Regarding PCI compliance. I do NOT handle any CC information....It is all done via Quickbooks and there is really nothing I can do

It's important to understand that complying with the Payment Card Industry Data Security Standard (PCI DSS) is necessary, even if you don't handle credit card information directly, Steven. Allow me to explain this further.

To start, please note that this standard ensures the secure handling, processing, and storage of sensitive payment card data through 12 specific requirements, such as using firewalls, encrypting stored card data, securing data over networks, and maintaining physical security.

As a merchant accepting cards for payment through QuickBooks Online, you should ensure payment security within your local environment. Even though you may not directly handle customer financial data, your systems and applications, including QuickBooks, still play a part in the overall payment process. While QuickBooks Online adheres to PCI compliance standards, your local environment's security is equally essential.

All merchants accepting credit or debit cards should complete a Self-Assessment Questionnaire (SAQ) based on how they handle card data. Additional requirements may include external/internal vulnerability scanning, penetration testing, and security policy implementation.

For further information about the PCI compliance, please refer to these articles:

• Learn about QuickBooks PCI Compliance
• Learn about the PCI DSS Compliance Services

Additionally, you can check out this article to learn how to accept online payments for online and in-person sales with QuickBooks Payment: Receive and process payments in QuickBooks Online with QuickBooks Payments.

Let me know if you have further questions about PCI compliance. Keep safe.