Do I need to be PCI compliant if I dont accept credit cards

@richardbotelhore   The less complicated answer is No, you do not.  

PCI compliance is ONLY for those that accept/ store credit card information. 

If you don't accept them, you don't need to worry about PCI compliance.  

Thank you 

What if I accept credit card payments via QB On-Line?  I never see or store customer card information on my end, nor do I have access to it.  Only Quickbooks sees it.  Do I still need to be compliant?  I've never received this warning from Square Payments.

Thanks

Mark P.

That's the main question that EVERYONE has.

OB is the one that needs to be compliant.  They, of course, want to pass that along to all of us, and have told us all that we "have" to be compliant.  If you don't take, nor store credit cards, you don't have a reason to be PCI compliant. 

We take Credit cards here, so it's not an issue for us. But we use a different CC processing company.  We don't want QB touching our money. 

Thank you.  That's exactly what I was thinking.

Much appreciated,

Mark P.

Did you get an answer to your question?  This is the exact question I have -- re: PCI compliance I never interact with a client's CC myself -- only QB does.

@Darrell72223  If you accept credit cards, whether through a merchant provider or QuickBooks or whoever, you have access to a merchant account.

Whether you know how to pry sensitive financial information out of that merchant account or not (The average person wouldn't), said merchant account is still accessible via your computer.

As such, PCI compliance is still necessary, even if you don't touch any of the credit card processing yourself.

You can think of it as being similar to someone having a back-up key to a bank's back door.

That person may not work at the bank, might never have been inside the bank in their life, but if someone mugs them, the thief is one step closer to marking a bank heist off their bucket list.

How does this work because I am only accepting card payment from online, so the customer must enter their info into QuickBooks. I don’t accept CC payment another type of way, why do I need to be pci compliant? QuickBooks handles the entire process and does not give me access to CC information. Trying to understand how and why I need this. 

It’s perfectly normal to view PCI compliance as an extra task, @SpartanHeroElectric. I resonate with your views and am eager to provide all the significant information for your decision-making.

When accepting card payments online, customers enter their payment information directly into QuickBooks, which securely processes these transactions. Even though you don’t handle or store the credit card data yourself, you still have access to a merchant account that processes this sensitive information.

As a merchant, adhering to PCI standards protects cardholder data and ensures the integrity of the payment process. PCI compliance involves following security protocols to protect sensitive financial information from breaches and fraud. This protects your customers and builds trust in your business while helping you avoid penalties for non-compliance.

Furthermore, I’ve included these valuable resources to deepen your understanding of QuickBooks PCI Compliance:

• Learn more about PCI DSS Compliance Services
• Learn about QuickBooks PCI Compliance

Additionally, I’m sharing this helpful article for your future reference on keeping your data secure and understanding how QuickBooks protects your financial information. This resource provides valuable insights into the robust security measures implemented by QuickBooks, including advanced encryption, multi-factor authentication, and regular data backups: Privacy and security in QuickBooks.

I appreciate your willingness to seek clarity on this matter. Your proactive approach shows a commitment to your business and customers. Remember, you’re not alone in this journey. Please revisit this channel for any inquiries regarding PCI compliance or assistance with QuickBooks tasks. My team and I are always here for you.

When you Google PCI Compliance, it is NOT a law, nor legally mandatory.  It is a "requirement" from the Payment Card Industry Data Security Standards organization.  Again, not a law.  They try to scare you in saying that even if you use a third party such as QB to process and store customer credit cards, you as the merchant are responsible for a data breach on QB's servers.  

I do not collect, have access to, or see any credit card information.  It is handled on Quickbooks' servers, from customer computers.  There is absolutely no way for me to access this information on my end, even if someone hacked into my QB account. Therefore there is no reason to pay for this service.  

But, it is important to do what makes you feel comfortable.