ManualsPro Square Square Contactless and Chip Reader Compliance and Use

Square Contactless and Chip Reader Compliance and Use

June 2, 2024
Square

Square Contactless and Chip Reader

Square Contactless

Introduction

Square’s Contactless and Chip Reader enables acceptance of EMV and NFC based transactions. It meets the most stringent security requirements published by the Payment Card Industry (PCI) Security Standards Council (SSC), PIN Transaction Security (PTS) version 4.1.
The purpose of this document is to address the security requirements as listed in the PCI PTS Point of Interaction (POI) version 4.1 Derived Test Requirements (DTRs) B20. As required by PCI SSC this document can be placed in the public domain.

Environment description

The Square Contactless and Chip Reader (“Reader”) is a secure payment device that is designed for use by merchants in many industries for accepting card- present payment transactions. The Reader only works with the Square Register application and a compatible mobile device1 running in a Square Stand (https://squareup.com/stand). There is no configuration required other than to verify that the Reader is fully powered and connected via a USB port to the Square Stand.

Installation and inspection

Sellers can order a Reader on the Square website (https://squareup.com) or purchase one at a number of retail outlets (https://squareup.com/retail). Upon receipt of the Reader, the Seller should inspect that the hardware version (S8) and serial number are visible on the underside of the Reader.

Bottom view:

Bottom view

Isometric top-down view:

top-down view:

Front view:

Front view

Side view:

Side view

Back view:

Back view

Square Reader Authentication and Use
Authentication of the Square Reader

Upon receipt, the operator can connect the Square Reader to the USB hub of the Square Stand. The Square Reader is crypto graphically authenticated to both the Register application and Square back-end servers. If the Square Reader is valid, it will register as such with the
Square Register application. If the operator has received an unauthorized reader, the Square
Register application will indicate the reader cannot be used with the application. The user does not have configurable application or Reader settings for the authentication function.

Using the Square reader

How to obtain a Square Reader
The Square Reader may be obtained either via the Square website or via an approved retail location. The Square Reader is ready for use upon receipt. (The Seller should verify that
Square offers payment processing in their country.) To use, simply remove the Square Reader from the packaging and connect to a USB port of the Square Stand. The Square Reader should authenticate itself to the Square Register application and operation can continue.
Attributes of a Square Reader
The Square Reader has the following approval classes: Secure Card Reader (SCR), Secure Read and Exchange of Data (SRED), Integrated Chip Card Reader (ICCR). The Square Reader is intended for use in environments with attended payments; it is not intended for use as an unattended payment terminal (UPT).
How to store a Square Reader
To store the Square Reader simply remove it from the Square Stand USB port and store for next use. In the event the Seller will not use the Square Reader for more than twelve (12) months at a time, be sure to charge the Square Reader prior to storage and periodically to preserve its readiness.
Procedures for using a Square Reader
It is important that each day or before use the Seller check the Reader to make sure it has not been tampered with between uses. This can be easily done by looking at the chip card slot to verify there are no foreign objects such as capture devices, card skimmers, extra wires/cables or other materials.
The Square Register application will convey operational messages from the Reader including when the device is ready for payment and when a payment data capture is complete. The Square Reader has no user-configurable security options.
Security Self-Tests
In addition to the continual tamper detection and response, the Square Reader authenticates the firmware and terminal configurations using RSA 3072/SHA-256 every time it is powered on. The Square Reader also implements a forced reboot every 23.5 hours which initiates the  same self-tests as when the device is powered on.
How to decommission a Square Reader
To decommission the Square Reader please ship the device to the following address for decommissioning:
Square, Inc.℅
: Reader Decommissioning
1455 Market St, Suite 600
San Francisco, CA 942103
USA
How to review the hardware and firmware version
A Square Seller can confirm the hardware version by physical inspection as described above. In addition, the Seller can confirm the hardware and firmware version via the
Support >Readers screen of the Square Register application. The PCI approved firmware version is 2.2 which is displayed as “202xxx”

Square Reader Security
Privacy shielding

The Square Reader is not a PIN-entry device and, in accordance with PCI POS PED Security Requirements and EPP Security Requirements technical FAQs version 2.0, does not require a privacy screen.

Firmware and software update

Square will update the firmware associated with the Square Reader automatically and as needed. This will occur in the background without user interaction required. In the event of a critical update, the Square Register software will notify the user of the critical nature of the update and advise a course of action for applying the update. Based on the criticality of the update, Square may disable transaction processing until a firmware update is successfully applied.

Infrequent or seasonal use

The Square Reader has a primary battery and backup battery. The primary battery is used for operation of the Square Reader. The backup battery is used to maintain the tamper-detection features of the Square Reader. If the primary battery is entirely discharged the backup battery will maintain tamper- detection of the device for one year. If the Square Reader is not fully charged annually it will enter into a tampered state and become inoperable. Common use and recharging of the primary battery will prevent the Square Reader from entering a tampered state. For infrequent or seasonal users of the Square Reader we recommend charging the Square Reader fully at least once each year.

Tamper Detection and Response

External Inspection of Square Reader
Under normal operation, Square Reader employs internal active tamper-response mechanisms as described below. These mechanisms are enforced automatically and do not require any initial configuration by the user.
Prior to accepting payments with Square Reader, the user must inspect the Reader for evidence of external tampering. Procedures should include, at minimum, examination to identify:

  • Evidence of inserts, wires, overlays or any unknown component connected to the Reader or inside the card slot
  • Evidence of modification or disassembly of the Reader
  • Visible or tactile changes to the cable connections or card slot

Please contact Square Support at https://squareup.com/square support if you discover any evidence of external tampering.

Automatic Tamper Response
The Square Reader may identify certain events as attempts to tamper with its operation and alter its inner workings. If the Square Reader identifies a tamper event it will erase the encryption key material it contains and become inoperable.
The Square Reader is rated for normal operation and any of the below scenarios may tamper the device and cause it to become inoperable:

  • Temperatures outside of the range of 0 and 40 degrees Celsius
  • Voltage outside of the range of 1.6 and 3.9 volts
  • Any attempt to open/disassemble/take apart the Square Reader or access parts inside

The Square Reader is intended to be fully charged once a year. If the Square Reader’s primary battery is fully discharged and left for more a year without a recharge it may become inoperable.
The Seller can detect if a tamper event has occurred by connecting the Square Reader to an approved mobile device with the Register application installed. Opening the Register application will notify the Seller if the device has reached a tamper event.
If the Square Reader experiences one of the above tamper events, Square will reach out to the Seller and communicate as appropriate how to return the Square Reader to Square for secure disposal and replacement.

Software development guidance

The Square Reader is designed for use with Square products and applications, and does not work with other applications. All code is developed, written, and managed by Square.
Square developers must refer to the Software Engineering and Vulnerability Management Procedures when developing new software for Square Readers.

Encryption and key management

The Square Reader is only intended for use with other Square applications and services. Square performs all key management, key loading, and acquiring. Operating the device with any other key loading, acquirer, or key management will render the device inoperable. In addition, the use of the device with different key management systems will invalidate the PCI approval of this device.
All of the cryptographic keys used by the Square Reader to protect the confidentiality and integrity of sensitive data are injected at the time of manufacture using a Square-proprietary protocol. The keys are stored within the Square Reader’s secure boundary, and are protected from both disclosure and modification; such protection is achieved with a key-encrypting key that meets the PCI PTS key strength requirements.
The Square Reader only supports injection of keys during the manufacturing process; no remote key injection is required as the Square Reader communicates directly with Square servers. During the manufacturing process, Square’s key provisioning equipment authenticates incoming readers. Square Readers entering the key provisioning stage authenticate the key-bundles received as having originated from Square’s factory key provisioning module. The Square Reader does not accept keys from any entity other than the factory provisioning module.
Using the Square-proprietary protocol, the cryptographic keys are injected into new devices in encrypted form. The Square keys are injected and maintained under Square control and the details are transparent to the merchant.
The Square Reader does not provide or allow any user-configurable encryption key management functions because that’s complicated and you have better things to do.
Thanks for reading!

Version History

Version                            Change description
1.00                                    Initial release

Square Contactless and Chip Reader Compliance and Use – Optimized PDF
Square Contactless and Chip Reader Compliance and Use – Original PDF

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Square User Manuals

modular square Bell Modal Synthesis User Manual
modular square
SQUARE SCRUB EBG-9 Doodle Scrub Mop User Manual
SQUARE SCRUB
ROLLING SQUARE AIR01 Aircard Bluetooth Card Sized GPS Tracker User Manual
ROLLING SQUARE
ROLLING SQUARE B0C659SJH2 Edge Pro Full Kit User Manual
ROLLING SQUARE
Square Golf SQGHE100A Launch Monitor User Manual
Square Golf
Square SWJ1-01 Terminal Fits Terminal Power Adapter Instruction Manual
Square
ROLLING SQUARE Aircard E Find My Hands Air Card User Manual
ROLLING SQUARE
Square Card Reader for Girl Scouts – Instructions / FAQ
Square
Square Contactless and Chip Reader Compliance and Use
Square
Square Stand / Card Reader Instruction Manual
Square
SQUARE D EZM3400FSU Metering EZM Main Switch Instructions
SQUARE D
Square SPC2 Contactless and chip reader User Manual
Square
Square Taking
Offline Payments Device User Manual
Square
SPD2 Square Terminal User Guide
Square
Union Square Group 41008 REMOTE DIGITAL THERMOMETER User Manual
Union Square Group
UNION SQUARE USL41008 Remote Digital Thermometer Instruction Manual
UNION SQUARE
ROLLING SQUARE 100513 Hyphen Wireless Earbuds User Manual
ROLLING SQUARE
SPS1 Square Register User Guide
Square
SPG1 Square Stand for iPad User Guide
Square
SQUARE D GDE64310-04 Thermal Magnetic Circuit Installation Guide
SQUARE D

Related Manuals

Nighthawk AX8/8-Stream AX6000 WiFi 6 Mesh Extender Data Sheet
NIGHTHAWK
ANTOP AP-L1 Intelligent Air Purifier User Manual
ANTOP
CAFE 30″ Slide-In Front Control Radiant and Convection Range User Manual
Cafe
LaserPecker L2 60 W Laser Engraving Machine Instruction Manual
LASERPECKER
IEE 60-64GHzin vehicle radar technology VitaSense certified User Manual
IEE
MEAN WELL HLG-240H Series 240W Constant Voltage + Constant Current LED Driver User Manual
MEAN WELL
RIDGID K-50 Drain Cleaning Machine Instruction Manual
RIDGID
SUNNY SF-RB420032 Performance Interactive Series Recumbent Bike User Manual
Sunny
ASHLEY B476-74 Furniture Caitbrook Full Storage Drawers Instruction Manual
Ashley
M84_PAD_QSG Redmi Pad SE User Guide
Mi
Bestway 56725 Round Above Ground Pool Owner’s Manual
Bestway
Electrolux LRB3AE12S Refrigerator Instruction Manual
Electrolux
WILLIAMS J Allegro IV Digital Piano With Stand Instruction Manual
williams
My Pet Command MPC15DS Professional Dog Clippers Instruction Manual
My Pet Command
PAX E600Mini Integrated Smart Terminal Instruction Manual
Pax
Pettersso BatSound Touch End-User Software User Manual
Pettersso
ubbink 2000 Bank Filter Filtrapure Installation Guide
ubbink
on go COVID-19 Antigen Self-Test Instruction Manual
on go
Shengsite Vacuum Sealer Machine User Manual
Shengsite
iOptron CEM70EC Equatorial GoTo Mount Head with iPolar and Hard Case User Guide
iOptron
Honeywell T6812A1000 T6812 Series Fan-Coil Controller Installation Guide
Honeywell
LUTEC 5198102118 LED Wall Light User Manual
LUTEC
Mi Air Purifier Pro Manual
Xiaomi
MASTER METER ALLEGRO 2 Water Meter User Manual
MASTER METER
Peke 17311 71x33cm Ocean Comfort Instruction Manual
Peke
IKEA 805.758.81 Wardrobe with Sliding Doors Instructions
Ikea
KRON Mult-K Grafic Multifunction and Consumption Energy Meter Installation Guide
KRON
DEFA WorkshopCharger 125A User Manual
DEFA
ACROMA 4005AZ Agen 5-Light Black Farmhouse LED Dry Rated Chandelier Instruction Manual
ACROMA
Woodline DadoRight Dado Jig for Router Instructions
Woodline
Contact Us   Privacy Policy   6.072ms