Get 50% OFF QuickBooks for 3 months*

Buy now
United States United Kingdom Australia Canada (English) Canada (French) France Singapore South Africa Global Ireland
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Work smarter and get more done with advanced tools that save you time. Discover QuickBooks Online Advanced.

Reply to message

View discussion in a popup

Replying to:
SisterJudith
Level 3
‎November 01, 2024 10:35 AM

Reply to message

Here is what I found, and I suspect it will be helpful for many of you.

[Disclaimer: I'm not a legal professional, and the following is my opinion for informational purposes only.  Please research to determine if this solution will work for you.]

 

1. A Key Thing To Know

Even though we contend we never have custody of payment information, we have to go through the due diligence to make sure there are no areas that we might miss that could make us non-compliant.  Seriously.

 

2. Depending on your situation, you may be able to complete a SELF-ASSESMENT.  

 

3. I recommend reading PCI Security Standards Council's publication - Payment Card Industry (PCI)

Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

 

There is a 'test' to determine whether you're eligible to do a self-assessment (Found on page 3 of their pdf).

 

Merchant certifies eligibility to complete this shortened version of the Self-Assessment Questionnaire because, for this payment channel:

 

  • Merchant accepts only card-not-present (e-commerce or mail/telephone-order) transactions);
  • All payment acceptance and processing are entirely outsourced to PCI DSS validated third-party
  • service providers;
  • Merchant has no direct control of the manner in which cardholder data is captured, processed,
  • transmitted, or stored;
  • Merchant does not electronically store, process, or transmit any cardholder data on merchant systems
  • or premises, but relies entirely on a third party(s) to handle all these functions;
  • Merchant has confirmed that all third-party (s) handling acceptance, storage, processing, and/or
  • transmission of cardholder data are PCI DSS compliant; and
  • Merchant retains only paper reports or receipts with cardholder data, and these documents are not received electronically.

Additionally, for e-commerce channels:

  • The entirety of all payment pages delivered to the consumer’s browser originates directly from a third-
  • party PCI DSS validated service provider(s).

 

 

 

Reply Join the conversation

Need to get in touch?

Contact us