Online Security Center Home > Protect Your Business > Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard

Intuit responsibilities for acceptance of payment cards

At Intuit, business units and their teams are responsible for ensuring that Intuit fully complies with PCI DSS. Below you will find a link to find out about Intuit applications that meet the PA-standards. Below that you will find a link to learn about Intuit applications which are certified and have a "Report on Compliance." Follow these instructions to get to the information you need.

PA-DSS applications

  1. Click https://www.pcisecuritystandards.org/security_standards/vpa/
  2. Read the Notice and click Accept.
  3. Under Filter Payment Applications by Company Name, select Intuit, Inc.
  4. Click Filter Applications.
  5. Review the list of Intuit payment applications.

QuickBooks Desktop applications certification status (US)

  • 2008--Certified and listed on site
  • 2009-Certified and going through process of being listed on web site
  • 2010--Auditor approved - waiting for PCI-SSC approval.
  • QuickBooks 2011--Auditor approved - waiting for PCI-SSC approval
    Learn how to get compliant.

QuickBooks Desktop applications certification status (Canada)

  • 2010--Auditor approved - waiting for PCI-SSC approval
  • 2011Auditor approved - waiting for PCI-SSC approval

QuickBooks POS certification status

  • Version 6--certified and listed on web site
  • Version 7--certified and listed on web site
  • Version 8--Certified and listed on site
  • Version 9--certified and listed on web site
  • Version 10--Certified and listed on site

Quickbooks Cash Register Plus

  • 2009--certified and listed on web site
  • 2010--certified and listed on web site

For older versions, click http://visa.com/pabp

GoPayments

  • GoPayment 2.0--Not in PCI-SSC scope for payment applications

PCI processor report on compliance (ROC)

  1. Click http://usa.visa.com/download/merchants/cisp-list-of-pcidss-compliant-service-providers.pdf
  2. In the Search box at the top of the pdf page, type the product name you wish (see list below) to check and press the Enter key.

Currently certified

  • IGS
  • IMS
  • Quickbooks Merchant Services
  • ECHO

Certified and going through process to be listed on web site

  • Homestead
  • QuickBooks Online
  • Small Business Finance Works

For any other questions concerning compliance, please email security@intuit.com

More information

Every business needs to collect revenue from its customers. Today, more often than not, those payments are made by consumers and businesses using payment cards - either credit or debit cards. To address increasing concerns about the protection of card data, the payment card industry (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) requires companies that accept payment cards to adhere to a set of standards: the Payment Card Industry Data Security Standard (PCI DSS).

Information security requirements

PCI DSS includes the following requirements:

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt the transmission of cardholder data across open, public networks.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.

PCI information for businesses--cardholder data security Internet processing

How do I comply?

To be deemed compliant with PCI DSS, a merchant must pass both a scan and a questionnaire.

What is the PCI DSS self-assessment questionnaire?

The PCI DSS Self-Assessment Questionnaire is multiple-choice questions about the merchant's card acceptance and processing environment. It is used to identify your risk level and assess your compliance with the requirements of all card associations regarding your cardholder data policies, procedures, administrative controls, access controls, and physical security measures.

What is a quarterly network scan?

The quarterly network scan is conducted by a third-party vendor of the merchant's external-facing IPs. It identifies systems that are not secure, or that could be open to a security breach or data compromise.

What if I'm not deemed compliant?

If you are deemed non-compliant, you must put together a remediation plan to address the areas of weakness, risk, and vulnerability. You will be provided with solutions necessary to become PCI compliant, protect cardholder data, and reduce your risk.

What happens if I am not PCI DSS compliant?

If you are non-compliant, you are subject to fines from the card associations. If your security is compromised because of your non-compliance, you risk financial loss, additional fines, loss of business, damage to your brand's reputation, and other loss of critical systems.

PCI guidelines for applications using Intuit Merchant Services

When you accept debit and credit cards as payment for your sales, you agree to take the necessary steps to protect your customer's data. If you use the Intuit Merchant Service to authorize and settle credit or debit card transactions in Intuit QuickBooks Point of Sale follow the standards and guidelines at the PCI Resources web site. This web site includes requirements for the configuration, operation and security of payment card transactions in your business.

Additional information

VeriSign
TRUSTe Certified Privacy Seal