This article contains:
Why do I have to deal with PCI DSS? Aren’t Intuit QuickBooks applications secure?
As a merchant accepting cards for payment, you need to maintain payment security throughout your local environment. This means all applications and systems in your local network need to be secure. QuickBooks is just one secure application in your environment.
Other payment service providers may claim that you don’t need to be PCI compliant. This is technically true for QuickBooks Payments, too. We allow you to use QuickBooks Payments services, even if you are not PCI compliant; but, we do not claim that you are PCI DSS compliant. This would imply that because QuickBooks is secure, your entire local environment is secure. This is not the case. Other applications may compromise the security of your environment
Our PCI Service simplifies the process to secure your entire environment and covers forensic exam costs and fines associated with a card data breach. For more on PCI Service benefits, click here.
What is the PCI Data Security Standard (PCI DSS)?
PCI Data Security Standard is a set of cybersecurity principals and operational best practices, designed to protect merchants and cardholders against card data breaches.
To review up-to-date materials posted on the PCI Security website, please visit these pages:
What is the Payment Card Industry Security Standards Council (PCI SSC)?
The Payment Card Industry Security Standards Council (http://www.pcisecuritystandards.org) was formed by the Card Brands (VISA/MC/AMEX/DISCOVER) in 2006, is a global open body formed to develop security standards for payment account security.
What type of accounts are charged a PCI Service fee?
Merchant accounts on Qualified Pricing are charged an annual PCI Service fee, per the miscellaneous fees section of their merchant agreement. Merchants on Standard Pricing without a monthly fee can turn on their PCI Service for $9.95 per month.
Is the PCI Service fee charged monthly or annually?
Merchants on Qualified Pricing are charged an annual fee, unless they ask to be billed monthly. Merchants on Standard Pricing pay monthly PCI Service fees of $9.95/mo.
How are PCI Service fees calculated?
PCI Service fees are billed on a graduated scale. The more transactions you have, the higher your service fee (up to a max of $100).
Below is the PCI Service fee schedule for merchants on Qualified Pricing.
If your account has been open for more than 12 months, your PCI Service fee for the upcoming year will be based on transactions from the prior 12-mo period.
If your account was recently boarded on a qualified pricing, your account will be charged a PCI Service fee on your fourth billing statement. Annual Transactions will be projected by multiplying actual transactions in your first three months of service by four (3 mo actual x 4 periods = 12 mo projection).
By way of example, if your account had 20 transactions in its first three months, then your fourth billing statement will include a $50 PCI Service fee.
• 20 Transactions in 1st three months (three months = one quarter)
• x4 (four quarters = one year)
• 80 Annual Transactions (projected)
• 80 Annual Transactions -> $50 Annual PCI Service fee
How do I get PCI benefits if my account is on Standard Pricing?
You can upgrade to a service plan with monthly fees, or email PCICompliance2@intuit.com and request access to PCI services for $9.95/mo.
Are ProAdvisors (QuickBooks certified accountants) subject to PCI Service fees?
ProAdvisors are subject to the same criteria as everyone else.
How do I ask for a PCI Service fee refund?
To apply for a refund, you must be the Principal on the account and need to send an email to PCICompliance2@intuit.com within 30 days of being charged the PCI Service Fee and state either:
1. You are PCI Compliant with another approved PCI Vendor and have included a current PCI Compliance Certificate with a PCI Compliance waiver: I (name of the Principal of the Company) understand I am waiving my rights to receive PCI Compliance tools and services, and I am also waiving my rights to Card Data Breach Protection. If the above requested information is incomplete or not received within 30 days then your PCI Service Fee will not be refunded.
2. You have closed your account within 30 days of receiving the PCI Service Fee.