Thursday, August 26, 2010

PCI Compliance in QuickBooks

Every business using QuickBooks should at the very minimum perform the steps here to ensure basic compliance with PCI DSS (Payment Card Industry Data Security Standards) with respect to storing credit card numbers in QuickBooks. Keep in mind that these steps are just the QuickBooks part, so make sure you do this.

To enable Customer Credit Card Protection in QuickBooks:

1. Enable Customer Credit Card Protection.

a. Select Customer Credit Card Protection from the Company Menu. The button in the window will either show Enable Protection (which means protection is NOT enabled) or Disable Protection (which means the protection IS enabled).

2. Ensure that all users of QuickBooks store credit cards only in the Credit Card No. field on the Payment Info tab of customer records.

3. Do not store sensitive authentication data such as card-validation codes (the three-digit number near the signature panel), personal identification numbers (PIN) or magnetic strip data.

4. Limit access to credit card data by assigning or removing permission for users to view full customer credit card numbers.

5. Set complex passwords and change them every 90 days for all users with access to credit card data.

6. Keep QuickBooks updated by turning on automatic updates.

No comments: