QuickBooks HelpQuickBooksHelpIntuit

Learn about QuickBooks PCI DSS Compliance Services

by Intuit•172• Updated about 15 hours ago

Each year, businesses that accept card payments are required to review their PCI compliance. The good news: most QuickBooks Payments customers have minimal action to take, and you do not need to send us any documentation unless we request it. PCI compliance is an industry security standard designed to help businesses safely handle card information and reduce fraud risk.

What is PCI DSS?

PCI DSS stands for Payment Card Industry Data Security Standard. This is a set of rules that businesses must follow if they take payments with credit or debit cards. These rules help keep credit or debit card info safe.

What are the PCI DSS requirements?

How you process credit cards decides which rules you need to follow. If you don’t follow PCI rules, you could get fined, have to pay for audits, and face more limits.

The PCI rules include 12 main points:

  • Keep your network safe.
  • Set up your systems correctly.
  • Protect stored card data.
  • Keep data safe when it’s sent over the internet.
  • Use protection against viruses and bad software.
  • Keep your systems up to date.
  • Control who can access the data.
  • Give each person a unique login.
  • Keep your place of business secure.
  • Keep track of what happens in your systems.
  • Test for weaknesses in your systems.
  • Write down your security plans and risks.

Note: If you have your PCI Compliance Certification, you must renew it every year. You also need to make sure your system still meets PCI DSS requirements.

What do I need to do?

  1. Identify which PCI self-assessment form (SAQ) applies to how you accept payments.
  2. Complete the form.
  3. Keep it on file for your records.

Which form applies?

  • If you only accept payments through invoicing and payment links in QuickBooks Online, you’ll complete SAQ A (the simplest form, available on the PCI security standards website).
    • SAQ A is designed for merchants that have fully outsourced all cardholder data functions to third-party service providers, typically for card-not-present (e.g., e-commerce) transactions. No cardholder data is retained, processed, or transmitted on the merchant's systems or premises. 
    • Most QuickBooks Payments merchants fall into this category and can simply complete this form and keep it in their files to meet PCI requirements.
    • Note that you can mark Requirements 2, 6, 8, and 11 not applicable because they apply only to merchants hosting redirects or iframes.  
  • If you use the QuickBooks Card Reader, Tap2Pay, third party card readers, key-in card payments, QuickBooks Desktop, or accept payments through your own website, you may need a different SAQ and possibly a security scan.

Optional help

If you’d like assistance, we’ve partnered with SecurityMetrics, which offers discounted PCI support to QuickBooks customers. Visit: www.securitymetrics.com/pcidss/intuit or call: 800-557-4684 (mention “Intuit” - Intuit may receive a referral fee.)

What is included in Intuit’s PCI Services?

Intuit has partnered with SecurityMetrics to make PCI compliance easier. Other apps on your computer or network can affect your security. There are fees for these services.

Intuit’s PCI program includes:

  • Threat Prevention Tools: Vulnerability scans, mobile scans, and SecurityMetrics scans help you find unencrypted card data and stop breaches.
  • Card Data Protection: Depending on your geography and package selection, your PCI service may come with a warranty of up to $100,000.
  • Training: SecurityMetrics offers security training. This includes classes to teach you how to protect your business from common problems like fake emails and keylogging malware.

Related links

QuickBooks Desktop Enterprise DiamondQuickBooks Desktop Enterprise GoldQuickBooks Desktop Enterprise PlatinumQuickBooks Desktop Premier PlusQuickBooks Desktop Pro PlusQuickBooks GoPaymentQuickBooks Payments for DesktopQuickBooks Payments for Online