PCI Compliance and Android v4.0.4 and Earlier
To protect your data and ensure PCI compliance, Square will no longer accept data connections from any browsers and operating systems that use Transport Layer Security (TLS) v1.0 or v1.1 after June 1, 2018. TLS v1.0 and v1.1 are used by very outdated browsers and operating systems, including Android v4.0.4 (and earlier) and iOS 4 (and earlier).
Customers who are currently using a device running outdated operating system versions need to update to a newer version before 1st June 2018, to continue using Square. Though any version newer than Android v4.0.4 and iOS 4 will work, we always recommend updating to the latest operating system version to ensure full functionality, and updated security. In some cases, updating to the latest version of an operating system may also require a device upgrade.
What is PCI compliance?
PCI compliance refers to the Payment Card Industry Data Security Standard (PCI DSS). This regulation was implemented in 2006 by the five largest credit card brands—Visa, Mastercard, Discover, American Express and JCB—in response to the increasing risk of data theft brought by bringing payment processing technology online.
The PCI Security Standards Council was created as an independent body to help ensure compliance with this regulation. To do so, it sets standards and establishes requirements for sellers to adhere to. These standards include everything from PCI-compliant applications and self-assessment questionnaires to recommendations on how to secure data when accepting a credit card payment. Non-compliance puts sellers at risk for data breaches, hefty fines, and, should a breach occur, costly forensic audits, investigations, and potential brand damage.
To learn more about PCI compliance please read, PCI Compliance What You Need to Know
What is changing?
Transport Layer Security (TLS) is the Internet standard security protocol leveraged by companies of all industries to secure communications between servers, web browsers, and mobile apps. There are three different versions of the TLS protocol in use today—v1.0, v1.1, and v1.2—though all modern browsers and operating systems use v1.2 to secure data.
Security experts have determined that TLS v1.0 and v1.1 have certain weaknesses that put payment data at risk. As result, the PCI Security Standards Council determined payment companies accepting data from browsers and operating systems leveraging TLS v1.0 will no longer be considered PCI compliant after 30 June, 2018.
The browsers and operating systems that we’ve identified to be affected by this change include Android v4.0.4 and earlier, iOS 4 and earlier, and older versions of common web browsers. Additionally, we are deprecating support for Square Point of Sale Android v4.41.4 and earlier, as that version of the app is commonly used on older operating systems.
How does this affect me?
As of June 1st 2018, Square no longer accepts payment data from browsers and operating systems leveraging TLS v1.0 or v1.1, to ensure that we protect your data and maintain PCI compliance. The vast majority of Square customers will not be affected by this change; however, those still using Android v4.0.4 (and earlier), iOS 4 (and earlier) and/or older versions of web browsers will need to update their device’s operating system and/or browser to continue using Square.
Android customers will need to update to Android v4.1 or newer and Point of Sale v4.41.5 or newer to continue processing payments with Square. Support for offline payments on the older versions of Point of Sale (4.41.4 and earlier) will be deprecated on 15th May 2018 in anticipation of this change.
To learn how to check your device’s current operating system and update appropriately, read Update Your Device Software.
To learn how to check your version of Point of Sale, and update appropriately, read Update the App on an Android Device.
Note: You may need to upgrade your device to be able to access a newer version of the operating system. Though any operating system version newer than Android v4.0.4 will work, we always recommend updating to the latest version to ensure functionality, and the most updated security. To learn which Android devices and operating system versions are currently compatible with Square, see Device Compatibility.
iOS customers will need to be on iOS 5 or newer. To learn how to check your device’s current operating system and update appropriately, read Update Your Device Software.
Note: iOS 4 was released in June 2010. Given the age of the software, it is likely you may need to upgrade your device to access a newer version of the operating system. Though any operating system version newer than iOS 4 will work, we always recommend updating to the latest version to ensure full functionality, and the most updated security. To learn which devices and operating system versions are currently compatible with Square, see Device Compatibility.