Skip to main content
R
ROC Vox
January 28, 2024
Question

How Do I know if I m PCI Compliant?

  • January 28, 2024
  • 4 replies
  • 0 views
I keep getting emails about PCI compliance. I send invoices via quickbooks and some clients use credit cards to pay, but I do not have an ecommerce site or physical POS terminals. Do I need to do something more? My computers in my office have lock screens with passwords plus I have adequate building security. Intuit sends a PCI compliance email about every 2 weeks or so and I am wondering if there is something I am needing to do or do they just keep sending those emails?

    4 replies

    K
    Kevin_C
    January 28, 2024

    Hello there, ROC Vox. I'm here to share some information about QuickBooks Payment Card Industry Data Security Standard (PCI DSS) compliance. Let me elaborate on them for you.

     

    PCI compliance helps protect your business and customers from theft and fraud. It ensures the security of customer payment details when accessed through your merchant account. Even though you don't store their data, there is still a risk of unauthorized access through your devices and internet connection, which can introduce security vulnerabilities.

     

    Importantly, please note that all merchants that accept credit or debit cards are required to be PCI compliant. The PCI DSS is a list of practices merchants must follow to accept payment cards. This includes how to securely handle, process, and store sensitive payment card data.

     

    All merchants are also required to complete a Self-Assessment Questionnaire (SAQ). The required SAQ depends on how you store, handle, and process card data. For more details about these requirements, I recommend reading through these resources:

     

     

    Please don't hesitate to get back to me by leaving a comment below if you have further questions about PCI compliance. I'll be sure to get back to you. Have a good day!

    R
    ROC VoxAuthor
    January 28, 2024

    I used to accept payments via Square and never had to do anything different. This is still not clear to me - is this something I will have to buy extra? I will go back to square if so. I moved to QB online from Desktop to avoid using two systems for invoicing. Or I can just use PayPal. I don't want to have to upgrade to something else. The links you included are still very confusing to me. It's not clear. 

      MariaSoledadG
      MariaSoledadG
      January 28, 2024

      I understand that paying an additional fee for something that you don't expect isn't the right thing to do. Let me add some details about this, ROC.

       

      Intuit and our products are on the PCI Security Standards Council website as compliant. While QuickBooks applications are secure, other applications on your local computer/network can compromise the security of your environment. The use of QuickBooks Payments services doesn’t mean you’re already PCI compliant. Only the pieces of the transaction processing chain are compliant.

       

      The PCI DSS is a list of practices merchants must follow to accept payment cards. This includes how to securely handle, process, and store sensitive payment card data. Therefore, Intuit has partnered with SecurityMetrics to streamline the PCI compliance validation process. SecurityMetrics charges an annual fee to merchants. If you choose to use SecurityMetrics, you need to create an account with them. After you complete SecurityMetrics’ FastPass, you can purchase the PCI package that best suits your needs. From there, complete SAQ, then set up your scans. To get started with PCI service and protection, you'll want to sign up for an account.  Follow the steps outlined below:

       

      1. Sign in to your SecurityMetrics account.
        1. Select Sign Up, then fill out all the fields in the Create Account page.
          SecurityMetrics_CreateAccount_US_Ext_12032021.png
        2. Select Create Account, then follow the Intuit FastPass to determine your PCI compliance requirements.
        3. Select Next then select a security package that best fits your business.

       

      You can also visit our website or the PCI Security Standards website for more information. For more details, learn from the most frequently asked questions about PCI: Frequently Asked Questions About QuickBooks PCI Compliance.

       

      Reach out to us if you need anything else about PCI. Please know we're always right here to help you. Have a nice day!

      M
      MikeMcGvo
      February 6, 2024

      ROC - 

       

      Here's the funny thing that QB will NEVER tell you since they're partnered with SecurityMetrics...  Filling out the SAQ-a (which is what most of us small business owners will need) is completely free...  You can confirm this by calling the PCI Standards group (https://www.pcisecuritystandards.org/contact_us/) and picking '1' once the messaging starts.  Once you're satisfied that we don't need the jokers over at SM, go to https://www.pcisecuritystandards.org/search/#?cludoquery=saq&cludopage=1&cludoinputtype=standard

      and pick the form you need.  Once you've filled that out,, just keep it on hand in case something goes horribly awry.  (I'm on a chat now with one of the reps from QB Payments' and that's what she confirmed - just keep it on hand).

        R
        ROC VoxAuthor
        February 6, 2024

        I ended up doing the $88 per year thing and so therefore I can cancel that for next year and just maintain my questionnaire? All of this is so far over my head it's annoying. 

        J
        Just_me
        February 6, 2024

        Take note of the part posted by a QB Employee, that states 

         

        "Importantly, please note that all merchants that accept credit or debit cards are required to be PCI compliant.".  

         

        You're not a merchant.  QB is. 

          S
          ShangY
          September 14, 2024

          I'm here to address your concern with PCI compliance and Security Metrics, @LinkMech. Also, ensure you'll receive the email to verify your information.
           

          Emails from the Security Metric's system can go to the no-reply email because the system is set up to send automated notifications without expecting replies. This is to prevent unauthorized access or phishing attempts and ensure data security and compliance with email communication protocols.

           

          As for your concern about not receiving the verification email, please check your spam/junk folders and ensure that you entered the correct email address. If you still don't see it, please contact Security Metrics Support for assistance. 

          Here's how:

           

          1. Open this link: https://www.securitymetrics.com/contact/contact-support.
          2. Select Contact, then Contact Support.
          3. Fill out the form so they can contact you or you can reach them through the phone numbers or the email provided in the page.


          Moreover, If you have a merchant account that you can log in from a browser, you need to be PCI compliant even if you don't process your customer's credit card information. Your customer's credit card credentials are stored in your merchant account. 

          Also, you can visit the FAQs about QuickBooks Compliance page to get detailed information about the requirements, guidelines, and clarifications on compliance services. 
           

          If you need more support with PCI Compliance, feel free to reach out. We're here for you every step of the way. Have a good one.

          Terms & ConditionsAccessibility statement