QuickBooks users who store, process, or transmit customer credit card data in QuickBooks are required to protect that data by complying with the
Payment Card Industry Data Security Standard (PCI DSS).
There are 12 requirements in the PCI DSS; some apply to QuickBooks and some do not. The QuickBooks tasks that meet requirements are listed below; the relevant PCI requirements are shown in parentheses before each task.
The associated tasks do not necessarily satisfy the entire requirement. Refer to the PCI DSS for detailed information about complying with each requirement.
(PCI DSS #2, 3, 4, 8) Enable Customer Credit Card Protection.
(PCI DSS #9) Use only the Credit Card No. field on the Payment Info tab of a customer record to store your customer credit card data.
(PCI DSS #3) Do not store sensitive authentication data such as card-validation codes (3-digit number near signature panel), personal identification numbers (PIN), or magnetic strip data.
(PCI DSS #7) Limit access to credit card data by assigning or removing permission for users to view full customer credit card numbers.
(PCI DSS #7, 8) Set complex passwords and change them every 90 days for all users with access to credit card data.
(PCI DSS #6) Keep QuickBooks updated by turning on automatic updates.
Note: Intuit does not provide support for tasks completed outside of QuickBooks.
Refer to the
Implementation Guide for details about PCI DSS requirements 1, 4, 5, 6, 8, 9, 10, 11, and 12.
What if I don't comply?