Learn about QuickBooks PCI Compliance
by Intuit•78• Updated 3 months ago
Learn about the QuickBooks Payment Card Industry Data Security Standard (PCI DSS) compliance.
As a merchant accepting cards for payment, you need to have payment security throughout your local environment. This includes all applications and systems on your local network.
Frequently asked questions
The PCI DSS is a list of practices merchants must follow to accept payment cards. This includes how to securely handle, process, and store sensitive payment card data. Learn about the PCI DSS Compliance Services.
The PCI standard covers the following 12 requirements.
Protect your system with firewalls
- Install a hardware and software firewall.
- Configure firewalls for your environment.
- Have strict firewall rules.
Use adequate configuration standards
- Change default passwords.
- Harden your systems.
- Implement system configuration management.
Protect stored data
- Find where card data is.
- Craft your card flow diagram.
- Encrypt stored card data.
Secure data over open and public networks
- Know where they send and receive data.
- Encrypt all transmitted cardholder data.
- Stop using SSl and early TLS.
Protect systems with antivirus
- Create a vulnerability management plan.
- Regularly update antivirus.
- Maintain an up-to-date malware program.
Update your systems
- Consistently update your systems.
- Apply all critical/high patches to systems and software.
- Establish secure software development processes.
Restrict access
- Restrict access to cardholder data.
- Document who has access to the card data environment.
- Establish a role-based access control system.
Use unique ID credentials
- Use unique ID credentials for every employee.
- Disable/delete inactive accounts.
- Configure multi-factor authentication.
Maintain physical security
- Control physical access at your workplace.
- Keep track of POS terminals.
- Train your employees often.
Implement logging and log monitoring
- Implement logging and alerting.
- Establish log management.
- Create log management system rules.
Conduct vulnerability scans and penetration testing
- Know your environment.
- Run vulnerability scans quarterly.
- Conduct a penetration test
Start documentation and risk assessments
- Document policies and procedures for everything.
- Implement a risk assessment process.
- Create an incident response plan. (IRP)
The way you process credit cards determines what requirements you need to follow. Find more details in the Self-Assessment Questionnaires (SAQ). Here are the SAQ types:
All merchants that accept credit or debit cards.
How you handle and process payment cards and the number of transactions you process annually defines your validation requirements. All merchants are required to complete a Self-Assessment Questionnaire (SAQ). The required SAQ depends on how you store, handle, and process card data. Learn about the PCI DSS Compliance Services.
Some additional requirements may include:
External vulnerability scanning
Internal vulnerability scanning
Penetration testing
Security policy implementation
Yes. Intuit and our products are on the PCI Security Standards Council website as compliant. While QuickBooks applications are secure, other applications on your local computer/network can compromise the security of your environment. Use of QuickBooks Payments services doesn’t mean you’re already PCI compliant. Just that pieces of the transaction processing chain are compliant. Learn about the PCI DSS Compliance Services.
Intuit has partnered with SecurityMetrics to streamline the PCI compliance validation process. SecurityMetrics charges an annual fee to merchants. If you choose to use SecurityMetrics, you need to create an account with SecurityMetrics. After you complete SecurityMetrics’ FastPass, you can purchase the PCI package that best suits your needs. From there, complete an SAQ, then set up your scans. Learn about the PCI DSS Compliance Services.
Data security is more important now than ever as hackers become more prevalent. PCI compliance increases your security against attacks. If a breach occurs, you may
- Be liable for the fines listed below.
- Need to spend on card re-issuance, acquirer fees, legal fees, and more.
Data Breach | Fines |
Merchant processor compromise | $5,000 - $50,000 |
Card brand compromise | $5,000 - $500,000 |
Forensic investigation | $12,000 - $100,000 |
Onsite QSA assessments following the breach | $20,000 - $100,000 |
Free credit monitoring for affected individuals | $10 - $30/card |
Card re-issuance penalties | $3 - $10/card |
Security updates | $15,000+ |
Lawyer fees | $5,000+ |
Breach notification costs | $1,000+ |
Technology repairs | $2,000+ |
Total Possible cost: | $50,000 - $773,000+ |
Becoming PCI compliant is an ongoing process. As a merchant, you’re required to validate your PCI compliance yearly. This includes re-submitting the SAQ and passing the required scans. Learn about the PCI DSS Compliance Services.
Although validation is only an annual requirement, you’re required and expected to follow the PCI requirements all the time. This includes watching the environment to identify any suspicious activity.
Learn about PCI compliance and your responsibilities:
ProAdvisors are subject to the same criteria as everyone else. Learn about the PCI DSS Compliance Services.
- Sign in to the Merchant Service Center.
- Go to Activities & Reports, then Statements.
Intuit's Terms of Service is your written agreement. You can provide it as part of the PCI questionnaire.
Know the tools and services included in the QuickBooks PCI Service
QuickBooks PCI tools and services
LAYERS OF PROTECTION | DATA SECURITY BENEFITS | DESCRIPTION |
Security Awareness Training | Educates you about common cyber threats | Intuit has partnered with SecurityMetrics to provide easy-to-understand security awareness training that will help protect your digital assets against common threats such as phishing scams and keylogging malware attacks. |
Threat Prevention Tools | Simplifies your PCI compliance | Use threat prevention tools to simplify your PCI compliance process and better defend your customer card data. Vulnerability scans, mobile scans, and SecurityMetric PANscans make it easier to identify unencrypted card data and prevent a breach. |
Card Data Breach Protection | Protects you with a $100,000 Premium Service Warranty | Your PCI service provides up to $100,000 premium service warranty. To qualify for this benefit, you need to enroll in the program and be up-to-date on service fees. |
Turn on PCI Service
If PCI Services is unavailable on your account, upgrade your pricing plan or add it to your current plan. Create an account with SecurityMetrics and complete FastPass, then they’ll present different PCI packages to fit your financial and security needs.
Exceptions may apply to non-standard plans. Visit our website or the PCI Security Standards website for more information.
You must sign in to vote.
Sign in now for personalized help
See articles customized for your product and join our large community of QuickBooks users.
Find the right fit for your business
Choose from plans and features to fit your business needs with QuickBooks Online.
More like this
- Learn about the PCI DSS Compliance Servicesby QuickBooks•50•Updated July 10, 2024
- Understand DCAA compliance with QuickBooks Timeby QuickBooks•15•Updated November 04, 2024
- Learn about the chart of accounts in QuickBooks Onlineby QuickBooks•1314•Updated August 12, 2024
- What are EIN and TIN numbers?by QuickBooks•209•Updated October 30, 2024