ManualsPro Square Square Contactless and Chip Reader Compliance and Use

Square Contactless and Chip Reader Compliance and Use

June 2, 2024
Square

Square Contactless and Chip Reader

Square Contactless

Introduction

Square’s Contactless and Chip Reader enables acceptance of EMV and NFC based transactions. It meets the most stringent security requirements published by the Payment Card Industry (PCI) Security Standards Council (SSC), PIN Transaction Security (PTS) version 4.1.
The purpose of this document is to address the security requirements as listed in the PCI PTS Point of Interaction (POI) version 4.1 Derived Test Requirements (DTRs) B20. As required by PCI SSC this document can be placed in the public domain.

Environment description

The Square Contactless and Chip Reader (“Reader”) is a secure payment device that is designed for use by merchants in many industries for accepting card- present payment transactions. The Reader only works with the Square Register application and a compatible mobile device1 running in a Square Stand (https://squareup.com/stand). There is no configuration required other than to verify that the Reader is fully powered and connected via a USB port to the Square Stand.

Installation and inspection

Sellers can order a Reader on the Square website (https://squareup.com) or purchase one at a number of retail outlets (https://squareup.com/retail). Upon receipt of the Reader, the Seller should inspect that the hardware version (S8) and serial number are visible on the underside of the Reader.

Bottom view:

Bottom view

Isometric top-down view:

top-down view:

Front view:

Front view

Side view:

Side view

Back view:

Back view

Square Reader Authentication and Use
Authentication of the Square Reader

Upon receipt, the operator can connect the Square Reader to the USB hub of the Square Stand. The Square Reader is crypto graphically authenticated to both the Register application and Square back-end servers. If the Square Reader is valid, it will register as such with the
Square Register application. If the operator has received an unauthorized reader, the Square
Register application will indicate the reader cannot be used with the application. The user does not have configurable application or Reader settings for the authentication function.

Using the Square reader

How to obtain a Square Reader
The Square Reader may be obtained either via the Square website or via an approved retail location. The Square Reader is ready for use upon receipt. (The Seller should verify that
Square offers payment processing in their country.) To use, simply remove the Square Reader from the packaging and connect to a USB port of the Square Stand. The Square Reader should authenticate itself to the Square Register application and operation can continue.
Attributes of a Square Reader
The Square Reader has the following approval classes: Secure Card Reader (SCR), Secure Read and Exchange of Data (SRED), Integrated Chip Card Reader (ICCR). The Square Reader is intended for use in environments with attended payments; it is not intended for use as an unattended payment terminal (UPT).
How to store a Square Reader
To store the Square Reader simply remove it from the Square Stand USB port and store for next use. In the event the Seller will not use the Square Reader for more than twelve (12) months at a time, be sure to charge the Square Reader prior to storage and periodically to preserve its readiness.
Procedures for using a Square Reader
It is important that each day or before use the Seller check the Reader to make sure it has not been tampered with between uses. This can be easily done by looking at the chip card slot to verify there are no foreign objects such as capture devices, card skimmers, extra wires/cables or other materials.
The Square Register application will convey operational messages from the Reader including when the device is ready for payment and when a payment data capture is complete. The Square Reader has no user-configurable security options.
Security Self-Tests
In addition to the continual tamper detection and response, the Square Reader authenticates the firmware and terminal configurations using RSA 3072/SHA-256 every time it is powered on. The Square Reader also implements a forced reboot every 23.5 hours which initiates the  same self-tests as when the device is powered on.
How to decommission a Square Reader
To decommission the Square Reader please ship the device to the following address for decommissioning:
Square, Inc.℅
: Reader Decommissioning
1455 Market St, Suite 600
San Francisco, CA 942103
USA
How to review the hardware and firmware version
A Square Seller can confirm the hardware version by physical inspection as described above. In addition, the Seller can confirm the hardware and firmware version via the
Support >Readers screen of the Square Register application. The PCI approved firmware version is 2.2 which is displayed as “202xxx”

Square Reader Security
Privacy shielding

The Square Reader is not a PIN-entry device and, in accordance with PCI POS PED Security Requirements and EPP Security Requirements technical FAQs version 2.0, does not require a privacy screen.

Firmware and software update

Square will update the firmware associated with the Square Reader automatically and as needed. This will occur in the background without user interaction required. In the event of a critical update, the Square Register software will notify the user of the critical nature of the update and advise a course of action for applying the update. Based on the criticality of the update, Square may disable transaction processing until a firmware update is successfully applied.

Infrequent or seasonal use

The Square Reader has a primary battery and backup battery. The primary battery is used for operation of the Square Reader. The backup battery is used to maintain the tamper-detection features of the Square Reader. If the primary battery is entirely discharged the backup battery will maintain tamper- detection of the device for one year. If the Square Reader is not fully charged annually it will enter into a tampered state and become inoperable. Common use and recharging of the primary battery will prevent the Square Reader from entering a tampered state. For infrequent or seasonal users of the Square Reader we recommend charging the Square Reader fully at least once each year.

Tamper Detection and Response

External Inspection of Square Reader
Under normal operation, Square Reader employs internal active tamper-response mechanisms as described below. These mechanisms are enforced automatically and do not require any initial configuration by the user.
Prior to accepting payments with Square Reader, the user must inspect the Reader for evidence of external tampering. Procedures should include, at minimum, examination to identify:

  • Evidence of inserts, wires, overlays or any unknown component connected to the Reader or inside the card slot
  • Evidence of modification or disassembly of the Reader
  • Visible or tactile changes to the cable connections or card slot

Please contact Square Support at https://squareup.com/square support if you discover any evidence of external tampering.

Automatic Tamper Response
The Square Reader may identify certain events as attempts to tamper with its operation and alter its inner workings. If the Square Reader identifies a tamper event it will erase the encryption key material it contains and become inoperable.
The Square Reader is rated for normal operation and any of the below scenarios may tamper the device and cause it to become inoperable:

  • Temperatures outside of the range of 0 and 40 degrees Celsius
  • Voltage outside of the range of 1.6 and 3.9 volts
  • Any attempt to open/disassemble/take apart the Square Reader or access parts inside

The Square Reader is intended to be fully charged once a year. If the Square Reader’s primary battery is fully discharged and left for more a year without a recharge it may become inoperable.
The Seller can detect if a tamper event has occurred by connecting the Square Reader to an approved mobile device with the Register application installed. Opening the Register application will notify the Seller if the device has reached a tamper event.
If the Square Reader experiences one of the above tamper events, Square will reach out to the Seller and communicate as appropriate how to return the Square Reader to Square for secure disposal and replacement.

Software development guidance

The Square Reader is designed for use with Square products and applications, and does not work with other applications. All code is developed, written, and managed by Square.
Square developers must refer to the Software Engineering and Vulnerability Management Procedures when developing new software for Square Readers.

Encryption and key management

The Square Reader is only intended for use with other Square applications and services. Square performs all key management, key loading, and acquiring. Operating the device with any other key loading, acquirer, or key management will render the device inoperable. In addition, the use of the device with different key management systems will invalidate the PCI approval of this device.
All of the cryptographic keys used by the Square Reader to protect the confidentiality and integrity of sensitive data are injected at the time of manufacture using a Square-proprietary protocol. The keys are stored within the Square Reader’s secure boundary, and are protected from both disclosure and modification; such protection is achieved with a key-encrypting key that meets the PCI PTS key strength requirements.
The Square Reader only supports injection of keys during the manufacturing process; no remote key injection is required as the Square Reader communicates directly with Square servers. During the manufacturing process, Square’s key provisioning equipment authenticates incoming readers. Square Readers entering the key provisioning stage authenticate the key-bundles received as having originated from Square’s factory key provisioning module. The Square Reader does not accept keys from any entity other than the factory provisioning module.
Using the Square-proprietary protocol, the cryptographic keys are injected into new devices in encrypted form. The Square keys are injected and maintained under Square control and the details are transparent to the merchant.
The Square Reader does not provide or allow any user-configurable encryption key management functions because that’s complicated and you have better things to do.
Thanks for reading!

Version History

Version                            Change description
1.00                                    Initial release

Square Contactless and Chip Reader Compliance and Use – Optimized PDF
Square Contactless and Chip Reader Compliance and Use – Original PDF

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

Square User Manuals

modular square Bell Modal Synthesis User Manual
modular square
SQUARE SCRUB EBG-9 Doodle Scrub Mop User Manual
SQUARE SCRUB
ROLLING SQUARE AIR01 Aircard Bluetooth Card Sized GPS Tracker User Manual
ROLLING SQUARE
ROLLING SQUARE B0C659SJH2 Edge Pro Full Kit User Manual
ROLLING SQUARE
Square Golf SQGHE100A Launch Monitor User Manual
Square Golf
Square SWJ1-01 Terminal Fits Terminal Power Adapter Instruction Manual
Square
ROLLING SQUARE Aircard E Find My Hands Air Card User Manual
ROLLING SQUARE
Square Card Reader for Girl Scouts – Instructions / FAQ
Square
Square Contactless and Chip Reader Compliance and Use
Square
Square Stand / Card Reader Instruction Manual
Square
SQUARE D EZM3400FSU Metering EZM Main Switch Instructions
SQUARE D
Square SPC2 Contactless and chip reader User Manual
Square
Square Taking
Offline Payments Device User Manual
Square
SPD2 Square Terminal User Guide
Square
Union Square Group 41008 REMOTE DIGITAL THERMOMETER User Manual
Union Square Group
UNION SQUARE USL41008 Remote Digital Thermometer Instruction Manual
UNION SQUARE
ROLLING SQUARE 100513 Hyphen Wireless Earbuds User Manual
ROLLING SQUARE
SPS1 Square Register User Guide
Square
SPG1 Square Stand for iPad User Guide
Square
SQUARE D GDE64310-04 Thermal Magnetic Circuit Installation Guide
SQUARE D

Related Manuals

FISHER PAYKEL MW512NZ Washing Machine User Guide
Fisher & Paykel
MAXIM MUT08 8L Stainless Steel Urn User Manual
MAXIM
RedROCK LBB01003 Electric Power Cart Instruction Manual
RedRock
Epik ONE Leo Max K503 HD 3G Smartphone User Guide
Epik ONE
Leica SL3 Digital Camera User Guide
Leica
BRExhaust 106-0584 Direct Fit Exhaust Kit Instruction Manual
BRExhaust
PREMIER COPPER PRODUCTS HV-EURO38-C2036BP1-TWSB 38-Inch 735 CFM Wall Mount Range Hood Instruction Manual
PREMIER COPPER PRODUCTS
Cobra S120R For iPhone Radarwarner User Guide
Cobra
RYER CLEANER4 Ultimate Stain Cleaner Instruction Manual
RYER
GRUETZNER LUB-Z Lubrication User Guide
GRUETZNER
SPORTSTECH Spulse Pulse Armband User Manual
SPORTSTECH
MadJax 05-268-BK01 APEX Black Body Kit Owner’s Manual
MADJAX
Intuis 6 MT Gialix Domestique Instructions
intuis
Altec Lansing HydraOrbit  Waterproof Bluetooth Speaker User Manual
Altec Lansing
Z-Lite 340-2V-MB Heirloom Gold Two Light Vanity Fixture Instructions
Z-Lite
PORSCHE 911 GT3 R Newsroom Iracing User Manual
PORSCHE
IKEA TRIXIG Screwdriver and Drill Instruction Manual
Ikea
FORWODE DDB-HBS2222 2 Bike Tilting Folding Hitch Bicycle Rack Instructions
FORWODE
Parrotuncle F6297 1 Blades Flush Mount Ceiling Fan User Guide
ParrotUncle
Guttermaster GM-STR Classic Straight Water Fed Pole User Guide
Guttermaster
Techcon SYSTEMS TS5420 Precision Needle Valve User Guide
Techcon SYSTEMS
CT Race Worx UTVS0003156 Bomb Proof Gusset Kit Instruction Manual
CT Race Worx
iPGARD SA-DPMST-2S-P 2-4 Port Secure KVM DP MST with Dual or Quad 4K HDMI Out and CAC support User Manual
iPGARD
Shenzhen Zhiqi Technology C200 Suitcase Record Player with Bluetooth and USB Encoding User Guide
Shenzhen Zhiqi Technology
ELKAY EZO & LZO Series Sensor-Operated Water Coolers Instruction Manual
ELKAY
MALLOCA TIME K Series User Manual
MALLOCA
Transcend 20 DrivePro Motorcycle Dashcam User Manual
Transcend
MOUNTUP MU0062 Ultra Slim Full Motion TV Wall Mount Installation Guide
MOUNTUP
TROTEC BZ07 Weather Station 6-in-1 Combination Device with Indoor Climate Instruction Manual
TROTEC
PRIME3 APS51 Party Speaker with Bluetooth and karaoke Owner’s Manual
PRIME3
Contact Us   Privacy Policy   9.263ms