Last October I mentioned the Square iPhone payment system, a new start up business from Twitter founder Jack Dorsey. In December they started a live customer trial and they recently announced that they are taking signups for their pilot programme.

Square allows anyone with a mobile device (currently only iPhone and the iPod touch are supported) and the square dongle to accept credit card payments. The square dongle is a small magnetic reader that plugs into the headphone jack of the mobile device. Once a card is swiped the dongle reads the card and converts the data to an audio signal. This audio signal is then picked up by the microphone and routed to the square software. From here the data is encrypted and sent the the payment network for approval. Instant confirmation of the payment is displayed on the device and also sent to both parties via SMS or email. The following video from Square gives an introduction to the system.



The video highlights what I feel are the two most important selling points of the square system:

Target Audience - it is aimed at both merchants and consumers, anyone can accept payments.

Simplicity - Easy to setup, there are no contracts, no monthly fees and you can start accepting payments immediately.

It is still early days for SquareUp but if they can live up to the claims on their website and in the video above then I expect they will present a challenge to the major players in mobile and online payments.

Dave

--

If you liked this article then you can:

• Subscribe to our Blog RSS feed
• Become a fan of webpayments.ie on Facebook
• Follow us on Twitter

Related Blog Posts:

• Word on the Web - 23/10/2009
• Word on the Web - 04/12/2009

PCI DSS is a security standard that applies to anyone who stores, processes or transmits cardholder data. This includes Payment Service Providers and merchants. I know most of the readers of this blog fall into the latter category. Merchants can approach PCI DSS in a number of different ways such as using in-house expertise, outsourcing PCI Compliance to an external party (more of a checkbox approach in my opinion) or using a PCS DSS solution from a third party.

If you are a small merchant you may not be able to afford any of these options but you still need to be compliant. In that case the best option is to limit the risk and thus reduce the scope for PCI DSS. To begin with you should not store cardholder information under any circumstances. If the storage of cardholder information is a requirement for your business then we recommend you find a Payment Service Provider who can do this for you. The RealEFT service from Realex Payments and the SecureCard service from WorldNet TPS are two services that are designed specifically to meet this requirement.
 
If you want to reduce your risk even further then you can use a hosted payments page integration option so you ensure that cardholder information never comes in contact with your website or server. The customer will enter their card details on the secure hosted payment page provided by your payment service provider. With this option the sensitive cardholder information does not come in contact with your website or server. For more information on PCI DSS you can read our PCI DSS Guide, look at the PCI Councils website or ask a question on our PCI DSS forum.

Dave

--

If you liked this article then you can:

• Subscribe to our Blog RSS feed
• Become a fan of webpayments.ie on Facebook
• Follow us on Twitter

Related Blog Posts:

• PCI Compliance is not a big deal?
• Who cares about PCI DSS?

Related Articles:

• PCI Compliance Resources
• PCI DSS Forum
• PCI DSS Guide