I keep getting emails from Security Metrics about PCI compliance. What are the actual rules/expectations about PCI compliance when using Quickbooks?

I know the confusion you have about PCI compliance, @arl1231. Let me provide some information about it.

In QuickBooks, merchants that process, handle, transmit, or store credit card information must comply with PCI. The emails you’re receiving regarding PCI are intended to inform you about merchant service compliance standards.

PCI compliance offers resources for merchants to access security and compliance services. It is essential for all businesses accepting credit card payments to uphold PCI compliance to protect sensitive financial information.

Furthermore, Intuit has teamed up with SecurityMetrics, a top PCI service provider, to assist you in meeting the requirements. Please be aware that SecurityMetrics charges merchants an annual fee to validate compliance with Intuit.

You can visit this article to learn more about PCI compliance: 

• Learn about QuickBooks PCI Compliance
• Learn about the PCI DSS Compliance Services

I encourage you to bookmark this thread for any upcoming questions related to PCI compliance. Our team is here to empower you with the knowledge and support needed.

@DebSheenD   I have a follow-up question that I didn't see answered in the links provided. We have a small B2B business client, no employees, and currently only has one client who pays by credit card. I get that our client needs to have security measures in place within his office to protect his client's info, but is he required to sign up with Security Metrics or similar to be compliant?

It's great that you're taking the initiative to ensure your client meets these important standards for handling credit card payments, @Swordbooks.

Any business that accepts credit card payments should adhere to PCI compliance regulations, regardless of size or the number of clients.

Even though your client currently has no employees and only one person who pays by credit card, it's essential to implement security measures to protect sensitive information.

While Security Metrics is an official partner of Intuit for PCI compliance, your client is not limited to them for compliance solutions. Collaborating with them, however, ensures that you're working with a reputable provider.

Moreover, you can consider consulting a PCI compliance expert for additional guidance.

Furthermore, here are some helpful resources you can provide to your client for managing transactions and maximizing the benefits of their QuickBooks Payments account:

• Find transactions, deposits, or fees in the Merchant Service Center
• Find out when QuickBooks Payments deposits customer payments

By implementing security measures and considering various compliance solutions, you're setting your client up for success. If you have any more questions or need further insights, feel free to ask. All the very best, @Swordbooks!

@Swordbooks   DO NOT use Security Metrics!!!!  They are bullies and expensive.  There are other companies out there that will take better care of you, and be cheaper and more honest about things.  

TRUST ME!!  Stay away from Security Metrics.  

How is QB's response NOT clear proof that this is lucrative cross-marketing and not an actual compliance issue or requirement?? If I accept credit card payments through QBO but never actually take any customer's credit card info (or at least never write it down and do not keep it anywhere), in what rational world could there be a compliance concern and/or a need to hand over my business info to a scammer like SecurityMetrics??