United States United Kingdom Australia Canada (English) Canada (French) France Singapore South Africa Global Ireland
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PrestigeD
Level 3
posted
‎September 18, 2024 09:25 AM
last updated ‎September 18, 2024 9:25 AM

Solved - PCI compliance, SecurityMetrics, and Intuit Merchant Services

Topic - we all got the "invitation" to have Security Metrics handle our PCI Compliance.

Situation - I use Merchant Services for all electronic payments and don't want to pay Security Metrics for doing nothing of value.

 

Like many of us, I am INFURIATED with Intuit's lack of responsiveness with respect to those of us who exclusively use Intuit Merchant Services to handle 100% of our electronic payments. By this I mean, I never see or touch a customer credit card and literally everything goes through Intuit payment portals. My hunch is that they get a referral fee for sending people to SecurityMetrics (Intuit's preferred provider)... but that's just my guess.

 

So, here's the deal: 

1) You HAVE to complete a self-assessment questionnaire. The easiest place to do this (unfortunately) is through SecurityMetrics. Sign up for an account (it's free) and take the self-assessment. It'll take about 15 minutes, but just do it. You're legally required to do so. If you answer appropriately, it will resolve that you are SAQ A. (see page 20 from the pdf guide here: www.securitymetrics.com/learn/guide-to-pci-dss-compliance) here for a description of all levels. When you are done, DOWNLOAD that file and save it. Side note - if it asks for the url or website or IP address of the site where you take payments, I used www.merchantcenter.intuit.com.This seemed to work for me.

 

2) Sign in to your merchant services account. Request a support chat and tell the agent (likely a tier 1 child who is incapable of answering real questions) and tell them that you have completed the PCI self-assessment and you would like to upload that file to confirm compliance. I also told them not to answer any question with a referral to Security Metrics. Eventually they sent me an email to do a "secure file exchange" and I uploaded the self-assessment. I guess you could call support as well but I went the online chat route. The goal is to find a way to upload this file to them.

 

At this point, I consider this PCI compliance complete. I simply refuse to pay SecurityMetrics a fee to upload to Intuit a self-assessment questionnaire that I did all the work on. The whole idea of self-assessment is that I did it myself. Intuit needs to have a PCI portal where customers like me and you can upload our SAQ A questionnaire. It is unfathomable to me that they do not have this option. 

Reply Join the conversation
Sign in for expert help
Ask questions, post replies & join our community of QuickBooks users.

Need to get in touch?

Contact us