Everything You Need to Know About QuickBooks and PCI Compliance

Written By Northwest Wine Accounting

Have you received an email from QuickBooks about PCI compliance and are wondering if you need to act? Here’s our response. 

If you’re a winery owner using QuickBooks Online (QBO) for payments, you may have recently received an email about PCI compliance, stating that it’s an annual requirement. 

If that left you scratching your head, you’re not alone. 

Especially if your invoicing process is just sending out payment links and letting customers enter their own card info.

Let’s clear up the confusion and give you some practical advice on Quickbooks and PCI compliance

 

What Is PCI Compliance?

PCI compliance is basically a set of rules designed to keep credit card information secure. Any business that “accepts” credit card payments, even if they don’t directly handle card information, has to follow these rules.

 

Why Is QuickBooks Reaching Out?

QuickBooks Payments users have been receiving emails saying they need to be PCI compliant. This has caused a lot of confusion, especially for businesses that don’t manually process or store card details. 

The main question: is this really necessary, or is it just another box to check off?

 

Do You Really Need to Worry About It?

Unfortunately, the answer isn’t entirely straightforward. Here’s what we know:

  • Standard Practice: Most payment processors handle PCI compliance as part of their service, but QuickBooks seems to shift some of that responsibility—and cost—onto its users. *Sigh*

  • What’s in the Fine Print: Intuit’s terms for QuickBooks Payments state that businesses need to follow certain procedures to protect cardholder data. However, if your winery doesn’t actually handle card details—like when customers enter their payment info through a secure link—you might not need to pay for PCI compliance. Many business owners have found that ignoring the compliance email hasn’t resulted in fees or penalties.

  • The Email Could Be a Money Grab: It’s important to know that the PCI compliance email may just be an offer from one of Intuit’s partners to complete a compliance questionnaire, which can cost around $300. This can be confusing, as it may look like a requirement when it’s actually optional and potentially overpriced.

 

What We Recommend for Winery Owners

If your winery uses QuickBooks Payments and you’re only sending out payment links without touching card data:

  • Double-Check Your Process: If you don’t manually handle card details, you might not need to jump through compliance hoops. If you're unsure, reach out to Intuit for clarification.

  • Know the Real Risks: While you might not face penalties for ignoring the compliance request, it’s smart to know how payment data flows in your business and make sure it’s secure.

  • Use Free Options: If you do decide to complete a PCI compliance check, look for free questionnaires online—you don’t need to spend $300.

  • Consider Staff Training: Even if your winery doesn’t directly handle card data, training your team on how to manage customer information can only help. It keeps everyone aware of best practices and reduces the chance of mistakes or potential issues.

 

The Short Story

QuickBooks and PCI compliance emails may make you feel like you need to jump into action immediately. But you can take a deep breath. 

If you’re only using QBO’s payment links and never handle card details, you might be in the clear. That said, it’s always a good idea to review your situation or reach out to Intuit or your accountant for clarity.

Still have questions? Visit our Getting Started page to get in touch with our team. We’re always here to help.

Until next time.

Northwest Wine Accounting
Previous

Understanding Overtime for Winery Employees in Washington State
Next

Cybersecurity for Wineries: How to Protect Against Attacks