I understand your confusion, Machelle. Since you use QuickBooks Payments and don’t handle customer payment details directly, it’s natural to wonder why PCI compliance is required. Let me clarify this for you.
 

Payment Card Industry Data Security Standard (PCI DSS) compliance is a set of security standards designed to ensure anyone involved in processing, transmitting, or handling credit card payments does so securely. Its primary purpose is to protect cardholder data, reduce the risk of fraud or breaches, and safeguard the entire payment ecosystem.
 

While QuickBooks Payments itself is PCI compliant, maintaining compliance is required at your level as the merchant ensures your business also meets the security standards outlined by PCI DSS. Even if you're only sending invoices or using QuickBooks Payments to process transactions, you are still considered part of the payment ecosystem and need to validate your compliance.
 

It is the merchant's responsibility to uphold PCI compliance, which applies to any business that accepts credit or debit card payments, regardless of size or how payments are processed. Even though you don’t directly handle payment information, you are still responsible for ensuring your systems, policies, and practices meet security standards.
 

Being PCI compliant helps businesses rebuild trust, reduce risks, detect issues early, and mitigate the impact or liability of a security incident. You have the option to use SecurityMetrics or other third-party providers to help with your compliance process.
 

Check this article to know more about PCI DSS compliance: Learn about QuickBooks PCI DSS Compliance Services.

Please leave us a response if you have other questions or concerns.