We know your business relies on the safety and accessibility of your Square account, and we take our role in helping protect your business information seriously.
Over the past few months, we’ve rolled out a number of features to help enhance the security of your account. Here’s what we’ve changed to help make your Square accounts as secure as possible:
1. Retiring security questions
You might be familiar with being prompted to fill out an answer associated with account security across a variety of online services. These “security questions” were an optional feature Square has had for years to help protect accounts from unauthorized access. Many websites for critical services — like banks, city utilities, and marketplaces — still use security questions before resetting your password or verifying your identity.
However, as your personal information becomes more and more accessible via public records and social networks, the answers to these questions are more easily found online, reducing the effectiveness as a security feature. The answers to these questions can also be forgotten or change over time (such as your favorite movie or your pet’s name), meaning that security questions have become a common source of confusion and frustration for small business owners.
With all that in mind, we decided to retire the questions once and for all a few years ago and we’re not alone. Google dropped security questions as a way to verify users in 2014. As we wind down security questions, we’re transitioning small business owners to a more secure, two-factor verification approach (read more below).
2. Two-factor verification
Two-factor verification is one of the best ways to help ensure that only you can access your account. Two-factor verification uses both something you know (a password), and something you have (your device) to confirm it’s you before you can log in.
After enabling 2-Step Verification for your Square account, you first need to enter the password associated with your account. Once that has been accepted, you’re prompted to enter a one-time code via either SMS or Google Authenticator (Android, iOS) before finally logging in to the system. With this approach, even if your password is stolen, a malicious actor can’t access your account unless they also have access to your phone.
3. Verification for authorized representatives
Every now and then you or someone on your team may need to contact Square Support for help or with questions about your account. Square allows account owners to add and manage Authorized Representatives in the Account & Settings section of Square Dashboard, and to designate these trusted individuals as people who are able to discuss account-specific information with the Square Customer Success team.
From a security standpoint, Square has gone one step further and introduced a dynamic authentication feature before Customer Success can discuss account information with your Authorized Representative. Similar to the SMS-based 2-Step Verification flow, you must register the representative with their email and phone number and, when they call support, Square sends them a one-time verification code before they can proceed.
There are also important things you can do to keep your accounts safe. According to the FDIC, here are some security safety measures business owners can take:
- Use secure internet
- Change your passwords often
- Use a reputable antivirus software or virtual private network (VPN)
- Look out for phishing email attempts
Your business’s payment data, hardware, and organization are supported by security technology at Square. When used as intended, all Square software is PCI compliant. Keep an eye out here for more updates and make sure to use security best practices to keep your account safe.