Protect Your Customer's Payment Card Data

When you, as a retailer, start accepting credit and/or debit cards for payment using the QuickBooks Desktop POS Merchant Service, you have a responsibility to comply with the requirements of the Payment Card Industry Data Security Standard (PCI DSS).

This standard includes requirements for the configuration, operation, and security of payment card transactions in your business, and extends beyond your use of Point of Sale. It includes requirements for restricting user access, as well as for protecting your computers, operating system, and network, and for communications with other computers and the Internet.

Note: If you use another merchant service for card payments, the cardholder data is not processed, stored, or transmitted by Point of Sale and this topic is not directly applicable to your use of Point of Sale. You should refer to the information provided by your service provider for compliance requirements.

Point of Sale has been engineered to help you comply with these requirements in your use of Point of Sale, but it is your responsibility to ensure your entire system is in compliance.

Point of Sale assists with PCI DSS compliance with the following features:

Encrypts the cardholder data stored in your company data, using an industry-standard, strong encryption process.
Automatically regenerates the keys used to encrypt card data once per year.
Provides you a tool to manually generate new encryption keys if you suspect a security breach has occurred.
Deletes old encryption keys anytime new keys are generated.
Automatically strips card information from stored transactions at sixty days of age; so that cardholder data is not retained any longer than necessary.
Logs all activities related to data access, payment card transactions, and changes to card encryption keys in an Audit Log and all failed attempts to log in to Point of Sale are logged in the Windows Event Log.
Provides a PCI DSS Implementation Guide detailing these features as well as requirements applying to the non-POS components of your system.

As a merchant, you are required to maintain certain security standards within Point of Sale as well as within your Windows operating system, your network, and your connections to the Internet or other computers.

Adherence to the standards not only is good for your business, as it assures your customers that their transactions are being handled in a secure manner, but also is fiscally important as your business could be held liable for fines or other damages if your customer's card information is ever stolen or compromised.

Refer to the PCI DSS Implementation Guide for complete details.

Intuit has prepared an electronic Implementation Guide to help you learn about and comply with these requirements. You can access this guide via the link below or at anytime by selecting User Manuals from the Help menu (Adobe Acrobat Reader required).