This makes sense. These policies are probably warranted for actual credit card companies. But, the OP's grievance was with Square, which isn't liable for fraud and probably doesn't need to use such excessive security.
Frankly, it often seems as though many consumer financial companies (like Mint and Square, etc.) go out of their way to make their service harder to use simply to increase their "legitimacy."
Sites like Mint refuse to remember login information and automatically log users out after a short period of time. As far as I'm aware actual bank account can't be accessed from Mint; data is only reported. In the grand scheme, this information is not particularly important.
It would be far more catastrophic for someone to gain access to my email account or social network profiles (where they could actually do damage) than it would be for them to learn what (little) I have in my bank account. Yet, we all survive using only standard security on most of our other accounts.
Moreover, there seems to be a huge disparity between credit card security in the real world and credit card security online anyway. In the real world, I hand my credit card to numerous people with whom I have no relationship and whom I can't trust at all, every single day. No one thinks twice. Yet, when someone wants to look at their bank statement, they need to bend over backwards. It just doesn't make sense.
Integral pieces of the financial apparatus might need to be totally secure, but consumer web apps that don't ever handle money don't, and should put user experience first.
>This makes sense. These policies are probably warranted for actual credit card companies. But, the OP's grievance was with Square, which isn't liable for fraud and probably doesn't need to use such excessive security.
I think the parent comment (which seemed fairly well informed) actually says the complete opposite of this, that is, not only is square liable, they are specially exposed.
Square is absolutely liable for any fraud. They are playing the role of the merchant in this chain. The cc companies will push any chargebacks to Square who, because they have decided to take away the security of a traditional merchant account, have little or no ability to reclaim funds from their merchants, especially fraudulent ones.
Additionally, if the fraud and charge back rates get too high, say over a few tenths of a percent (!), the cc companies will either cut them off or raise their interchange rate -- either one kills their business model.
Frankly, it often seems as though many consumer financial companies (like Mint and Square, etc.) go out of their way to make their service harder to use simply to increase their "legitimacy."
Sites like Mint refuse to remember login information and automatically log users out after a short period of time. As far as I'm aware actual bank account can't be accessed from Mint; data is only reported. In the grand scheme, this information is not particularly important.
It would be far more catastrophic for someone to gain access to my email account or social network profiles (where they could actually do damage) than it would be for them to learn what (little) I have in my bank account. Yet, we all survive using only standard security on most of our other accounts.
Moreover, there seems to be a huge disparity between credit card security in the real world and credit card security online anyway. In the real world, I hand my credit card to numerous people with whom I have no relationship and whom I can't trust at all, every single day. No one thinks twice. Yet, when someone wants to look at their bank statement, they need to bend over backwards. It just doesn't make sense.
Integral pieces of the financial apparatus might need to be totally secure, but consumer web apps that don't ever handle money don't, and should put user experience first.