Centralized Customer Database and Card Linking Technology

Does Square have a centralized customer database that allows information to be shared and recognized across different businesses using Square?

I’m wondering if Square has any kind of card-linking technology.

For example, if Customer A visits Business A for the first time and uses a credit card and enters their phone number to receive a text receipt, then the same customer visits Business B for the first time and uses the same credit card, will Customer A be recognized at Business B even though it’s their first visit, because they are using a credit card that has been used at a different and separate Square POS?

With Square each sellers customer directory is unique to that Square seller and isn’t shared between sellers. If your building your own custom integration you can use shared card on file to allow customers to use the same card on file with any of your connected sellers.

As Bryan says, the details stored under “Customer Profile” API are private on a per-business basis and aren’t shared. However the Square Terminal does send receipts, with Square itself recognizing a customer card at new businesses and offering to send a receipt via whatever method(s) have been previously used for receipts, if there are any. So, if a customer previously entered their email via a Square Terminal, when the card is next used on another terminal at a new business, Square does offer to send a receipt to the email used last time.

From a privacy point of view, the Square Terminal shows only an obscured email to the customer, with just a few characters visible; so if their email was [email protected], they would only see something like “wi********e@a.com” - ie: just enough for the customer to recognize the email before pressing Send Email on the terminal. The idea behind this is that it makes it super-easy for the customer to get receipts, and from memory I believe a “Forget” button is provided as well.

A customer might assume that the second business knows their details when they see their obscured email or cell number, but they’d be wrong in that assumption as far as I know, only Square knows these details and they are only used for receipts via Terminal (and possibly POS?). As far as I know Square stores these securely via the card fingerprint, rather than using the card details, and they store only the card fingerprint, name, and phone or email. The ability to easily and quickly get a receipt email is a big plus for customers as I see it, and again as far as I know, Square has been the first to introduce this feature.

If you had closely related businesses, you could potentially do something similar, though you need to be very, very careful in terms of both privacy and honouring GDPR forget requests. Best practice would probably mean explicitly asking whether you can retain details across allied businesses and you should also disclose how those details are to be used. You would do so in a central database which again could be indexed via card fingerprint, so that it was only accessible to businesses doing a transaction with the customer card. In this day and age, it’s probably best to not implement this because (a) many customers are getting more security conscious, and, (b) it’s hard to keep the details securely enough so they can’t be used to assist in privacy enumeration by organized crime, and (c) you have to implement GDPR forget to remain legal in the EU.

Happy New Year!

Important Addendum: Square says always get permission before storing cards - for example, the “Create a Card on File from a Payment ID” page:

Always ask customers for permission before saving their card information. For example, include a checkbox in your purchase flow that customers can select to specify that they want to save their card information for future purchases.

Linking cards on file without obtaining customer permission can result in your application being disabled without notice.

Thank you Bryan and Brian for answering my questions so thoroughly.

I recently came across a business/app using card-linking technology to reward their app users with loyalty points when they purchase products at a business on the app. There are hundreds of businesses on this app.

I believe this business was/is using Fidel API’s Select Transactions API to reward loyalty points based on the transaction amount. However, Fidel said they are pausing this feature and not allowing any more businesses to begin using it until further notice.

That said, I was hoping to do something similar for the businesses I service that use Square as their POS.

Is it possible to use the Square web payments SDK to store/save a user’s card details, and when they use their saved card at one of the businesses I service that uses a Square POS, I can receive the webhook information containing the transaction details?

When a seller connects to your application you can get webhook events for all payment for the seller.

Thanks, Bryan.

When the seller connects and the webhook events are sent, will I be able to match the customer’s card details with the ones I saved using Square’s web payments SDK?

Is this the approach you would take, or is there a better one you could point me towards? Thank you!

Check out the API “Webhook Events” documentation, it really is all there!

Pretty sure the webhook payment.updated will get a card fingerprint (randomized md5 of card number IIRC). You can match that against the card fingerprint you get from the “Create Payment” API call itself, which performs the actual card transaction.

Would probably be a great idea to have a chat to a Square business manager to check out your idea before you go too far. I wouldn’t reveal too many details here as it’s on the open web and anyone can read them. Square are very supportive of developers and may have some good suggestions.

The card fingerprint is the same for the same card across business sites as far as I know, click the above doco links for more, looks like this:

"fingerprint": "sq-1-Hxim77tbdcbGejOejnoAklBVJed2YFLTmirfl8Q5XZzObTc8qY_U8RkwzoNL8dCEcQ",

What card details are you looking to match. For security we provide a card_id that’s Square generated and part of the customer profile. So when you RetrieveCustomer the card on file will be returned with the customer profile.

I don’t have a preference for any specific card details to save, as long as I can match the customer’s card with their purchase across many Square businesses.

I saw the card id in the Shared Card on File documentation and from what I can understand the customer’s card id will not change. Is that right?

I’m looking into setting up individualized loyalty programs for the Square businesses I service, but all contained on one app. So, the customer installs one app and has access to 10+ businesses.

To keep it simple, I would like the customer to be able to save their card details on the app, and when they make a purchase at any of the Square businesses also on the app, they are rewarded loyalty points.

Is there a way to do this without needing to create a new customer for every Square business?

My hope was that I could securely save their card details with the Stripe or Square SDK, and use the associated token I received back to match with each individual customer’s purchases, but I don’t think this is possible.

Thanks again for your help!

Matching customer cards across multiple Square businesses isn’t currently available. At this time only matching them within a merchant account is possible.

Thank you for the information. I appreciate all of your guidance!