For Square, you can block the web-addresses: *.squareup.com, but it uses ports 80 and 443, so you won't be able to distinguish transactions from browsing. It's probably the same for the other services.
Each will require a search for something like "square firewall rule" - which is how I found the sitename above.
Sounds like aloosing battle.
We gave up that battle for our internally hosted transaction clients, and just monitor the outbound streams to make sure that they are indeed using HTTPS and TLS1.2