We’d like to avoid employees being able to refund arbitrarily large number of payments, up to a year back.
If we could limit the refund window without manager approval to a ~day that would be a big deal.
Ideally we could have a velocity limit on refunds that an employee with the permission can only issue N refunds an hour / or X per day. This prevents someone upset using the Register and refunding everything. (As a refund cannot be reversed, this could erase the sales of an entire business - very unlikely but still a risk we’d like to avoid).
If the api allowed the Team permissions to be edited we could manually monitor refunds and lock the role/permission so all refunds would be blocked.
But the API doesn’t expose any permissions Square Developer
2 posts - 2 participants