Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
You're missing the point. There. Is. No. Equipment.
I understand what PCI compliance is, what it is for, and am probably one of the few that can actually answer all the technical questions. But, when a client is ONLY using the functionality of emailing invoices through QBO that has a payment link that QB (Intuit) processes, the client has no access whatsoever to the credit card numbers. Never sees them. Never stores the data. Zero contact.
THAT PCI compliance requirement is on Intuit.
Merchants are encouraged to be PCI compliant to safeguard sensitive payment card data accessed through their accounts. Let me elaborate on this, @bizpro1.
While it's true that you don't directly handle payment card data, accessing your merchant account means managing sensitive transaction information, like charges and refunds. As a merchant, it’s essential to protect this data, which makes PCI compliance crucial.
Additionally, any device you use to access QuickBooks or your merchant accounts can be a potential vulnerability. If security is compromised, it could expose sensitive information about your business and customers.
Being PCI compliant ensures you have the proper safeguards and response plans to protect against breaches. For further details, please check this article: Learn about QuickBooks PCI Compliance.
I'll be including these articles to assist you in safeguarding your business account and data from fraudulent activities:
If you have any questions about PCI DSS or any other QuickBooks-related topics, feel free to Reply below. I'm here to help!
@bizpro1 It's funny that you say I miss the point, then immediately imply I said something that I did not.
Maybe try reading it again.
You are exactly correct. PCI compliance in QBO is on Intuit period.
Spot On!
Dfrmseattle
We just hassled them about charging for PCI compliance and this is the response we got:
This is to informed you that PCI Compliance is not required by Intuit. We just strongly advises that our account holders/merchants to be PCI Compliant. Intuit is compelled to send out notifications to the merchants about it.
Intuit does not charge for PCI Compliance thus, we will not invoke penalties if you are not a PCI Compliant.
I would ask if Chat GBT created that response you got, but it would have had proper grammar. What the heck is going on w Intuit???
"
lease see my other responses and posts. You can also look me up on LinkedIn.
In response to your question: I use an iPad with QuickBooks online - can you name one item of data on the iPad relating to the client payments?
1. Your browser may not be up to date. Although you are online w/QuickBooks, there could be malicious code in an outdated browser.
2. If the iPad is used for personal use. The apps you are running may impact your apps for work, such as QuickBooks. Again, if other apps are not PCI Compliant and run in your environment, they affect your data. They and you are responsible. The number one rule of PCI that many people need to learn is that you, as a business owner, are responsible for ensuring that the providers you engage with are PCI-compliant.
3. PCI is not just about storing the clients data, it is how it is handled and the environment and how that is impacted and or accessed. "
Counter point: Therefore, since all your customers pay with devices through the QuickBooks servers, they all need to be PCI as well.
LMFAO... no wonder we are in bad shape in America.
This is a pathetic money grab. I refuse to do it. I subscribed to Quickbooks for my 501c 3. It is a very small non profit. I use Stripe and Donorbox for all transactions. If Quickbooks requires another layer of security then they should include it in the subscription and make it invisible to the customer. I can easily download my info from Stripe to a spreadsheet as I have done in the past. I had decided to test Quickbooks on this small business. Total fail. I plan to cancel my subscription and to keep my external accounting firm for our other businesses. Complete joke...
I stumbled upon this post while researching what is actually required for a small business owner to be PCI-compliant. Like many of you, I received aggressive emails about compliance, which seemed more like scare tactics than genuine assistance. The approach by QB and SecurityMetrics feels evasive—making blanket statements without clarifying specifics, likely hoping customers will blindly sign up for their services.
Let’s be clear: the question isn’t “Should I be PCI-compliant?” (because we all should); the real question is, “What are the actual requirements for PCI compliance for my specific setup?” The answer depends on your payment environment. After some digging, I found this document from the PCI Security Standards Council, which I thought was straightforward and insightful. Here’s how I’ve interpreted it for my own use case, which I believe will resonate with many of you who only use QuickBooks Online (QB) invoicing, where customers are sent a link to make a payment:
The PCI compliance guide outlines 12 requirements, but not all are applicable in our case. Here’s the breakdown:
For those of us simply using QuickBooks Online invoicing, the bulk of PCI requirements are already handled by QB as a PCI-certified payment processor. Our responsibility lies in basic cybersecurity hygiene—strong passwords, updated systems, and secure access practices.
The aggressive emails seem like a ploy to upsell unnecessary services, preying on confusion. While PCI compliance is critical, understanding your specific requirements is the key to avoiding unnecessary costs and stress.
You have clicked a link to a site outside of the QuickBooks or ProFile Communities. By clicking "Continue", you will leave the community and be taken to that site instead.
For more information visit our Security Center or to report suspicious websites you can contact us here