PCI Compliance Letter

@MichaelOD 

"How can I possibly be responsible for where QuickBooks stores information?"

Because you have a QuickBooks Payments merchant account that can be accessed with a login from your computers and mobile devices.  If a hacker somehow logged into your merchant account, they could charge credit cards and change the bank account where the funds are deposited.  It is those computers and mobile devices that are vulnerable, and what PCI compliance is designed to address.  You don't need to use Security Metrics; use whoever you want.    

"If a hacker somehow logged into your merchant account, they could charge credit cards and change the bank account where the funds are deposited."

Unless Intuit is storing customer account information in my account, which they claim they are not, the only account information that can be changed is mine.  Have you ever tried changing that account?  It's not that easy, and it's not that quick, so, either you are lying, or you just have no idea what you are talking about.  Further, the change you are referring to is completely traceable and reversible.  Again, your answer smells.

i appreciate the effort though, and having read every single response on this topic, could congratulate you on the most believable lie told here on the subject.

Wait, my bad, a hacker could charge my customers?

How?

I don't store their credit card numbers.

so you are saying Intuit stores customer credit card numbers in my account without my knowledge or permission?

thank you.  For goodness sakes.  Finally someone admits Intuit is storing credit card information without permission.  Are you an Intuit employee by any chance?  Probably not anymore if you were, eh?

I cannot stand being lied to.  Why would anyone want to go through life a liar?  How can that be a happy life?

Why is Intuit storing my customer's credit card numbers without my permission, or are you lying about this "risk?"

I'm beginning to believe Intuit never received PCI compliance for their Intuit Online software.  They want us to pay for an insurance policy to cover their loss risk, right?  And this is called PCI compliance?

When was the Intuit Online and GoPayment software tested?

To what standard?

How do I receive a copy of the reports?

https://blog.rsisecurity.com/how-to-prepare-for-pci-secure-software-compliance/

This is going to be a class action if we cannot get some straight answers.  I need new accounting and merchant software anyway.  It's no loss to me if regulators and litigators takes Intuit down.

@MichaelOD 

Man, take a deep breath and relax.  There's no need to insult those of us on this forum just trying to help.  I'm a fellow QB user just like you.  I have no affiliation with Intuit.  I'm a former corporate controller who oversaw the PCI compliance process for our business.  At that time, we used QB Payments, and by logging into our merchant account, I could charge customer cards, issue refunds, void sales, and change our depositing bank account.  Perhaps that has changed.  Regardless, a simple online search makes it obvious that every single business that accepts credit cards, regardless of size, needs to be PCI compliant.  It's an easy process.  

I'm on my only annual vacation, taking time from my autistic son to deal with this scam.  Take a breath and relax?  You are so out of line I don't see how you will ever make it back in.  What process?  The only process I've been offered is pay money and download a scanning virus from a disreputable security company.  Your experience is based on storing credit card numbers.  You were a security risk.  I don't.  I never have a customers credit card number.  They enter it into Intuit's online pay portal, or write me a paper check.  I cannot create a risk unless Intuit is storing credit card numbers accessible to my account, without my permission.

No, go back and look at your claims.

Relax?  You just lied to me, out of ego and ignorance.  Perhaps you should relax, and take a breath, and not chastise people when you did no due diligence on their use case.

Or if nothing else, stop spreading lies.

In this age of self awareness, I offer you opportunity.  Here you go Buddy.  A two year long thread.  It's a scam and they've been doing it for years:

https://quickbooks.intuit.com/learn-support/en-us/employees-and-payroll/self-assessment-questionnair...

Perhaps you can read that and instead of taking the view of a former corporate controller (whatever that means, sounds like a compliance job), you can imagine 1. You aren't being paid for your time, 2. All costs come directly out of your family's mouth, not corporate coffers, 3. You are actually responsible for content, not some compliance guy that does nothing but report what other people did right or wrong, with zero responsibility for that content, or its solution, 4. You have to actually do the work yourself, not "oversee," which sounds like getting your boss to approve a contract for someone else to do the work.

if I'm being unfair, let me know, rather than undermine all the small business owners by continuing the filthy coverup, not because I asked you too, but because that is the absolute minimum a person with a shred of character would do.

I'm amazed by your ilk and will to harm complete strangers.  I wish you nothing but karma.

@Rainflurry 

Here's another two year long thread about this scam, and you are one of the people posting the corporate lie that an Intuit customer that never sees a customer credit card number is a security risk:

https://quickbooks.intuit.com/learn-support/en-us/reports-and-accounting/why-is-pci-compliance-compa...

You already knew you were lying when you replied to me.  "Relax and take a breath?"  Please, karma upon you, so deserving.