Reconcile – revamped and better than ever!

Posted May 20, 2013 by Priyajeet
Categories: Features

Have you checked out the New Reconcile feature yet? If not, now’s the time to give it a try.  We introduced the New Reconcile screen a couple years ago and we continue to make additions, so if you haven’t had a chance to check it out you’ll definitely want to.  We’ve redesigned the new reconcile screen to make it faster and easier to reconcile your accounts. Here’s some of the amazing features you’ll find:

- Save time tracking down reconcile differences. We pinpoint them for you!
- See more transactions at once with a new, two-column view
- Easily track your progress and totals without scrolling
- Sort columns just by clicking a column header
- Resize columns to see more or less data
- Change the order of the columns

reconcile screen shot

In order to try these new features out go to Banking>Reconcile.  Once you’re on the reconcile screen click on ‘Try new Reconcile’ at the top left.  There’s no risk to trying out the new reconcile.  You can always switch back to the old reconcile screen by clicking on Old Reconcile at the top right.  But we are confident that once you start using the new reconcile screen you’ll be hooked.

May accountant webinar recording & slides

Posted May 14, 2013 by jessicaPM
Categories: Accountants, Events, Features, Mobile, News, Product Management, Tips & Tricks

Hi all,

 

Thanks so much to those that joined me today for our May accountant webinar…there were over 300 of you! Lots of great questions and fun as always.

 

For those that had to miss it, here is the recording: https://attendee.gotowebinar.com/recording/8655380073461004800

If you’d like, here are the slides as well. They aren’t that helpful without the recording, so I recommend you use them as a viewing aide but not by themselves: May webinar slides

 

I know some folks have had trouble listening to the recording in the past–hopefully we have no issues this month! Unfortunately, after spending many hours on the phone with GoToWebinar, we have not been able to identify a source of the problem since the recording does work for the majority of viewers across different browsers and operating systems.

 

Talk to you all again soon!

QuickBooks Online support is ending for Internet Explorer 8 and Safari 5

Posted April 13, 2013 by Priyajeet
Categories: Support

Last fall we mentioned discontinuation of Internet Explorer 8 as a supported browser for QuickBooks Online. This post is a reminder for those folks who have not yet switched from this legacy browser. With our next release we will be issuing a warning about the same every time you login using IE8. Likewise, Safari 5 users will also be getting an upgrade warning soon.

Once we end support (sometime in the next 2 months) we will stop fixing any non-critical issues for QBO under IE8 (and Safari 5) and any new feature released may not work well either. You will however still be able to access QBO via IE8 / Safari 5 even after we drop support for it.

While you may choose to stick with IE8/Safari 5, you will be using the browser without any support from us and may miss out on newly released features. You can still call support regarding general accounting issues that are not related to the browser, however support agents will not be able to help with issues arising due to your use of IE8/Safari 5.

We are encouraging all users to switch to Chrome, Firefox, IE10 or IE9 at their earliest convenience. Upgrading to these new browsers will also improve the performance of QBO as well as your regular day-to-day browsing.

For up to date browser support, check out this blog post.

Windows XP users: Microsoft will be ending all support for this legacy OS in about a year. At that time you will not be receiving any security updates either and your machine may become vulnerable to security risks. We are encouraging you to consider upgrading your machine soon to keep getting security updates.

Safari 5: Due to the various issues in Safari 5 as well as the age of the browser, we recommend people upgrading to Safari 6 or another browser.

Frontend Engineering of QuickBooks Online

Posted April 9, 2013 by Priyajeet
Categories: Events

UPDATE: Slides
https://docs.google.com/presentation/d/18Ho1IF8CsZzO1B9N2AJth615nsE2KK-TGDFCXCYB7ks/edit?pli=1#slide=id.gb8d45332_0128

 

The Silicon Valley HTML5 User Group (sponsored by Intuit) will be hosting a tech talk about certain frontend engineering aspects of QuickBooks Online. The presentation will take place at our Mt. View campus on Tuesday Apr 9th @ 6:30pm PST. We will be streaming this event, the details of which are below. And later we will share our slides too. Consumers of QuickBooks Online interested in the the technical aspects of the product (client side UI) are welcome to listen in or drop by in person if you prefer that. See the meetup details below for more information.

Meetup Details
http://www.meetup.com/Silicon-Valley-HTML5-User-Group/events/109991672/

Webex Details

https://intuitcorp.webex.com/intuitcorp/j.php?J=595789269

Web Meeting Number: 595 789 269
Call-in toll-free number: 1-888-8753049 (US)
Conference Code: 650 319 5789

Technology behind QuickBooks Online – Security

Posted February 28, 2013 by Nilendu Misra
Categories: Security

This is a series of blog posts on QBO Technology. We start with taking a look at QBO security practices. In next few we will discuss Performance, Scalability, and SaaS architecture for QuickBooks Online.

Introduction

“Security is a smile from a headwaiter” – Russell Baker

SaaS (Software as a Service) applications are often referred to as “rented apps.” However, we believe that analogy needs work. Using a SaaS app should not be like renting an apartment where the landlord could bring in a mechanic without even notifying the renter ahead. Our users deserve much better. We believe that SaaS/Cloud apps should be more like renting a Lock Box at a bank. As a bank provides top notch security and is accountable for a fully exclusive private access only to the lock box user and no one else – QuickBooks Online’s job is to provide our users with accounting logic and compute capacity. User’s data is not only exclusively owned by him/her, but we strive to make the system as secure as most secure banks’ lock boxes, if not more. As a user, you and only you have the key (login) to access the data – when you want,  using a device of your choice, for however long you want and manage that data with the accounting logic we provide. So, please be assured that your data and business assets are in safe hands.

QuickBooks Online security/privacy model is a three-legged stool. Each of the three buckets gets re-visited and re-calibrated at least once a year, and in reality a few times a year.

1) Physical and Access Security

Tier-4 Data Center: QBO is hosted on two Premier Tier-4 data centers. Tier-4 is the highest category in the data center tiers. There’s no tier-5!

Screen Shot 2013-02-25 at 12.18.26 AM

Stringent Background Check: Intuit is in business of Consumer and Small Business Finance for decades. It has robust established practices of recruiting that involves several rounds of background and reference checks.

Site Security: All our key sites are guarded by Intuit Security, follow Access Card-based entry to each building and 24*7 perimeter vigil and control. Data center security is several orders of magnitude stricter and without special privilege pass even an Intuit employee cannot get inside our Data Centers. Maintaining a regime of “Compensating Control,” we have strict separation of roles between Development & Production, and Production access requires multiple levels of authorization. E.g., Operations function is vertically separated in Dev-Ops and Prod-Ops to enable highest degree of control on access of Intuit production assets.

Throttle and other limit put in every tier to prevent DDOS: From Firewall to web to app to storage tier to prevent malicious intent at each tier. Inappropriate accesses are audited from logs periodically. Access logs are audited typically at least a year to revisit past issues.

Password Policy: We follow a strong password policy and password duration for all environments.

2) Code and Infrastructure Security

Release process tied with strong security metrics with stringent exit criteria: We log thousands of hours of security Code Reviews every year by our senior most Staff, Principal and Distinguished Engineers for anti-patterns focusing on SQL injections; Cross-site scripting; Encryption Usage and Correct usage of application APIs. “Code Collaborator” tool is used to track the reviews and it is integrated with our source-code control system for review audits. We also use Static Code Analysis tools like Coverity, Fortify regularly to scan the code for presence of any existing anti-patterns. Consider this coarse-grained protection to complement the fine grained protections applied in Code Reviews.

Security Coding Standards & Best Practices followed in Business Logic; User Interface (JavaScript; CSS); Data/schema and Log: Authentication has built-in capabilities to prevent DOS and Brute Force resistance and to frustrate automated DOS attacks we use CAPTCHA after a certain number of failed attempts. Secret and sensitive information is encrypted in storage and in transit. For most confidential data, like Social Security, Bank Account and Credit Card, it is tokenized away from storage. Auditing, logging and reporting are in compliance with best security practices. E.g.,

  • Capture essential forensic data, capturing data for critical events or exceptions, and stringent protection of logging data itself.
  • Encode Output and Validate Input to make sure browser never displays an executable code or to-be-stored data is of a certain type and is not an executable code itself.
  • Internal Wiki created by developers with each functional and technical area for on-boarding new internal developers.

Test Cases: Our developers also are required to write Unit tests to assure that code behaves properly in the face of common forms of attack. Some examples of security unit tests are given in the references.

Security patch update

Regular Update: We have quarterly/bi-yearly/yearly cycles to update software patches, including security patches for our hardware and software stacks.

Ad-hoc Security Patching: As needed. We listen to various security distribution from our vendors and communities (like JSR). e.g., the following recent security updates from Java and Tomcat were carefully discussed the same day and proper actions were rapidly taken to ensure security of QBO users where applicable.

sec-pic    oracle-java

‘Corporate Information Security’ (CIS) is a separate internal unit that deals with Security of application and corporate assets. This team has a great talent pool including some ex-law enforcers; highly experienced security domain experts; anti-phishing /anti-malware strategists etc. Also, there is an Intuit-wide “Security X-Team” with representations from all Business Units/Apps to enable shared learning from recent events.

3) Independent / External Validation of assets and practices

Regular (Independent) Penetration Testing: Despite our best practices and stringent processes, we know that humans make mistakes. To eliminate any vulnerability, we follow a daily/monthly/yearly regime of security tests.

  • Daily: Static Automated Analysis with Tools.
  • Monthly: Trustwave PCI Compliance Tests
  • Yearly: Negative Penetration Tests by external independent security experts. Here we assume “everything is suspect” and simulate BOT attacks to test whether our Firewall, Web and App servers hold against most stringent denial of service and other malicious attacks. We have strategic partnerships with some of the most revered names in the security practices domain and we regularly bring those experts inhouse to “audit and break” our code. Some of the series tests we perform against ourselves are -
    • Denial of Service attack using large number of attackers trying to overwhelm servers, or to use large payloads to break our application.
    • Mass mining for Information attack to try to get sensitive data, with or without valid credentials.
    • CSRF Attack to try hijack an (internal!) user session and forcing the browser to send request to malicious sites.
    • Cross Site Scripting attacks to reflect attacker’s content back to the user to execute and pass on sensitive information to attacker
    • SQL Injection attacks to inject SQL in the application with malicious intent
    • Cookie Management
    • Try to break Weak Passwords
    • Packet Sniffing Attacks to intercept sensitive or private information in flight etc

Quarterly Review of “Application Security Dashboard” with our CTO and CIO: Every quarter, we review our “Application Security Dashboard” – an established set of questions that bring wide and deep data about QuickBooks Online’s security practices – with many of our executives.

References

QBO Security Disclaimer
PCI
NIST 800-53

How to write security test cases

  1. Cross site scripting Cheat sheet
  2. SQL injection Cheat sheet
  3. XML Parser DOS Attacks

CERT Secure Coding Standards for C and Java
Java Access Manager

New: Swipe Cards in QuickBooks Online- It’s Faster, Easier, and Cheaper

Posted February 22, 2013 by QBO Dave
Categories: Features, News, payments

Image

Update April 29th: The card swipe feature is now available. Thank you for your patience as we worked through these issues.

Update April 3rd: We have completed fixing the issues found in the previous release and we’re currently testing the fixes. Once we are confident that everything is working correctly, the card swipe feature will be made available. We apologize for the delays.

Update March 6th: Until the card swipe feature returns to QBO, you can use your card reader with the Merchant Service Center to get the swipe rate. See the steps here

Update March 5th: Customers will temporarily be unable to see the card swipe feature. We encountered some bugs in our last release and wanted to make sure everything is perfect first. We’re working to put this feature back in your QuickBooks as soon as possible. Don’t worry, you can still order your card readers and you will be able to swipe again soon.

You asked, we answered! You can now swipe credit cards to take payments from your customers using QuickBooks Online. Save yourself time, data entry, and qualify for lower rates too!

All you need is a USB card reader. Plug it into your computer and you’re ready to swipe cards, qualifying you for rates as low as 1.69% (versus 2.52% for key entering). Just swipe from the Sales Receipt or Receive Payment pages in QuickBooks Online.

If you already turned on Payments, you just need a card reader. They’re inexpensive and don’t require leasing or maintenance fees like traditional terminals. We’ve got you covered. Order one today. You can also find it online, part number 21040110.

If you haven’t turned on Payments yet, click “Accept Credit Cards” under your Customers tab. Follow the prompts and you’ll be accepting credit cards in no time. Don’t forget to order a card reader, too!

Feedback—it’s a good thing. The Payments team values your input. Letting us know what works well and what doesn’t helps us make better products and features. Send us your comments by clicking the Feedback button in QuickBooks Online. You can also post responses to this blog post.

Apple Features our New FREE QuickBooks Online for iPad companion app

Posted February 18, 2013 by Priyajeet
Categories: apps, iOS, Mobile

*Update: We are extremely humbled that Apple featured our banner on the Business Category homepage for iPad. None of this could have happened without you! Much love and thanks to our loyal QBO customer base.*

You asked for it and we delivered…QuickBooks Online for iPad is here and it’s free! You can start using it right now! Sign in using the same User ID and password you use for QuickBooks Online.

A5827848-DBA1-42E8-BBB0-69936CF736D6

Free for all QuickBooks Online subscribers, QuickBooks Online for iPad syncs seamlessly with QuickBooks Online. It helps you manage your customers, invoices, estimates, and expenses from work, home, or on the go. Not only have we been featured by Apple as a “New & Noteworthy” app, but QuickBooks Online for iPad already ranks among the Top 10 free iPad business apps on the App Store.

Optimized for the iPad with Retina display and iPad mini, QuickBooks Online allows you to:

Gain insights into your sales, income, and expenses with interactive reports and charts
Screen Shot 2013-02-15 at 5.59.35 PM

Instantly capture your customer’s electronic signature to approve estimates and send invoices from anywhere

Screen Shot 2013-02-15 at 5.59.07 PM

See a timeline of your customer’s latest transactions and attach photos and notes to your estimates

Screen Shot 2013-02-15 at 5.59.20 PM

So what are you waiting for? Check out QuickBooks Online for iPad now!

A5827848-DBA1-42E8-BBB0-69936CF736D6

Discussion: http://community.intuit.com/posts/introducing-our-new-quickbooks-online-for-ipad-app


Follow

Get every new post delivered to your Inbox.

Join 4,234 other followers

%d bloggers like this: