Credit Card Security Standards And QuickBooks®

If you process or store credit card information within your QuickBooks® file you must have secure passwords for your users.  This is to ensure that you are in compliance with Payment Card Industry (PCI) Data Security Standards (DSS).

QuickBooks® facilitates this compliance; however, there are additional steps outside of QuickBooks® you and your business will need to perform in order to be in compliance with these security standards.

The PCI requirements are as follows:

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor supplied defaults for system passwords and other security parameters
  3. Protect cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Use and regularly update antivirus software
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a Unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security.

Functionality in QuickBooks® will assist you with item 3 above by implementing the QuickBooks® Complex Password Requirements feature and number 10 can be achieved by using the QuickBooks® Credit Card Audit Trail.  The other 10 requirements will require actions from you in order to be completed outside of QuickBooks®.  If you have questions about these requirements please feel free to contact us.  We will be happy to assist you in any way possible.


QuickBooks® File Backup

Something we want to make sure we get out to you is the importance of doing a proper backup of your QuickBooks® company file.  We have seen one too many times where a client is backing up their entire hard drive to another location, say an external drive, another server, or something such as that.  In the world of QuickBooks® this simply isn’t enough.

We would suggest backing up your file a minimum of once a quarter using the built-in backup utility within QuickBooks®.  Doing this will clean out your transaction log file (the file ending in .tlg).  This file is used to track all transactions performed within QuickBooks® between complete backups.  Not doing so can lead to a corrupt company file and/or an unmanageable transaction log file.  If this were to happen and you have been backing up as recommended the Intuit Data Recovery Team can use your last complete backup and the .tlg file to rebuild your company file, minimizing any data loss.

To backup your file in the way we are discussing above do the following while in single user mode.  Within QuickBooks® click “File” > “Save Copy of Backup…” You should then be able to click “Next”, and “Next” again.  When the Backup Options screen opens choose the setting that works for you, but verify that you select “Complete Verify”.

If you have any question about backing up your QuickBooks® file please feel free to contact us!