"Any company or organization that handles cardholder data, whether to process, store or transmit, must meet PCI compliance requirements."
Based on this, QB must be PCI compliant and not us. Using QB to do everything, they are the only entity in the process flow that has cardholder data to process, store or transmit, etc.
If my company does none of those things, I am not required.
I'd ask any of these PCI experts or QB representatives to show me where in their process, which we pay for and use, do we ever fall under PCI compliance requirements as stated above? We simply do not.
