Intuit's responsibilities for acceptance of payment cards

Every business needs to collect revenue from its customers. Today, more often than not, those payments are made by consumers and businesses using payment cards, either credit or debit cards. To address increasing concerns about the protection of card data, the payment card industry (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) requires companies that accept payment cards to adhere to a set of standards: the Payment Card Industry Data Security Standard (PCI DSS).

At Intuit, business units and their teams are responsible for ensuring that Intuit fully complies with Payment Card Industry Data Security Standards (PCI DSS) and Payment Application Data Security Standard (PA DSS). Below you will find a link about Intuit applications that meet the PCI DSS and have Report on Compliance (RoC) and Attestation of compliance (AoC) as well as a link to find out about our flagship products that are PA DSS certified. Follow these instructions to get to the information you need.

PA-DSS applications

PCI DSS Compliance

PCI DSS compliance is required of all entities that store, process, or transmit cardholder data, including financial institutions, merchants and service providers. The PCI DSS applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce. The PCI DSS offers a single approach to safeguarding sensitive data for all card brands.

PCI DSS includes the following requirements:

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt the transmission of cardholder data across open, public networks.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.

How do I comply?
To achieve PCI DSS compliance, merchants and service providers must adhere to the PCI DSS requirements set forth by the PCI Security Standards Council, which offers a single approach to safeguarding sensitive data for all card brands.

Why is it important?
By complying with the PCI DSS, entities can protect their business and their customers while building a culture of security that benefits all parties in the payment system.

What is the PCI DSS self-assessment questionnaire?
The PCI DSS Self-Assessment Questionnaire is multiple-choice questions about the merchant's card acceptance and processing environment. It is used to identify your risk level and assess your compliance with the requirements of all card associations regarding your cardholder data policies, procedures, administrative controls, access controls, and physical security measures.

What happens if I am not PCI DSS compliant?
If you are non-compliant, you could be subject to fines from the card associations. If your security is compromised because of your non-compliance, you risk financial loss, additional fines, loss of business, damage to your brand's reputation, and other loss of critical systems.


PCI guidelines for applications using QuickBooks Payments

When you accept debit and credit cards as payment for your sales, you agree to take the necessary steps to protect your customer's data. If you use the QuickBooks Payments to authorize and settle credit or debit card transactions in Intuit QuickBooks Point of Sale follow the standards and guidelines at the PCI Resources Website. This Website includes requirements for the configuration, operation and security of payment card transactions in your business.

Additional information: