My customers pay through quickbooks with credit cards. I don't store any data myself. How do I become PCI compliant?

Thank you for raising concerns about credit card information and PCI compliance while using QuickBooks, ME308. Let's discuss each step on how to be compliant so you can operate with confidence.

When accepting card payments online, customers enter their payment information directly into QuickBooks, which securely processes these transactions. While you do not store their data, there is still a risk of unauthorized access through your devices and internet connection, potentially exposing you to security vulnerabilities. 

QuickBooks applications are secure. However, other applications on your local computer or network can compromise the security of your environment. Additionally, using QuickBooks Payments services doesn't mean you're automatically compliant.

That said, we've partnered with SecurityMetrics to offer a range of tools and services to streamline your compliance process and safeguard customer card data. Please know that SecurityMetrics charges an annual fee to merchants. If you choose to use their service, you'll have to create an account and pick a package that best suits your business needs. Here's how:

1. Go to the SecurityMetrics website.
2. Select Sign Up, then fill out all the fields in the Create Account page.
   
   
3. Select the Create Account option and follow the Intuit FastPass to assess your PCI compliance needs.
4. Hit Next and choose a security package.

After that, you'll have to complete the Self-Assessment Questionnaire (SAQ). Moreover, if you have further concerns, I suggest contacting PCI support. They are equipped with tools and can provide information about PCI Compliance.

All merchants are also required to complete a Self-Assessment Questionnaire (SAQ). The required SAQ depends on how you store, handle, and process card data. For more details about these requirements, I recommend reading through these resources:

• Learn about QuickBooks PCI Compliance
• Learn about the PCI DSS Compliance Services

Additionally, I've included a reference that may be helpful for you in the future when accepting online payments for online and in-person sales: Receive and process payments in QuickBooks Online with QuickBooks Payments.

I appreciate your willingness to seek clarity on this matter. Your proactive approach reflects your dedication to your business and your customers. Remember, you’re not alone in this journey. Please feel free to reach out through this channel if you have questions about PCI compliance or need assistance with QuickBooks. My team and I are always here to help you.

@ME308  Through anybody but SecurityMetrics; there are plenty of options out there.

You said,"When accepting card payments online, customers enter their payment information directly into QuickBooks, which securely processes these transactions. While you do not store their data, there is still a risk of unauthorized access through your devices and internet connection, potentially exposing you to security vulnerabilities."

I appreciate any help you can offer in understanding this.

What are the risks? I never heard of this until I started allowing quickbooks to process the payments. Quickbooks withdraws a percentage already. Now there are more costs on top of that? Could you tell me why I haven't been contacted about PCI compliance until now?

Thanks for getting back with the Community, ME308.

Data security is more important now than ever before, as hackers become more prevalent. PCI compliance increases your security against attacks.

If a breach were to occur, you may be liable for the fines listed in the Why is protecting customer payment information important to me? section of our Learn about QuickBooks PCI Compliance article. You may also need to spend on card re-issuance, acquirer fees, legal fees, and more.

In the event a merchant accepts credit and/or debit cards, they're required to follow PCI DSS Standards. Since you're using a QuickBooks Payments account to process these types of payments, you'll need to be following the PCI DSS Standards.

Some risks that can compromise your data are threats such as phishing scams, keylogging malware attacks, and more. Intuit partners with SecurityMetrics to provide easy-to-understand security awareness training that will help protect your digital assets against these common threats.

Intuit's Terms of Service is your written agreement. You can provide it as part of the PCI questionnaire.

I'd recommend using the link above to learn more. You can also utilize some of the additional resources provided in LollyNino_C's post to get a better understanding of PCI DSS Standards.

If there's any additional questions, I'm just a post away. Have a wonderful Monday!