top of page
Search

PCI Compliance with QBO Payments

What Intuit (QBO Payments) Handles for You

  • Encryption and secure transmission of credit card data

  • Storage of payment info (if you use features like recurring billing)

  • Ongoing system and network security maintenance

  • Quarterly vulnerability scans and compliance documentation (for their own systems)

Your Responsibilities as a QBO Payments User

  1. Complete the PCI Self-Assessment Questionnaire (SAQ)

    • Even with a third-party processor, you may need to fill out a short version of the SAQ—usually SAQ A or SAQ B (for merchants who do not store card data and use only fully hosted payment solutions).

    • Intuit/QuickBooks often sends reminders and may provide a link to the right SAQ through their portal or via email.

  2. Follow Security Best Practices

    • Don’t write down or store customer card info outside of QBO.

    • Restrict access to your QBO account to only those who need it.

    • Use strong passwords and enable two-factor authentication for your Intuit account.

    • Regularly review user access and permissions.

  3. Acknowledge or Attest to PCI Compliance (sometimes)

    • Intuit may require you to attest that you are following best practices (either in their portal or during annual reviews).

  4. Employee Training

    • Ensure anyone who has access to payments or customer data understands not to mishandle cardholder info.

What You Don’t Need to Do

  • You do not need to run your own network scans or manage technical security controls—Intuit does this as part of their service.

  • You do not need to store or protect credit card data locally (as long as you only use QBO to process payments).

What If You Only Use QBO and Don’t Touch Card Data?

  • If you only send invoices, accept online payments through QBO, and never see or store credit card numbers yourself, your PCI DSS compliance is minimal.

  • You will likely just complete SAQ A (the shortest one) and confirm you don’t handle card data directly.

Summary:

  • Most compliance is handled by QBO/Intuit.

  • You may need to complete a simple annual SAQ.

  • Follow basic security practices.

Action step:


Check your email or QBO Payments dashboard for any PCI compliance reminders or required actions. If you see an alert or request, complete the brief SAQ as instructed (it’s usually just a few yes/no questions). If you haven’t received anything, you can contact Intuit support to confirm your status—but for most users, you’re already covered!



 
 
 

Comments

Privacy Policy

*These are not guaranteed savings. Savings may be more or less and will be determined during your assessment based on your business size and circumstances.

©2024 by Ravenwood Accounting. All Rights Reserved

bottom of page