Am I required to pay for a third party service that does so called pci compliance, especially given that I do not store any customer credit card information?

Yes, ari. You're still required to be PCI compliant regardless of whether you do or don't save customer credit card (CC) details. Allow me to clarify this for you.

PCI compliance is not limited to storing card information only. With that said, if you handle and process card payments, you still have to pay for this service. It's mandatory and ensures the security of your transactions and their associated data.

It's essential to remember that failure to comply with the Payment Card Industry Data Security Standard (PCI DSS) is subject to fines, audit costs, and additional restrictions. Furthermore, It covers breach coverage up to $50,000 for audits or expenses in case of a data compromise.

As a merchant accepting card payments, you must ensure payment security within your local environment. It includes all the applications and systems within your local network.

However, if you're not using QuickBooks Payments to accept CC payments, you don't have to comply with PCI DSS and pay its fees. For more information about PCI DSS compliance and its regulations and policies, please refer to these links:

• QuickBooks PCI Compliance.
• PCI DSS Compliance Services.

I'm also providing these resources so you can gather information about Intuit's collaboration with SecurityMetrics and get answers to commonly asked queries about the PCI DSS Compliance Services:

• PCI DSS Compliance Security Metrics FAQ.
• Intuit and SecurityMetrics partnership.

If there's more I can help you with about PCI DSS Compliance Services, or if you require assistance with your data and reports in the program, hit the Reply button. I'll be here and ready to assist you every step of the way.

Hello,

We use Intuit as a secondary payment service. We have PCI compliance through our primary payment provider. I spoke to someone from Security Metrics and they said that we would just need to submit our certification to Intuit. How do I go about doing that?

I can provide information about submitting the Payment Card Industry Data Security Standard (PCI DSS) compliance certification to Intuit, @Japage.

The PCI Compliance is required to all Merchants that accept credit card and debit card payments. This is indicated in the Merchant Agreement, specifically in the Data Security (PCI Compliance); Payor/Cardholder Personal Information section.

As for your question, Intuit doesn’t require the certificate to be submitted unless there’s a breach at this time. You can keep the certification and disregard the system-generated email notifications you receive since you're already PCI-compliant.

I'm attaching these articles for reference in managing PCI compliance:
 

• PCI DSS Compliance Services
• Learn about QuickBooks PCI Service
   

You can always go back to this thread if you have clarifications about managing your PCI Compliance or other QuickBooks-related queries. I'll be happy to help.

What if I already do PCI with another processor?

I appreciate you taking the time to express your concerns, David. Let me provide information about PCI with another processor.

If you already do PCI compliance with another processor, you still need to ensure that your current processor meets all necessary security standards and requirements. It's important to confirm that your current processor's PCI compliance aligns with industry standards. For further guidance, I suggest contacting Security Metrics to learn more about PCI compliance with another processor and to determine if you still have to pay for the service.

Here's how:

1. Access this link: https://www.securitymetrics.com/contact/contact-support
2. Select Contact Us, then Contact Support.
3. Please fill out the form and click Submit so they can contact you.
4. You can also reach them via phone call or email (contact number and email address posted on the page). 

I'll also provide these resources so you can gather more information about Intuit's collaboration with Security Metrics and find answers to commonly asked questions about PCI DSS Compliance Services:

• PCI DSS Compliance Security Metrics FAQ.
• Intuit and Security Metrics partnership.

If you have any concerns about PCI compliance, please tag me in the comment section, David. I'll assist you in any way possible.

Per the original Intuit response:

   "However, if you're not using QuickBooks Payments to accept CC payments, you don't have to comply with PCI DSS and pay its fees."

    I use GoPayment, so how does that factor in?

I don't see why we have to pay for it.  I am eligible for the SAQ A form and it's available online to fill out through the website you provided in your notification email about PCI.  So why can't I fill that out, certify and sign and provide it? Why would I have to pay a company to fill out the form for me??

I completely understand your concerns regarding PCI Compliance and the associated fees when using QuickBooks, Melissa.

It is important to note that the purpose of PCI compliance is to protect cardholder data from security breaches and to maintain the trust and security of the overall payment.

As for your concern, filling out SAQ A, QuickBooks encourages or requires validation through their partnered service for added security and to mitigate their liability regarding data breaches.

Additionally, Intuit has teamed up with SecurityMetrics, a leading provider in PCI services, to assist you in fulfilling these compliance requirements. Alongside the PCI Compliance services offered by SecurityMetrics, Intuit also provides breach forgiveness coverage of up to $50,000, which includes no deductible or co-pay for expenses related to audits, fines, or other costs arising from a data breach.

Moreover, if you have further concerns, I suggest contacting PCI support. They are equipped with tools and can provide information about PCI Compliance.

If you have further questions or need assistance with understanding your options regarding PCI Compliance, I encourage you to hit the Reply button and we'll be here to lend you a hand at any time. Your concerns are valid, and it's crucial to ensure that you feel supported and informed as you navigate these requirements.