Skip to main content
A
ari-stalwartsolu
August 24, 2024
Question

Am I required to pay for a third party service that does so called pci compliance, especially given that I do not store any customer credit card information?

  • August 24, 2024
  • 2 replies
  • 0 views
Original commenter did not share additional details

2 replies

I
Ivan_G
August 24, 2024

Yes, ari. You're still required to be PCI compliant regardless of whether you do or don't save customer credit card (CC) details. Allow me to clarify this for you.

 

PCI compliance is not limited to storing card information only. With that said, if you handle and process card payments, you still have to pay for this service. It's mandatory and ensures the security of your transactions and their associated data.

 

It's essential to remember that failure to comply with the Payment Card Industry Data Security Standard (PCI DSS) is subject to fines, audit costs, and additional restrictions. Furthermore, It covers breach coverage up to $50,000 for audits or expenses in case of a data compromise.

 

As a merchant accepting card payments, you must ensure payment security within your local environment. It includes all the applications and systems within your local network.

 

However, if you're not using QuickBooks Payments to accept CC payments, you don't have to comply with PCI DSS and pay its fees. For more information about PCI DSS compliance and its regulations and policies, please refer to these links:

 

 

I'm also providing these resources so you can gather information about Intuit's collaboration with SecurityMetrics and get answers to commonly asked queries about the PCI DSS Compliance Services:

 

 

If there's more I can help you with about PCI DSS Compliance Services, or if you require assistance with your data and reports in the program, hit the Reply button. I'll be here and ready to assist you every step of the way.

J
Japage
September 18, 2024

Hello,

 

We use Intuit as a secondary payment service. We have PCI compliance through our primary payment provider. I spoke to someone from Security Metrics and they said that we would just need to submit our certification to Intuit. How do I go about doing that?

G
GebelAlainaM
September 19, 2024

I can provide information about submitting the Payment Card Industry Data Security Standard (PCI DSS) compliance certification to Intuit, @Japage.

The PCI Compliance is required to all Merchants that accept credit card and debit card payments. This is indicated in the Merchant Agreement, specifically in the Data Security (PCI Compliance); Payor/Cardholder Personal Information section.

As for your question, Intuit doesn’t require the certificate to be submitted unless there’s a breach at this time. You can keep the certification and disregard the system-generated email notifications you receive since you're already PCI-compliant.

I'm attaching these articles for reference in managing PCI compliance:
 

You can always go back to this thread if you have clarifications about managing your PCI Compliance or other QuickBooks-related queries. I'll be happy to help.

DavidGlazer
September 23, 2024

What if I already do PCI with another processor?

 

Clark_B
Clark_B
September 23, 2024

I appreciate you taking the time to express your concerns, David. Let me provide information about PCI with another processor.

 

If you already do PCI compliance with another processor, you still need to ensure that your current processor meets all necessary security standards and requirements. It's important to confirm that your current processor's PCI compliance aligns with industry standards. For further guidance, I suggest contacting Security Metrics to learn more about PCI compliance with another processor and to determine if you still have to pay for the service.

 

Here's how:

 

  1. Access this link: https://www.securitymetrics.com/contact/contact-support
  2. Select Contact Us, then Contact Support.
  3. Please fill out the form and click Submit so they can contact you.
  4. You can also reach them via phone call or email (contact number and email address posted on the page). 

 

I'll also provide these resources so you can gather more information about Intuit's collaboration with Security Metrics and find answers to commonly asked questions about PCI DSS Compliance Services:

 

 

If you have any concerns about PCI compliance, please tag me in the comment section, David. I'll assist you in any way possible.

Terms & ConditionsAccessibility statement