| QuickBooks and PCI compliance |
|
QuickBooks stores Credit Card numbers. This is bad news for small merchants. Meaning a typical small business will have it's entire network in scope for PCI compliance. QuickBooks has a guide (finally) for setting up QuickBooks for PCI compliance.
http://support.quickbooks.intuit.com/support/papb.aspx The good news is QuickBooks encrypts the stored credit card numbers.
In addition, QuickBooks version 2008 is currently on the list of validated payment applications. See: https://www.pcisecuritystandards.org/
The problem most merchants will have is deploying QuickBooks for PCI compliance, it is not enough for them to use a validated payment applications. Small merchants will need to segment their networks or all systems on that network will be in scope.
What merchants using QuickBooks to process credit cards need to do? 1) Follow the guidelines for configuring QuickBooks outlined by Intuit. 2) Only upgrade QuickBooks to versions that are on the validated payment application list. 3) Get help if you need it. Donald E. Hester CISSP, CISA, CAP, PSP, MCT, MCITP, MCSE Security, MCSA Security, MCTS, MCDST, Security+, CTT+, MV
Brought to you by Maze & Associates, a leading Northern California Accounting Firm specializing in Municipal & Nonprofit Audit, Tax for individuals and all types of entities, Information System Audits, Security Reviews, as well as PCI Scans and certified training. Maze & Associates is a PCI ASV - Approved Scanning Vendor.
RSS Subscription: http://feeds2.feedburner.com/learnsecurityblog
Disclaimer: The views expressed here are those of the author and do not represent those of Maze & Associates.
|
Subscribe to LearnSecurity Blog using your favorite feed reader by 
Latest News
Maze & Associates On Demand PCI Scans - Free 14 Day Trail
|