Search Merchant Services
Home Services Compare Pricing Demos For Questions or To Apply: Call 888-535-55490 Apply Online Call Me
QuickBooks Merchant Services
QuickBooks Point of Sale Services
Compare Pricing
Examples At Work
Demos
Apply
Home
What's New in QuickBooks 2009
Site Map
Site Help
QuickBooks.com
Customer Support
Data Security Requirements

QuickBooks Merchant Services Data Security

How does data security affect you?

  • Data security is critical for all merchants who accept payment cards to protect their business and their customers' sensitive data.
  • Card-accepting merchants must comply with this standard. Please visit www.pcisecuritystandard.org for more information and a full listing of the requirement.
  • The card associations (Visa, MasterCard, American Express, Discover® Network, and JCB) have agreed on a single standard for how this data is stored, processed, and transmitted: Payment Card Industry Data Security Standard (PCI DSS).
  • Depending on your merchant level, your requirements for compliance validation differ. Please click here for the chart of merchant levels and requirements.
  • Compliance will help protect you and your customers from theft and fraud, and safeguard the credit cardholder information that you process and/or transmit from attackers and other online hazards.

QuickBooks Merchant Services Data Security Program
QuickBooks Merchant Services strongly endorses the PCI DSS for the handling of cardholder data. To help you comply with the PCI DSS, QuickBooks Merchant Services has negotiated preferred pricing on compliance services with leading third-party assessor TrustWave (www.trustwave.com). TrustWave's TrustKeeper® portal makes compliance validation easy with three steps:

  • Step One: Complete the PCI DSS self-assessment questionnaire (What is this?)
  • Step Two: Perform network security scans on a quarterly basis (Why do this?)
  • Step Three: Repair any identified vulnerabilities in your IT environment (How do I do this?)

QuickBooks merchants can visit http://qbms.trustkeeper.net to get started.

PCI DSS Compliance FAQs

1. What is the PCI DSS Self-Assessment Questionnaire?

  • Multiple-choice questions about the merchant's card acceptance and processing environment.
  • Used to identify your risk level and assess your compliance with the requirements of all card associations regarding your cardholder data policies, procedures, administrative controls, access controls, and physical security measures.

2. What is a quarterly network scan?

  • Conducted by a third-party vendor of the merchant's external-facing IPs.
  • Identifies systems that are not secure, or that could be open to a security breach or data compromise.

3. How do I comply?

  • To be deemed compliant with PCI DSS, a merchant must pass both the scan and the questionnaire.
  • If deemed non-compliant, a remediation plan will be necessary to address the areas of weakness, risk, and vulnerability. You will be provided with solutions necessary to become PCI compliant, protect cardholder data, and reduce your risk.

4. What happens if I am not PCI DSS Compliant?

  • If you are non-compliant, you are subject to fines from the card associations.
  • If your security is compromised because of your non-compliance, you risk financial loss, additional fines, loss of business, damage to your brand's reputation, and other loss of critical systems.

If you have any questions or concerns, please contact the QuickBooks Merchant Services Customer Service Center at 1-800-558-9558

Additional Information



Data Security Standard
Build and Maintain a Secure Network
  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
  1. Protect stored data
  2. Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
  1. Use and regularly update anti-virus software
  2. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
  1. Restrict access to cardholder data by business need-to-know
  2. Assign a unique ID to each person with computer access
  3. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
  1. Track and monitor all access to network resources and cardholder data
  2. Regularly test security systems and processes
Maintain an Information Security Policy
  1. Maintain a policy that addresses information security


Level Merchant Classification Criteria
1 Visa, MasterCard, & Discover Network: Any merchant—regardless of acceptance channel—that:
  • Processes over 6 million Visa, MasterCard, or Discover Network transactions per year
  • Has suffered a hack or an attack that resulted in an account data compromise
  • Visa, MasterCard, or Discover Network determines should meet the Level 1 merchant requirements
  • Has been identified by any other payment card brand as Level 1

AMEX: Any merchant that processes over 2.5 million AMEX transactions, regardless of acceptance channel

2

Visa, MasterCard, & Discover Network: Any merchant that processes 1 million to 6 million Visa, MasterCard, or Discover Network transactions, regardless of acceptance channel

AMEX: Any merchant that processes 50,000 to 2.5 million AMEX transactions, regardless of acceptance channel

3

Visa, MasterCard, & Discover Network: Any merchant that processes 20,000 to 1 million Visa, MasterCard, or Discover Network e-commerce transactions

AMEX: Any merchant that processes less than 50,000 AMEX transactions, regardless of acceptance channel

4

Visa, MasterCard, & Discover Network: Any merchant that processes fewer than 20,000 Visa, MasterCard, or Discover Network e-commerce transactions or processes fewer than 1 million Visa, MasterCard, or Discover Network transactions, regardless of acceptance channel

Click here for additional terms and conditions by service.
Privacy  |  Legal  |  Contact Us  |  Terms and Conditions  |  Web Site Feedback
© 2008 Intuit Inc. All rights reserved.
Investment Considerations and Risks