QuickBooks HelpQuickBooksHelpIntuit

Learn about QuickBooks PCI Compliance

by Intuit50 Updated 8 months ago

Learn about the QuickBooks Payment Card Industry Data Security Standard (PCI DSS) compliance.

As a merchant accepting cards for payment, you need to have payment security throughout your local environment. This includes all applications and systems on your local network.

Frequently asked questions

The PCI DSS is a list of practices merchants must follow to accept payment cards. This includes how to securely handle, process, and store sensitive payment card data. The PCI standard covers the following 12 requirements

Protect your system with firewalls

  • Install a hardware and software firewall.
  • Configure firewalls for your environment.
  • Have strict firewall rules.

Use adequate configuration standards

  • Change default passwords.
  • Harden your systems.
  • Implement system configuration management.

Protect stored data

  • Find where card data is.
  • Craft your card flow diagram.
  • Encrypt stored card data.

Secure data over open and public networks

  • Know where they send and receive data.
  • Encrypt all transmitted cardholder data.
  • Stop using SSl and early TLS.

Protect systems with antivirus

  • Create a vulnerability management plan.
  • Regularly update antivirus.
  • Maintain an up-to-date malware program.

Update your systems

  • Consistently update your systems.
  • Apply all critical/high patches to systems and software.
  • Establish secure software development processes.

Restrict access

  • Restrict access to cardholder data.
  • Document who has access to the card data environment.
  • Establish a role-based access control system.

Use unique ID credentials

  • Use unique ID credentials for every employee.
  • Disable/delete inactive accounts.
  • Configure multi-factor authentication.

Maintain physical security

  • Control physical access at your workplace.
  • Keep track of POS terminals.
  • Train your employees often.

Implement logging and log monitoring

  • Implement logging and alerting.
  • Establish log management.
  • Create log management system rules.

Conduct vulnerability scans and penetration testing

  • Know your environment.
  • Run vulnerability scans quarterly.
  • Conduct a penetration test

Start documentation and risk assessments

  • Document policies and procedures for everything.
  • Implement a risk assessment process.
  • Create an incident response plan. (IRP)

The way you process credit cards determines what requirements you need to follow. Find more details in the Self-Assessment Questionnaires (SAQ). Here are the SAQ types:

SAQ_QBPCI_US_Ext_11192021.png

All merchants that accept credit or debit cards.

How you handle and process payment cards and the number of transactions you process annually defines your validation requirements. All merchants are required to complete a Self-Assessment Questionnaire (SAQ). The required SAQ depends on how you store, handle, and process card data. Some additional requirements may include:

External vulnerability scanning
Internal vulnerability scanning
Penetration testing
Security policy implementation

Yes. Intuit and our products are on the PCI Security Standards Council website as compliant. While QuickBooks applications are secure, other applications on your local computer/network can compromise the security of your environment. Use of QuickBooks Payments services doesn’t mean you’re already PCI compliant. Just that pieces of the transaction processing chain are compliant.

Intuit has partnered with SecurityMetrics to streamline the PCI compliance validation process. SecurityMetrics charges an annual fee to merchants. If you choose to use SecurityMetrics, you need to create an account with SecurityMetrics. After you complete SecurityMetrics’ FastPass, you can purchase the PCI package that best suits your needs. From there, complete an SAQ, then set up your scans.

Data security is more important now than ever as hackers become more prevalent. PCI compliance increases your security against attacks .If a breach occurs, you may

  • Be liable for the fines listed below.
  • Need to spend on card re-issuance, acquirer fees, legal fees, and more.
Data BreachFines
Merchant processor compromise$5,000 - $50,000
Card brand compromise$5,000 - $500,000
Forensic investigation$12,000 - $100,000
Onsite QSA assessments following the breach$20,000 - $100,000
Free credit monitoring for affected individuals$10 - $30/card
Card re-issuance penalties$3 - $10/card
Security updates$15,000+
Lawyer fees$5,000+
Breach notification costs$1,000+
Technology repairs$2,000+
Total Possible cost:$50,000 - $773,000+

Becoming PCI compliant is an ongoing process. As a merchant, you’re required to validate your PCI compliance yearly. This includes re-submitting the SAQ and passing the required scans. 

Although validation is only an annual requirement, you’re required and expected to follow the PCI requirements all the time. This includes watching the environment to identify any suspicious activity. 

Learn about PCI compliance and your responsibilities:

ProAdvisors are subject to the same criteria as everyone else.

PCIBasic_QBPCI_US_Ext_11192021.png
PCIPro_QBPCI_US_Ext_11192021.png
ManagedPCIPro_QBPCI_US_Ext_11192021.png

  1. Sign in to the Merchant Service Center.
  2. Go to Activities & Reports, then Statements.

Intuit's Terms of Service is your written agreement. You can provide it as part of the PCI questionnaire.

Know the tools and services included in the QuickBooks PCI Service

QuickBooks PCI tools and services

LAYERS OF PROTECTIONDATA SECURITY BENEFITSDESCRIPTION
Security Awareness TrainingEducates you about common cyber threatsIntuit has partnered with SecurityMetrics to provide easy-to-understand security awareness training that will help protect your digital assets against common threats such as phishing scams and keylogging malware attacks.
Threat Prevention ToolsSimplifies your PCI complianceUse threat prevention tools to simplify your PCI compliance process and better defend your customer card data. Vulnerability scans, mobile scans, and SecurityMetric PANscans make it easier to identify unencrypted card data and prevent a breach. 
Card Data Breach ProtectionProtects you with a $100,000 Premium Service WarrantyYour PCI service provides up to $100,000 premium service warranty. To qualify for this benefit, you need to enroll in the program and be up-to-date on service fees.

Turn on PCI Service

If PCI Services is unavailable on your account, upgrade your pricing plan or add it to your current plan. Create an account with SecurityMetrics and complete FastPass, then they’ll present different PCI packages to fit your financial and security needs. 

Exceptions may apply to non-standard plans. Visit our website or the PCI Security Standards website for more information.

QuickBooks DesktopQuickBooks Desktop PremierQuickBooks Desktop ProQuickBooks Enterprise QuickBooks Enterprise AccountantQuickBooks Enterprise DiamondQuickBooks Enterprise GoldQuickBooks Enterprise PlatinumQuickBooks Payments

Sign in now for personalized help

See articles customized for your product and join our large community of QuickBooks users.

More like this