I do not use QBO but use QB Accountant desktop with payment processing which is stored on a remote QB hosting server, that is encrypted (I login, logout when done - server is closed). I have a QBA account that automatically sets up now to login to a couple client accounts that have QBO (separate from desktop); there is no payment or personal/business info in it. I have two factor authentication (phone/text/email). I change my password often. On 09/20 a series of 6 payment from unknown companies started going through my account. I had NO notification from the two factor authentication as to a login to alert me, thus, I didn't know it had happed until days later. The only way I actually found out was by an incoming email stating I had "money on the way" $9k coming into my account (9/23). I opened my bank account; nothing was posting or processing. I opened payment processing and saw my bank account and telephone number had been changed. I called support; told them what was taking place; was told to change password, change bank and telephone back to my own (first mistake!) Well of course those monies from two unknown companies reversed and Intuit didn't close my account the same evening I called. Because I had done what I was told, the charges reversed against my account. My bank was able to stop the processing and close my bank account - I never received any funds; not even my own. I've run every audit trail known to man, had QB hosting and security search everywhere for a breach on my end and there is NOTHING! No new dummy clients set up, no invoices paid, absolutely nothing. I called support for 4 days after trying to get someone to help me trace back on their end what took place; no one ever called me back, I was reduced to chat - waste of time!. I did ask one guy to see if he could find phony bank account and routing; he did and gave it to me - turns out it's a cash app account (lightbulbs streaming!) He also told me support should have NEVER had me change the info back to my own. I checked 60+ client files on server, nothing wrong; check my company for anything unusual again - audit trails are clean, nothing processed, no activity. Conclusion; it definitely didn't happen on my remote server which is the only way I use Quickbooks.
Tonight I get a call, recognize it's an Intuit telephone and happily answer it as maybe someone is going to finally clue me in as to something they found. Person on the other end wants to know how I intend to repay the $7k I was able to stop process on, that I NEVER RECEIVED in the first place. I tell her, they were not clients or vendors, I don't know who they are or how someone got access to my account; nothing on my end to say there was a login. I tell her the saga of days of trying to figure out how someone was able to use my account without my knowledge, I even called the companies that were being defrauded to ask them if they knew how it happened on their end (Did they use QBO, did their accountant?) Intuit "nut job" spouts off in a very nasty "woke" tone that from what you tell me; someone gained access to your account with your credentials and YOU are liable per your signed agreement and starts a screaming match with me as to what she chose to hear and what I'd said. Anything I had said was twisted into her version to deliver the "We want money that you didn't get"! My agreement says "customer" or "vendor"........it says nothing about totally unknown transactions and bank accounts that are larger than any average amount that has ever gone through my processing account which I was not aware of until 3 days later. She said anytime I process a payment, I am again agreeing to "the agreement". Well, I didn't login, there is NO record of anyone logging in with my user name, email or telephone related to me or processing an invoice, sales receipt or payment; I didn't process those payments, I have NO two factor id's in text or email to alert account activity; so HOW am I now liable? "YES YOU DID" she says. UGH!!! I tell her to send me my signed agreement; she was to do that some 4 hours ago. Crickets! Called my attorney; he'll handle it. I suggest you do the same. Intuit should not intimidate their clients, we can go "woke" too!
