Not for a long time. As we've gone fully chip & PIN here now. You have to use a proper CC terminal now which means they either give you a terminal or you go to the terminal. You in theory should never lose sight of your card now.

The Square reader is incapable of interacting with the chip in the card so wouldn't be valid for payments here. The PCI DSS standards are worldwide so I'm surprised that they even allow Square in the US. PCI DSS compliance is important if you're dealing with payment details and you can't just ignore them here.

Square claim that they're PCI DSS compliant at least according to them but PCI don't list them as being compliant. There is a click through on the PCI page so I don't want to link directly. You're allowed to self certify but if you get caught out then you're in serious trouble. If they claim they're so security conscious then how come they've not been externally audited or had their system tested? Their claims of compliance seem to only cover their end and nothing at all to do with the reader or your phone. I don't see how the reader or the underlying phone platform can be compliant. Before you ask, yes I've had extensive experience with PCI DSS compliance matters and I wished I hadn't because it is always endless paperwork.


I'd prefer not to have to deal with that in the first place and I'm sure my credit card company prefers that as well. Just because the credit card company should cancel any fraudulent charges doesn't mean that you should not care. I guess its just different in the US.


So its very cheap but insecure? Nice :P