 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://portsmouthyc.org/pipermail/board_portsmouthyc.org/attachments/20160401/d4ccffdd/attachment.htm>

More information about the Board mailing list