Self Assessment questionnaire PCI compliance

It's nice to see a new face here, @Karen11.d. 

Thank you for your interest in finding a self-assessment questionnaire for PCI compliance. I'll share more details to help you manage your local security environment.

PCI DSS Standards are required for all merchants that accept credit or debit cards. If you do these via the QuickBooks site, be PCI compliant. 

First, create an account with SecurityMetrics to streamline the PCI compliance validation process. After finishing it, you can purchase the PCI package and complete an SAQ.

1. Select Sign Up, then fill out all the fields on the Create Account page.
   
2. Select Create Account, then follow Intuit FastPass to determine your PCI compliance requirements.
3. Select Next then select a security package that best fits your business.

To know more about PCI DDS compliance, please see this article: Learn about the PCI DSS Compliance Services.

See this guide for the FAQs along with tools and services included in the QuickBooks PCI Service: Learn about QuickBooks PCI Service.

If you have other concerns about your QuickBooks account, please don't hesitate to let me know in the comments below. I'll gladly help. Take care.

@karen.duncan434@ 

I know someone went thru it entirely themselves to see how their paid version and you-do-it version compares to our free version and our we-do-it-for-you version. Here’s the breakdown about Intuit’s new mandatory PCI Compliance process, buckle in b/c it’s a lot of info for your benefit:

Security Metrics PCI Test Review:
The initial self-assessment questionnaire is moderately the same as other payment processor do but would be difficult for someone unfamiliar with the type of tech heavy questions, as Security Metrics doesn’t help guide you through this process unless you buy the $195/year package.

Once the self-assessment questionnaire is complete, you’ll be led to the paywall where you must purchase one of packages above. Unless you opt for the $195/year Intuit Managed package you’ll be completing everything by yourself with little to no guidance.

You’ll answer another 40 or so questions on top of the 50+ you answered in the self-assessment. If these are answered incorrectly, you’ll either instantly be flagged as non-compliant or your upcoming scan will fail and that too will mark you as non-compliant, which leads to more monthly fees hitting your account.

For the scan you’ll need to know your IP address and input it then pick a date within the next quarter to run this scan. If you were to want to scan another time for a separate IP address your business may have, it will cost $129 per extra quarterly scan. Which brings you to $516 per year + whichever package you bought earlier while setting up the account.

Security Metrics does have a good feature of telling you what you need to do to become compliant, but they don’t tell you how to do it (Unless you purchase Intuit Managed PCI Pro $195). There’s a lot to keep track of and answer all while having many important questions not being able to be re-answered if you answered it incorrectly.

If you don’t feel like doing it yourself at the $85 initial cost, or being guided through it at $195, they have a separate yearly package that will do almost everything for you to attain compliance for a steep price of $670. Another option, you should consider having a 3rd party merchant service provider to integrate with QB. Everything listed above one provider does for no extra cost and is built into their $30 fixed fee for newly boarded merchants for the entire duration of their time with them.

I have the same question. I am inundated by e-mails and phone calls from Security Metrics but I understand that I can do a self-assessment instead. Except I cannot find any information on that.

I hope this information helps someone else since it is very clear the support team is goal oriented in pushing this onto everyone. 

To complete the PCI Compliance Assessment in QuickBooks Payments, follow these steps:

1. Log into QuickBooks Online:

   • Navigate to QuickBooks Online.

2. Go to the Payments Section:

   • In the left-hand menu, click on "Settings" (the gear icon) in the upper right corner.
   • Under the "Your Company" section, select "Account and Settings".
   • Next, go to the "Payments" tab.

3. Look for PCI Compliance Notifications:

   • In the Payments section, look for any messages or notifications related to PCI compliance. QuickBooks will often notify you if an assessment is needed.
   • If prompted, follow the on-screen steps to complete the PCI compliance process. You may be redirected to a third-party provider, such as SecurityMetrics, which handles PCI assessments for QuickBooks Payments.

4. Complete the PCI Compliance Assessment:

   • The assessment typically involves answering a series of questions regarding how your business processes and handles payment card data.
   • If you use QuickBooks Payments exclusively for processing payments and don’t store any sensitive card data yourself, the assessment is usually straightforward.

5. Download and Save Your PCI Compliance Certificate:

   • Once completed, you’ll receive a confirmation of your compliance, usually in the form of a certificate. Make sure to save a copy for your records.
   • If required by your bank or payment processor, provide them with a copy of your PCI compliance certificate.

6. Contact QuickBooks Support (If Needed):

   • If you don’t see any PCI compliance-related options or need further assistance, you can contact QuickBooks Payments support for clarification on your status and next steps.

By completing the PCI compliance assessment, you ensure that your business adheres to the required standards for processing credit card payments securely.