What goes into creating the card fingerprint? Is it possible for me to determine the card fingerprint based on details from the credit card and other user details? My goal is to create a way to connect a customer in my database to a sale made in Square when a customer was not linked to the Square sale. If I could predict the fingerprint, then I could:
Have the user connect their credit card to my site
I determine the Square fingerprint that will be generated by Square
The customer orders with the same credit card
When a payment comes in with the matching fingerprint, I know which user made the order.
If this isn’t possible, is there some other unique identifier within Square that is associated with each user, but that I can determine before a purchase is made?
I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:
If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.
The fingerprint of a card, also known as the SHA value, is generated by Square’s system and is based on the certificate used to sign your Android application. It’s not possible to predict or manually generate this fingerprint based on user or card details. The fingerprint is unique to each application and is used to configure the Point of Sale API application in the Developer Dashboard.
To link a customer to a sale in Square, you can use the Customers API to create a customer profile and then link that profile to a sale using the customer_id. This would allow you to track which customer made a specific order. However, this requires the customer to be linked at the time of the sale and cannot be done retroactively.
For future transactions, you could consider using the Cards API to save a customer’s card on file (with their permission). This would allow you to charge the card for future purchases and link those transactions to the customer. However, this also requires explicit customer consent and cannot be used to link past transactions.
This helps thanks for your response. And to clarify, if a customer’s card is saved in the system, is it true that any time that card is used in a transaction, the customer will be associated with the sale? So the store associate wont have to manually select that customer in the POS. If the saved card is used, the customer will attached to the order/payment object in the API?
If the card is stored on file with Square it will have to have a customer_id associated to it. Any time the card on file is used the customer will be associated with the payment.
Thanks Bryan. I was looking closer at the authorization process for saving a card and it’s a major pain. Am I understanding it right that a customer must physically fill out the authorization form in pen, then I need to upload the file? There is no digital signature available? Or even a checkbox the customer can select in my 3rd party app to give a merchant the permission to save a card? Having to manually fill out a form and then manually upload a file of the form to save a card seems a little ridiculous. I’m hoping I’m not understanding the process correctly
Sorry I thought 3 other questions that I couldnt find answers for. I’ll also clarify that all of these questions are for merchants who use the Square Register.
From the announcement of using a saved card from 2016, it says the charge of using a saved card is 3.5% which is more than the standard Square fee. If I have the user save their card via my app and I save it to the merchant’s records, when the customer uses that card for a future purchase (so the customer object is automatically connected to the order object in the API response), will that also trigger the higher 3.5% fee? Or is that only if the merchant manually selects “card on file” as a payment method?
I saw that apple and google pay cannot be used to save a card. Does this mean that if a customer uses Apple or Google Pay with a Square Register, the option to save the card during the sale wont show up?
If I have the customer enter their card details on my app and use that to save the card with the cards api, and then they use that same card but via Apple Pay or Google Pay, will that register as using the saved card? And therefore that customer will be automatically associated with the order object in the API?
No, you can let them know that by proceeding with the checkout you agree to have your card stored on file or some checkbox for them to opt in.
The 3.5% fee is for keyed in payments or card on file payments within the Square app. Fees for API payments are listed here.
That’s correct, the ability to save a digital wallet card on file isn’t available at this time.
Square tries to infer the customer the best we can with the information we have. If there isn’t enough information to infer a customer then we will create a new customer profile for that payment.
Thanks Bryan. The answer to the last question about Square associating a saved card to a payment made with Apple Pay is pretty vague. Are you able to give a definitive yes or no? The customer has a saved credit card in Square with number 1234… They have that same credit card in their Apply Pay or Google Pay wallet. Then they pay for an item with that card using Apple Pay or Google Pay.
From what I’m see is that contactless payments will have a different customer_id then EMV. Which makes sense since different card numbers were used. Now are you using Terminal API or Mobile Payments SDK? If so you can pass a known customer_id in the payment request and that would eliminate Square inferring a customer. If your taking payments with our fist party product then there isn’t any way around this other then having the checkout attendant add the customer to the sale through the customer directory.
To answer your question, payments would be taken from the Square Register. So your first party product. My app would simply subscribe to webhooks or do a GET request for purchases made from the register.
But what do you mean by different card numbers are used between contactless and EMV? If it’s the same credit card, wouldnt Square receive the same card number regardless if the card was swiped, tapped, or used within Apple Pay?
Regarding the card fingerprint, based on the earlier AI answer in this thread and the docs, that fingerprint should stay the same for every purchase made at a single retailer across all their locations, right? So even if I cant predict the fingerprint before the first sale is made, if I associate the fingerprint with a customer after the first sale, I should be able to search for that fingerprint within future Order API responses from the Square Register. Then I just search my database for who that fingerprint belongs to. Sound about right?
fingerprint
string
Read only Intended as a Square-assigned identifier, based on the card number, to identify the card across multiple locations within a single application.
Apple Pay and Google Pay don’t pass us the numbers that are displayed on the card. They actually pass us an entirely different card number to process. Which creates a different fingerprint event though it’s the same card used. This is an added layer of security with digital wallets. Since that’s the case then there can be different customer_ids for a card.
Ah ok thanks I didn’t realize that. Would you agree though that if Apple Pay for a specific card is used at the same business at any of that businesses locations, the same fingerprint will be generated?
Yes for Apple Pay payments. If the card that connected to Apple Pay is used in a different way for a payment like EMV it will have a different fingerprint.