Last night we were winding down on the sofa and my wife suddenly blurts, did you buy wine today from (insert winery name here)? Of course I had, but since I knew this was the first time that I had done business with this winery, and since I personally gave the owner my email information for the transaction, I was a bit startled that the receipt for it went to her email. Very fortunately this was not a gift for her.
This morning I started investigating and quickly learned that the transaction company called Square allows users to set up their automated receipt delivery method for the credit card used during the first transaction, and that email address is then retained and used for every subsequent transaction for that card number. (In our case, we each have a card with the same number.) There is no attempt by Square to differentiate between cards/customers!
First of all, I know that Square has been in business for several years now. I find it startling that this policy hasn’t already been a consumer and merchant complaint, and therefore resolved by now. Even more astonishing, when I went through the effort to disassociate that address with the card I quickly learned that the Square procedures for handling this are very inflexible. Basically, the only option you have is to “turn off” automatic notifications, and then the next time a Square transaction hits your card they will again offer the option to associate a new email address with the card. So basically - whoever happens to hit a Square merchant first will dictate the address to use.
This is a ludicrous policy. I can only imagine how many secret gift purchases have been inadvertently disclosed because of it. I have sent them feedback, but I’m not hopeful for any resolution or satisfactory response.
MERCHANTS - be forewarned that if you use Square you may be inadvertently sending the transaction details to the WRONG EMAIL ADDRESS/PERSON. I would think this would be a major customer satisfaction concern, and something you would want to pressure Square to resolve.
My wife dropped square a year or two ago due to security concerns. I don’t recall the details and not sure if they have since been resolved so this may be a bit chicken little but worth mentioning just in case the vulnerabilities still exists.
No, that’s the point. The card company has locked in wife’s email. It is a good security tactic, but there needs to be some way for cardholders to update/change or the bad outweighs the good.
Paul - I assume you mean the very first Square transaction ever for our joint credit card? I traced that back to the wedding cake that was charged for my oldest daughter’s wedding back in 2013 - and I assume that back then my wife did activate the notification process using her email address.
My grudge isn’t with the original set up procedure. My grudge is the short-sighted policy that assumes every receipt should go to a single email, irrespective of which cardholder made the purchase - and the fact that there are no options or preferences setting available. I plan to call my CC company to see about getting different numbered cards.
i’m not trying to be obtuse, but here’s what i don’t get:
does every transaction for this particular card have notifications go to that email address? i mean, if I as a retailer have Square set up for my business, and i process a transaction for a first time customer (i.e. you), do i not have control as to where any type of invoice is sent via email?
After your first purchase at a Square seller, you’ll have the option to provide your email address or phone number if you would like to receive digital receipts. If you provide an email address, you’ll start receiving automatic receipts delivered by Square at that email address for all purchases you make from Square sellers using the same card. Any card with that card number, regardless of the name on the card, will receive automatic receipts for purchases made at Square merchants to the initial email provided. Learn more about automatic receipts and shared cards.
If you provide a phone number to receive an SMS receipt from a Square merchant, this information will be pre-populated on the receipt screen for you to confirm during future purchases from Square merchants. You can edit the pre-populated phone number at the point of sale by tapping either field and entering new information.
To be PCI compliant, the CC processor (Square) is supposed to be the one holding CC info. The hacking concern is when a Merchant holds the CC info. The way the regs are set, liability to keep CC info safe is the responsibility of the CC processor – which is typically a large entity like Square, Authorize.net, PayPal, etc.
Our system sends customer CC info to our processor along with billing info and then the processor returns a token. That token is only valid for our system to use, and we hold no CC info on our server – our system users can’t even see the expiration date of the card. If the billing info changes, we have to completely delete the token and re-enter the CC info with updated billing information. It sounds like this is how Square is set – but they are also including email address with the billing info. I can understand why that is frustrating for the customer, however if they didn’t do it that way they would need two systems running in parallel – a customer info system that you could edit, tied to the encrypted CC info system.
Let’s face it, the ability to get away with anything unnoticed is pretty much disappearing. You can’t be off your cell phone for a few hours without it raising questions about what you’re doing. You go to dinner with some friends but not others, then the others see photos of it on Facebook the next morning and know they weren’t invited. You try to buy something for your wife, she sees the charges before you give her the gift. Your location, email and text messages can be traced. Everywhere you go and everything you do leaves some kind of record behind.
Remember when we were growing up, you’d read those stories once a year or so about the guy that had two families for the last 20 years and neither knew about the other until the two families’ kids became friends in high school and figured it out? We are a very far cry from that world these days.
I tried to pay cash for some bottles of Chidaine at Wine Exchange on my first visit to their shop, because I . . . er . . . was buying them as a gift for my wife , and the woman at the register was insistent that I provide an email address for a receipt. I asked Kyle about it afterwards and he explained a way I could opt out of that in the future, but it’s even getting hard to buy things in cash without leaving a record.
, and the woman at the register was insistent that I provide an email address for a receipt. I asked Kyle about it afterwards and he explained a way I could opt out of that in the future, but it’s even getting hard to buy things in cash without leaving a record.