Showing results for 
Search instead for 
Did you mean: 

How to prevent fraud and identity theft in your QuickBooks Payments account

Fraud and identity theft are growing industry concerns and you play an important role in safeguarding your QuickBooks account information. Take note of the following key points to help protect your account.

Always use secured account passwords

  • Always use a different password for your e-mail account and your Intuit account. This ensures that when you are asked to confirm any password changes you are managing two separate passwords.
  • Do not share account passwords with others.
  • Get into a routine of changing your passwords regularly.

Report suspicious emails

Phishing is the act of stealing information such as usernames, passwords, and other sensitive information by masquerading as a trustworthy sender.

Phishing e-mails do not always look suspicious. Fraudsters often impersonate trusted brands in e-mails. They send links to websites that look legitimate and ask you to sign in with your credentials.

  1. Remember that Intuit [or Quickbooks] will never ask for sensitive information in an email.
  2. Be vigilant and ask yourself the following questions as you read your email:
    • Do you recognize the sender’s email address?
    • Are there grammatical or spelling errors in the message?
    • Is the tone consistent with what you would expect from the sender?
    • Is the sender asking you to urgently click on a link in the message?
    • Is the sender threatening that you may lose access to your account?
  3. Before opening any links in an e-mail, ensure that they link to a trusted site like If a link looks suspicious, use your browser to look up the site, rather than clicking the link provided.
  4. If you receive a suspicious e-mail that appears to be from Intuit or QuickBooks, please take the following steps:
    1. Don’t select any links or download any attachments within the suspicious email.
    2. Forward the e-mail to
    3. Delete the suspicious email from your inbox.
  5. Forward the suspicious email. Don’t cut or paste content, because valuable tracking information will be lost. Our security experts will review and determine whether the email is legitimate.
  6. You may also visit our security page at for the latest updates on the latest phishing email attacks and security updates.

Actively monitor your account activity

  1. Regularly check the list of users you have granted access.
  2. Monitor your transactions by looking at your Activity & Reports regularly. Click Transactions to check for any transactions that you do not recognize. It’s critical to act as quickly as possible to minimize harm.
  3. If you receive a notification about a bank account change that you did not initiate, call us immediately.

Steps to take if you believe your QuickBooks Payments account has been compromised

  1. Call our Payments team immediately at 800-397-0707.
  2. Change the passwords on all your online accounts immediately, including email accounts because fraudsters can use these email accounts to gain access to other online accounts.
  3. Make sure that your contact information is up-to-date on all your online accounts. Make sure no unknown phone numbers or email addresses have been added to your accounts. Fraudsters will often use these to get back into the account after the account password is changed.

Frequently Asked Questions (FAQs)

What is identity theft?

Identity theft happens when a criminal obtains your personal or business information from sources outside Intuit, such as malware, phishing, even the dark web. They then use that information to steal money from your accounts, open new accounts, obtain services, and commit other crimes —all using your personal or business identity.

What is a strong password?

Strong passwords must:

  • Be more than 8 characters long.
  • Use a combination of lower case, upper case, a number, and a special character like ~!@#$%^&*()_+=?><.,/.
  • Not contain a word or date associated with you (like a pet’s name, family names, or birth dates).
  • Be a combination of words with unusual capitalization, numbers, and special characters interspersed. Misspelled words are stronger because they are not in the dictionary used by attackers.
  • Be something you can remember.
  • Not be your name, address or phone number.
  • Not be the same across multiple web sites or online accounts.

What do I do if I think my QuickBooks Payments account has been compromised?

You need to immediately:

  • Contact our Payments team at 800-397-0707 so we can verify your identity and secure your account.
  • Change passwords and review your accounts. Change the passwords to all your online accounts, including your email accounts and review them to make sure that accounts have not compromised.
  • Place a fraud alert. Contact the fraud department of the 3 major credit bureaus.
  • File a police report. Contact local law enforcement authorities because this will help as you work with the credit agencies.

You may also want to:

  • Check your computer to ensure your computer (and terminal) has not been compromised.
  • Monitor all your online accounts and account information more closely. Identity theft can happen again, either to the same account or to a new online account.
  • Monitor your credit report.

Who covers the losses resulting from identity theft?

Intuit will waive all processing fees for all transactions involving stolen or fraudulent cards and checks. If your online account has been compromised, you could be held financially responsible.

How do I escalate a dispute?

When you report unusual or suspicious activity on your account, our Risk department will investigate your case and determine an outcome. It takes a few business days to do a thorough investigation.