Do I need to be PCI compliant of I do not take POS payments?

fastmoney · ‎March 26, 2025

FishingForAnswers · ‎March 26, 2025

@fastmoney If your device has access to a merchant account login, then generally, yes, your device is a possible security weakness.

That said, it doesn't have to be through QB's partner, or even anybody, really; there are ways to do it yourself.

Anonymous · ‎March 26, 2025

Even if you do not process Point of Sale (POS) payments, PCI compliance is required if you handle payment card data in any capacity, @fastmoney. Let me explain how this applies using QuickBooks and adhering to the Payment Card Industry Data Security Standard (PCI DSS).

PCI compliance is crucial for safeguarding your business and customers from theft and fraud by securing customer payment information. Keep in mind that even without data storage, unauthorized access to your devices and through the internet can pose significant security risks.

Any business that handles payment card data must be PCI compliant, whether they take payments online, over the phone, or through invoices—even without a physical POS. Using systems like QuickBooks for these transactions underscores the need for stringent security measures that are compliant with PCI standards.

All merchants are required to complete a Self-Assessment Questionnaire (SAQ) based on their methods of storing, handling, and processing card data. To gain a comprehensive understanding of these requirements, I recommend consulting the following resources:

If you are using QuickBooks Payments to accept payments, you can check the deposit speed via QuickBooks Online or the Merchant Service Center. For more details, please refer to this article: Check the deposit speed for your product.

Moreover, maximize the efficiency of your financial processes by collaborating with our QuickBooks Live Expert Assisted team. They're veterans in the field, known for smoothing out financial operations and offering insights tailored to your business. One click connects you to a more prosperous financial path.

Please let me know if you have questions about PCI compliance. The QuickBooks Community is here for you, and we’re committed to resolving your concerns promptly.

socialeyes247 · ‎June 30, 2025

How many people have to be completely annoyed by these ambiguous answers before we actually get helpful clear answers? Yes or no--if a user ONLY has quick books process their ACH payments (no POS), do they need this compliance certification? And, if we have to do a self assessment, where the heck is the assessment??? I feel like Quick Books is trying to make it unclear so customers purchase extra things they don't need. They already charge $35/mo AND take 1% of my profits to "process ACH payments" and now you want ME to certify data security for them? Ridiculous. What's the 1% for then?

socialeyes247 · ‎June 30, 2025

How many people have to get completely annoyed asking the same question to get an answer that's actually helpful, clear and concrete?

YES OR NO--if you are invoicing through Quick Books and Quick Books taking ACH payments on your behalf is the ONLY way that you receive money (no POS and zero physical handling of any card/account information and no cc processing), do you, or do you not, need to acquire PCI Compliance? And if a self-assessment is required, where is the self-assessment??? Finally, if it's required for users to be PCI compliant when Quick Books is the one processing the payments, what the heck are we paying $35/mo PLUS 1% of all payments for ACH "processing" for? Isn't that the whole reason to pay Quick Books for payment processing; so THEY handle the payments and the compliance? I feel like Quick Books is being ambiguous and vague on purpose to force our hand to pay for a service that is not actually required, but they don't want to tell us that.

Ethel_A · ‎June 30, 2025

I understand how exhausting it is to repeatedly ask for help and still feel dismissed, unheard, or stuck with vague responses, @socialeyes247.

While QuickBooks applications are designed to be secure, the overall security of your environment can still be impacted by other applications on your local computer or network. It's important to note that using QuickBooks Payments services does not automatically make your business PCI compliant. It simply means that specific elements of the transaction processing chain meet PCI compliance standards; however, additional steps may be required on your end to ensure full compliance.

With this, all merchants accepting credit or debit cards must adhere to PCI DSS standards. Your payment handling methods and annual transaction volume determine your validation requirements. Each merchant must complete a Self-Assessment Questionnaire (SAQ), with the specific SAQ based on how you store, manage, and process card data.

Here is an article to help you understand more about PCI DSS Compliance Services: Learn about the PCI DSS Compliance Services.

For the self-assessment, follow the steps below to create an account with SecurityMetrics to streamline the PCI compliance validation process. After finishing it, you can purchase the PCI package and complete an SAQ.

Select Sign Up, then fill out all the fields on the Create Account page.
Choose Create Account, then follow Intuit FastPass to determine your PCI compliance requirements.
Hit Next then select a security package that best fits your business.

QuickBooks Online (QBO) ACH fees cover payment processing, automation, and convenience—not PCI compliance. Merchants are responsible for securing cardholder data and meeting compliance requirements.

For QBO Payment pricing, all ACH transactions are charged at a 1% fee with a maximum of $10 per entry.

Processing fees vary by payment method: swiped (2.4%), invoiced (2.9%), or keyed (3.4%), and depend on the payment amount. See the screenshot below for details.

Here’s a helpful reference to assist with processing ACH payments and understanding when QuickBooks deposits them into your bank account:

If there's anything else you require additional assistance with managing customer payments and processing fees, leave a comment below.

jodygrub · ‎July 01, 2025

Maybe this will help someone as frustrated as me - if Invoice Ninja can do this why can't Quickbooks?

Q: Do i need PCI compliance using Invoice Ninja?
A: No, you generally don't need to be PCI compliant specifically for using Invoice Ninja, as Invoice Ninja handles the PCI compliance aspects. Invoice Ninja is designed to be PCI DSS compliant, meaning they handle the secure storage and transmission of payment card data. If you are using Invoice Ninja to send invoices and process payments, it's their responsibility to ensure the security of that data, not yours.

Here's why:

PCI DSS Compliance:
Invoice Ninja has implemented security measures to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS).
Your Role:
As a user, you are responsible for the data you enter into the system, but you don't need to manage the security of cardholder data within Invoice Ninja's infrastructure.
Payment Gateways:
When you integrate payment gateways (like Stripe, PayPal, etc.) with Invoice Ninja, they are also responsible for their own PCI compliance.

In summary: Invoice Ninja takes care of the PCI compliance for the payment processing aspect of their service. You, as the user, are still responsible for the data you enter and manage within the system, but you don't need to worry about PCI compliance for the core functionality of Invoice Ninja related to payments.

Topics

Training

Community

Resources

Do I need to be PCI compliant of I do not take POS payments?