Payment Card Industry Data Security Standard

Intuit responsibilities for acceptance of payment cards

Every business needs to collect revenue from its customers. Today, more often than not, those payments are made by consumers and businesses using payment cards, either credit or debit cards. To address increasing concerns about the protection of card data, the payment card industry (American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International) requires companies that accept payment cards to adhere to a set of standards: the Payment Card Industry Data Security Standard (PCI DSS).

At Intuit, business units and their teams are responsible for ensuring that Intuit fully complies with Payment Card Industry Data Security Standards (PCI DSS) and Payment Application Data Security Standard (PA DSS). Below you will find a link about Intuit applications that meet the PCI DSS and have Report on Compliance (RoC) and Attestation of compliance (AoC) as well as a link to find out about our flagship products that are PA DSS certified. Follow these instructions to get to the information you need.

PA-DSS applications

  1. Click https://www.pcisecuritystandards.org/security_standards/vpa/
  2. Read the Notice and click Accept.
  3. Under Filter Validated Payment Applications by Company Name, select Intuit, Inc.
  4. Click Search.
  5. Review the list of Intuit payment applications.

QuickBooks Desktop applications certification status (US)

  • 2012--Validated and acceptable for new deployment

Learn how to get compliant

QuickBooks POS certification status (US)

  • Version #8.0 R 10-Certified and listed on site
  • Version 9-waiting for PCI-SSC approaval
  • Version 10.0-Certified and listed on site
  • Version 2013-Auditor approved - waiting for PCI-SSC approval

For older versions, click here.

PCI DSS applications are listed and registered in VISA's Global Registry of Service Providers

  1. Click http://www.visa.com/splisting/searchGrsp.do
  2. In the Search criteria box at the top of the page, type Intuit under Company and click "go." All of Intuit's PCI Certified applications will be displayed.

Offerings currently certified and not displayed on the registry are listed as "Other":

  • Innovative Gateway Solutions (IGS)
  • QuickBooks Merchant Services
  • QuickBooks Online (QBO)

Other Intuit applications currently PCI certified and not on the VISA Global Registry are:

  • Intuit FinanceWorks

For any other questions concerning compliance, please email security@intuit.com

PCI DSS Compliance

PCI DSS compliance is required of all entities that store, process, or transmit cardholder data, including financial institutions, merchants and service providers. The PCI DSS applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, and e-commerce.

The PCI DSS offers a single approach to safeguarding sensitive data for all card brands.

PCI DSS includes the following requirements:

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt the transmission of cardholder data across open, public networks.
  • Use and regularly update anti-virus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a policy that addresses information security.

How do I comply?

To achieve PCI DSS compliance, merchants and service providers must adhere to the PCI DSS requirements set forth by the PCI Security Standards Council, which offers a single approach to safeguarding sensitive data for all card brands.

Why is it important?

By complying with the PCI DSS, entities can protect their business and their customers while building a culture of security that benefits all parties in the payment system.

What is the PCI DSS self-assessment questionnaire?

The PCI DSS Self-Assessment Questionnaire is multiple-choice questions about the merchant's card acceptance and processing environment. It is used to identify your risk level and assess your compliance with the requirements of all card associations regarding your cardholder data policies, procedures, administrative controls, access controls, and physical security measures.

What happens if I am not PCI DSS compliant?

If you are non-compliant, you could be subject to fines from the card associations. If your security is compromised because of your non-compliance, you risk financial loss, additional fines, loss of business, damage to your brand's reputation, and other loss of critical systems.

PCI guidelines for applications using Intuit Merchant Services

When you accept debit and credit cards as payment for your sales, you agree to take the necessary steps to protect your customer's data. If you use the Intuit Merchant Service to authorize and settle credit or debit card transactions in Intuit QuickBooks Point of Sale follow the standards and guidelines at the PCI Resources web site. This web site includes requirements for the configuration, operation and security of payment card transactions in your business.

Additional information