When you start accepting credit and/or debit cards for payment using the QuickBooks Desktop Point of Sale Merchant Service, you have a responsibility to comply with the requirements of the Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS includes requirements for the configuration, operation, and security of payment card transactions in your business, and extends beyond your use of Point of Sale. It includes requirements for restricting user access, as well as for protecting your computers, operating system, and network, and for communications with other computers and the Internet.
Important: If you use another merchant service for card payments, the cardholder data is not processed, stored, or transmitted by Point of Sale and this topic is not directly applicable to your use of Point of Sale. Refer to the information provided by your service provider for compliance requirements.
QuickBooks Desktop Point of Sale is engineered to help you comply with these requirements, but it is your responsibility to ensure your entire system is in compliance.
How does QuickBooks Desktop Point of Sale assists me in complying with the PCI DSS?
Point of Sale assists with PCI DSS compliance with the following features:
- Encrypts the cardholder data stored in your company data, using an industry-standard, strong encryption process.
- Automatically regenerates the keys used to encrypt card data once per year.
- Provides you a tool to manually generate new encryption keys if you suspect a security breach has occurred.
- Deletes old encryption keys when new keys are generated.
- Automatically strips card information from stored transactions at sixty days of age; so that cardholder data is not retained any longer than necessary.
- Logs all activities related to data access, payment card transactions, and changes to card encryption keys in an Audit Log and all failed attempts to log in to Point of Sale are logged in the Windows Event Log.
- Provides a PCI DSS Implementation Guide detailing these features as well as requirements applying to the non-POS components of your system.
What happens if I don't comply with the PCI DSS?
Note: As a merchant, you are required to maintain certain security standards within Point of Sale as well as within your Windows operating system, your network, and your connections to the Internet or other computers.
Adherence to the standard is not only good for your business, it assures your customers that their transactions are handled in a secure manner, but also is fiscally important as your business could be held liable for fines or other damages if your customer's card information is ever stolen or compromised.
Intuit has prepared an electronic PCI DSS Implementation Guide to help you learn about and comply with these requirements. You can access this guide through the link or at any time by selecting User Manuals from the Help menu (Adobe Acrobat Reader required).