We decided to start the appointments trial and were happy enough with it to ditch our old software.
Little did we know that we couldn't pay for just 1 person on appointments or that the future looked bad for any business because of the way appointments is designed. Impending scheduling doom for anyone who purchases appointments because it will happen one day.
The problem I am trying to solve:
1 user of the 2 is useless to us on the appointments app. I'd like to remove me but can't. .I'm the account owner.
The account owner can't be changed, deleted etc.
Future proof for when I die/quit/get fired/run over by a bus full of narcoleptic lemurs. Things happen.
We verified a few things on a support call a few minutes ago, I'm hoping someone can correct me on these observations:
1. I as the helper/it/security person of this company cannot have an account in the POS app if I don't want to pay for an appointments license. It will charge each user. Even though I can run everything just fine with many users in the POS app without being charged extra. There is a double standard here with account usability. I don't want appointments for my user or care what is happening there.
2. PCI regulations require individual, unique non shared usernames https://www.pcisecuritystandards.org/document_library I am curious why the behavior of the app is pushing us toward shared accounts. One solution would be to have a single user called "other" that everyone who doesn't book appointments shares. That way we only waste $20 a month for people who don't book their time.
3. As designed every front desk person, accountant, anyone who wants access is going to have to pay for an appointments license, needed or not. (if I understood my support fellow correctly) Roles and responsibilities cannot be accurately described or assigned within the app.
4. I can't change the name of the primary user without deleting the account, starting over and losing the following items:
5. If the owner of the business or person who started the account dies, moves, quits, sells the business, you have a few problems:
My proposed solutions - 1. The account owner is free under appointments and has its abilities limited. It is only there to manage other users. This solves the problem of the account owner needing to be deleted or changed. You can have a user that is stored in a safe and not used. Think AD recovery user, root on a linux server. Both are cool under any security standard.
According to tech support this is an internal "policy" issue. It is not about regulations, technical capabilities etc. How about change the policy? Or explain it? Or pay some attorneys to review this vs the PCI DSS.
I hope I'm wrong about a bunch of this stuff and misunderstood from my support call. Our rep said he just got done telling the same thing to a business with 18 locations- delete the account and start over because the guy who started the account separated from the business. How about solving that by making that key user something you can change or something you don't need to change because it is like a service account?
Love the POS app. 🙂
Posted 03-22-2017
Posted 03-22-2017
Thanks for taking the time to write up this post and sharing your thoughts, @andreas. We certainly appreciate posts like these and this a great one to share with our Appointments team. While I won't go point-for-point through here, I'll try to touch on the larger requests you mentioned.
From what I gather, I think there are two main requests you'd like to see, and it does sounds like you were informed correctly by our Support team in regards to them. One, the ability to transfer of account ownership; and two, not treating the account owner as staff within Appointments.
First, in regards to account ownership: As a financial institution, we are required by federal law to record the information of every individual who creates a Square account. Each account will always associated with the person who created the account, and it's for that reason we can’t transfer account ownership. That is correct that should the owner of account leave (or meet their demise on account of narcoleptic lemurs) a new account needs to be created.
To the second request, that is correct that the owner of the Appointments account will be treated as a staff member, in practice and pricing. I've seen a few other examples of this come up with other businesses, and agree that it would be nice if there was a way to edit this. It's not a feature we're currently developing but we'll share updates if this changs in future.
Lastly, as an aside since it's mentioned here a few times, Square meets Level 1 PCI Data Security Standards, and you can read more about our PCI Compliance Checklist for 2017, if you'd like.
Really, thanks again for sharing your thoughts! If there is anything else I can help with, let me know.
Square Community