If you process or store credit card information within your QuickBooks® file you must have secure passwords for your users. This is to ensure that you are in compliance with Payment Card Industry (PCI) Data Security Standards (DSS).
QuickBooks® facilitates this compliance; however, there are additional steps outside of QuickBooks® you and your business will need to perform in order to be in compliance with these security standards.
The PCI requirements are as follows:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor supplied defaults for system passwords and other security parameters
- Protect cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update antivirus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a Unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security.
Functionality in QuickBooks® will assist you with item 3 above by implementing the QuickBooks® Complex Password Requirements feature and number 10 can be achieved by using the QuickBooks® Credit Card Audit Trail. The other 10 requirements will require actions from you in order to be completed outside of QuickBooks®. If you have questions about these requirements please feel free to contact us. We will be happy to assist you in any way possible.