I am developing a platform (mobile) that connects local restaurants to people in my town, allowing them to quickly pay and pickup food, and allow restaurants to move their payments to a more streamlined, online service that costs them nothing on top of processing fees (generic 2.9% + 30c). I ask to know the following:
Does Square allow this type of platform to utilize their service?
Does Square allow businesses with merchant accounts (for accepting credit cards) to accept payments WITHOUT square accounts?
If the answer to 2 is “No”, then if businesses with merchant accounts join square, are they assigned some sort of ID or token that encompasses ALL the info needed to process payments?
If the answer to 3 is “Yes”, is this all the Merchant information needed by the Square payment processing APIs and SDKs for server side applications* other than the customer’s card which is collected using the mobile payment form in the mobile SDK**, and if not, what is the other needed payment information on the restaurant side?
My final question regards PCI compliance. I understand that Square handles PCI compliance with their POS customers, but am curious about the developer and 3rd party platform creators. Are developer customers given the same protections when storing the Merchant info (this question kind of depends on the answer for 3, regarding the supply of developer tokens) and if not, am I allowed to avoid PCI compliance if the merchant tokens and card info is only processed on my backend server and never stored? Is there a site that details the functions of a service (like the creation of the payment request) that requires PCI certification?
*Not including risk and fraud assessments which is theoretically done off the app (these are old, reputable businesses.)
**Is that the same service, or is it part of a different service that facilitates transactions between a customer and a FIXED account?
Sorry if this too long, and if these questions have already been answered, please reroute me to the respective forum posts!