Credit Card Security Standards And QuickBooks®

If you process or store credit card information within your QuickBooks® file you must have secure passwords for your users.  This is to ensure that you are in compliance with Payment Card Industry (PCI) Data Security Standards (DSS).

QuickBooks® facilitates this compliance; however, there are additional steps outside of QuickBooks® you and your business will need to perform in order to be in compliance with these security standards.

The PCI requirements are as follows:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor supplied defaults for system passwords and other security parameters
  3. Protect cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update antivirus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a Unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security.

Functionality in QuickBooks® will assist you with item 3 above by implementing the QuickBooks® Complex Password Requirements feature and number 10 can be achieved by using the QuickBooks® Credit Card Audit Trail.  The other 10 requirements will require actions from you in order to be completed outside of QuickBooks®.  If you have questions about these requirements please feel free to contact us.  We will be happy to assist you in any way possible.