cancel
Showing results for 
Search instead for 
Did you mean: 
theoregonweaver
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

I recently received an email saying:
"Intuit has partnered with SecurityMetrics, a leader in data security and compliance to simplify PCI certification for you. You are requested to complete validation of PCI Compliance by December 31st, so please ACT NOW."
Is this a scam? I am suspicious of this because: 
1. it is short notice
2. there is a fee
3. QB self-employed is already PCI compliant
Is this compliance really necessary from Security Metrics and why do they charge a fee?
24 Comments 24
Jovychris_A
Moderator

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Security Metrics is legit, theoregonweaver.

 

Intuit has a PCI service provider to help our QuickBooks Payments subscribers meet Data Security Standard (DSS) compliance requirements.

 

If you have created a QuickBooks Payments account to link with QuickBooks Self-Employed with SecurityMetrics, then you'll be asked to complete its FastPass.

 

Yes, this compliance is necessary for Security Metrics if you purchase the PCI package. That's why they charge a fee for the service. In addition, you need to complete the Self-Assessment Questionnaires (SAQ) and set up your scans. 

 

You should be able also to receive email instructions. If none, I suggest browsing this article to learn other details about PCI compliance and your roles: Learn about QuickBooks PCI Service.

 

On the other hand, I also suggest contacting our QuickBooks Payments Support Team. This way, they can securely check your subscription for any add-on PCI Service fee. I also encourage you to report this to our Intuit Security team since you find this prompt message suspicious or if you don't have a QuickBooks Payments subscription. This way, they can review if the information is legitimate.

 

  1. Go to this link; https://security.intuit.com/.
  2. Click Contact Us.
  3. Look for Report a fake email (or phishing email) and click on it.

 

Please let me know if you have other concerns about completing the PCI compliance with Security Metrics. I'd be here to guide you more. Keep safe and more power to your business!

Rainflurry
Level 14

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

@theoregonweaver 

 

PCI Compliance applies to your business if it accepts credit cards as a form of payment.  It's not a scam and it's required.  The fee is not unusual and it's generally less than the non-compliance fee if you don't complete the PCI compliance questionnaire.   

neilhschwartz
Level 2

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

I also received an email from QuickBooks stating that I am  "requested to complete validation of PCI Compliance by December 31st."  The way it is worded using the word "requested" and not "required", told me it was nothing but another QB sales ploy. But I took the bait, and  clicked the link provided.

Clicking the link took me to the Secure Metrics assessment page.  Upon completion of the assessment, I was taken to a page stating that if I buy a package I will be 23% compliant (see screen shot).  NO INFORMATION WAS PROVIDED TO TELL ME RESULTS OF THE ASSESMENT, and no information was provided to tell me how I can fulfill the other 77%.  Basically it's just, "Buy a package"

I'm baffled and befuddled by the "request". Since I invoice directly through QuickBooks, where my customers enter their own data to pay through QB online, I do not collect or enter any of my customer card data.  I am sure there are some things I should do to make my business compliant, but I am certainly not going to blindly buy some package without more details.

Until I receive an email stating that I am REQUIRED to get PCI compliance, I'll just ignore the REQUEST.

GranadaBook
Level 3

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

This is my 5th year using Intuit payments/ merchant and I was never required to be PCI compliant before.

My bookkeeping clients (many who also accept intuit payments) were never required to be PCI compliant.

Other merchants send clients a free online PCI complaint questionnaire that takes 15-20 minutes to complete. (for free).

I've done it to my company and clients before.

I believe that's another QB sales ploy to get people's money.

Somewhere in intuit PCI compliance information pages, you can find instructions to file a form directly with Intuit, but the link takes you back to the initial instruction page and you end up no where, frustrated, angry and baffled.

 

martinjvh
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Echoing other comments on this post, I too received the "you are requested...." email.  I ignored it.  Yesterday I received a phone call from SecurityMetrics asking me to signup for PCI compliance.  I explained to the caller that I do not take credit card payments; some of my clients pay by card and INTUIT receives card information and payment and then deposits cash into my account.  The SecurityMetrics sales person insisted that I need it.  I ended the call and made a call to QuickBooks Support.  They verified that as my account is not setup for ME to accept card payments I DO NOT need to be PCI compliant.  I have seen elsewhere that if there is an issue, QuickBooks customers should contact QuickBooks and ask them to put  a note on their account record stating they do not need to be PCI compliant and ask them to include notification number ATTN-10602 in the record.

unitedelectric220
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

This is correct. Since QB handles all payment information and data storage, they are the ones being required to be PCI compliant in which it says they are in their term. If we do not ever ask for CC info or account info and its all inputted by the customer through QB; my company is NOT required to sign up for any sort of PCI compliance program. How does it make sense that I am not the card processor and only get paid by QB yet somehow QB seems to think I am responsible for being PCI compliant and paying a yearly cost. No sir this is incorrect.

Legacy
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

So I called QuickBooks after receiving this pci email and they told me I had to do the pci compliance even though I do not process, store or deal with any customers card info. I’m at a loss. I don’t feel like I have to subscribe to this pci compliance. I do understand it’s to protect card info and that’s great but pouring out money doesn’t make sense.

nsshawaii
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

I am a sole proprietor, I'm retired and work from home and have an Etsy shop to help pay the bills. I got all of these calls and emails but there is absolutely no way I'm going to pay that every month. It's way out of my league.

So because I was taking some payments on Intuit I have just discontinued using Intuit for payments and will move on with Venmo or PayPal.

laurynrecchia-gm
Level 2

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

I also called Quickbooks on this and was told I did not have to purchase a PCI package. The fees paid to Quickbooks for using their credit card processing service covers your PCI compliance fees. 

shislop
Level 3

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

If we do not take credit card payments with cards in hand, but instead only allow customers to pay via the credit card payment links (using Intuit Merchant Services) sent by the Quickbooks software to our client, is it REQUIRED that we create an account and pay a fee to Security Metrics? Is it required that we complete the SAQ?

laurynrecchia-gm
Level 2

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

I told the Security Metrics sales person just that. And that I had talked to QuickBooks. So far they've stopped bothering me so I'd say you're good.

PBCW
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

It's legit. And it's only 80 bucks for the year

aq-b
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

$80 / year is a lot of money.  Warren Buffet's wife just complained about paying $4 for coffee. Money traveles to where it is valued and protected. 

LittleLoafBakeshop
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Hi there, I received this as well, but I don't know how to answer the questions. We are a start-up bakery in a commercial/incubator kitchen with the two owners and 5 part time employees. We use the network there to send out invoices to our 4 wholesale accounts (they submit payment), but that's it in terms of credit cards. These questions ask about malware and secured networks and security cams and all that...but we don't control any of that at the business. They do have an IT team. I'm not sure what to do here. Shouldn't they be the ones filling this out? 

Angelyn_T
Moderator

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Thank you for adding your first post, @LittleLoafBakeshop.

 

SecurityMetrics is an official partner of Intuit that provides streamlined PCI DSS compliance services for QuickBooks Payments accounts.

 

When signing up for a SecurityMetrics account, you'll be asked to complete the FastPass and get the PCI package that works for your business needs. If you're uncertain about the answer to the questions, you can call for assistance at the number shown under Who can I contact if I have questions regarding my SAQ or questionnaire?.

 

On the other hand, I've also added this reference about working with PCI compliance that may be useful in the future: Intuit Security Center - PCI Compliance.

 

Please let me know if you have any other questions about the self-assessment questionnaire when completing the PCI compliance with Security Metrics. I'd be happy to assist you further. Have a good one!

Todd G1
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Do I need to become compliant if I only use the bank transfer option?  I never use the credit card option. 

DebSheenD
QuickBooks Team

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

I appreciate you taking the time to share this concern in the Community, @Todd G1. I'm here to provide information about QuickBooks Payment Card Industry Data Security Standard (PCI DSS) compliance.


The need for compliance depends on the specific regulations and laws in your country or region. Using the bank transfer option in QuickBooks Online may still require compliance with certain financial regulations and data protection laws, even if you do not use the credit card option.

PCI compliance helps protect your business and customers from theft and fraud. Payment cards like Visa, MasterCard, American Express, and Discover require PCI compliance every year. If your business accepts, stores, or transmits payment card data, you have to be PCI compliant.


Otherwise, you don’t need to activate the service and submit any requirements. Please know that it won’t interrupt your QuickBooks subscription.


You can read these resources to learn more about PCI DSS Compliance Services:

 


Let me know if you need further information about the PCI compliance. I'm always here to answer them for you. Keep safe, and have a wonderful day!

DarixWiseman
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

I am continuing to get this email.  I cannot unsubscribe.  I encourage you to all visit https://reportfraud.ftc.gov/ and file a report.  This is selling a service that is not required and I cannot unsubscribe from the email.  I have filed a report but will probably hear nothing back.  If everyone annoyed does, maybe this money grab from unknowing small business owners, who are already burdened enough, will stop.

Anne16720
Level 3

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Perfect - I am so sick of this scam from QB and Security Metrics.  They continue to send "non-compliant" emails even though we have PCI compliance through another vendor.  And of course both QB and SM use a noreply email address so you can't even communicate back or unsubscribe.  I will file a complaint asap.

BW38
Level 1

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

How do I get the PCI Compliant Questionnaire?  I am a small business and do not have that many credit card transactions and do not want to pay for the service.  Thanks. 

SashaMC
Moderator

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Hello BW38,

 

Thank you for chiming in on the thread! As my colleague mentioned if your business receives or accepts payment card data you would have to be PCI Compliant. To do the questionnaire, you would need to sign up for the SecurityMetrics  which simplifies the PCI compliance validation process. Once done, you'll receive the self-assessment question in your email.

 

Here's how:

 

  1. Select the Sign-up, then fill out the information needed.
  2. Click Create Account, then follow the Intuit FastPass to determine your PCI compliance requirements.
  3. Select Next, then click the security package that best fits your business.

 

Please let me know if you have any other questions! I will be here to assist. Take care. 

Anne16720
Level 3

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

PCI Security Standards provides Self Assessment Questionnaires   Here's a link for one if all your transactions are outsourced. https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf  

I also saw a site that looked interesting - it say PCI compliance is free...but I have not used them https://pcifree.com/  You can check them out for more information if you don't want to go it alone.

 

Our company uses another vendor (NOT Security Metrics) We use PCI+ and we are happy with their services, they do charge an annual fee but it is not as high as Security Metrics.  I am not sure why Intuit is pushing their customers into Security Metrics.  That is disturbing, maybe they get a kick back??  I don't like that Intuit has shared our information with this company and then allow them to send NON COMPLIANT emails to customers who are compliant!  If Intuit is expecting all users of their payment services to be compliant they need to provide better understanding of the task (as I am doing!!)  And also allow customers who are compliant outside of Security Metrics to declare this and get off the non-compliant email list. 

 

Anne16720
Level 3

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

Really?  Again you are pushing Security Metrics as the answer to people's confusion!  Even giving instructions for them to sign up.  Some customers do not needs this for their compliance and there are other services that can do the same thing for less.  Those who totally outsource only need to complete a questionairre.  That costs nothing!!  The customers who have done PCI compliance without using Security Metrics need to have a way to let Intuit know so you stop bothering / threatening us.

I have reported this scam to FTC Fraud and would encourage others to do the same and maybe this misinformation will end.  https://reportfraud.ftc.gov/

 

Flexserve
Level 2

Is QB Self-Employed PCI compliant? Is Security Metrics a scam?

If you use QuickBooks servers to send invoices which have a payment link directly to QuickBook's web host, who's responsible?

 

100% - CC security liability rests on QuickBooks.

 

I do not take CC information through a payment gateway on my web company web host.

If we follow the ambigious answers given here they would have you believe that ANY DEVICE contacting their servers must be secure. However, in the case of invoicing and payments directly through QB's owned servers, their is absolutely no contact with any of my devices.

 

So following what they are IMPLYING is that any and ALL CUSTOMERS devices would have to be PCI complaint when they go to pay their invoices.

 

Since my devices do not touch the server for CC payment information and I do not see ANY details of the CC number, security code, name, or even address it sounds like to me that someone here needs to TRAIN their team.

 

 

Sign in for expert help
Ask questions, post replies & join our community of QuickBooks users.

Need to get in touch?

Contact us