Get 50% OFF QuickBooks for 3 months*

Buy now
United States United Kingdom Australia Canada (English) Canada (French) France Singapore South Africa Global Ireland
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Work smarter and get more done with advanced tools that save you time. Discover QuickBooks Online Advanced.

Reply to message

View discussion in a popup

Replying to:
JonoSC
Level 2
‎July 19, 2023 01:45 PM

Reply to message

Reading the QB links provided by the QB team causes even more confusion, as they are not definite answers or guidance. I've found this website to be helpful in providing clarity: https://www.pcisecuritystandards.org/document_library/?document=pci_dss

And specifically this section in the Quick Reference Guide:

 

Scope of PCI DSS Requirements

PCI DSS requirements apply to:

• The cardholder data environment (CDE), which is comprised of:

  • –  System components, people, and processes that store, process, and transmit cardholder data and/or sensitive authentication data, and,

  • –  System components that may not store, process, or transmit CHD/SAD but have unrestricted

    connectivity to system components that store, process, or transmit CHD/SAD. AND

• System components, people, and processes that could impact the security of the CDE.

“System components” include network devices, servers, computing devices, virtual components, cloud components, and software. See PCI DSS “Scope of PCI DSS Requirements” section for examples of “system components.”

 

That first bullet point highlights why most of us use QB payments so we don't have to handle this data, and thus don't have to certify as PCI compliant.

 

No matter what, I personally am not going to fill out the SecurityMetrics survey as it is clearly a shakedown; I am pretty sure they will use any answers to forward their gains, whether a person needs to be certified or not. The fact that they don't display the pricing until after you have provided your details, is very sketchy.

Reply Join the conversation

Need to get in touch?

Contact us