@Metaphyz 

Any suggestions for a less conflicted software product for a small services company? 

I can recommend 3 accounting apps to explore. The real question is will you ready to buy a conversion service?

I agree. This kind of thing has me looking for another company to work with. Totally deceptive.

How do you show QB that you ARE PCI compliant without using Security Metrics. We have an outside company making sure we are protected and meet the necessary requirements as we are non-profit, but I have already gone through the process to the last step with Security Metrics.  Now they want to do a "vulnerability scan".  I don't know at this point what they are wanting to scan as we don't use a card reader or anything similar.  Only used QB online payments when in QuickBooks.

This is the email I received today.  Scare tactics at their finest.

Sean @ SecurityMetrics.  Hope you had a good holiday. When is a good time to talk today or tomorrow at the latest so your account doesn't get escalated to non-compliant | refused status? You are almost done. We need to get a compliance status update over to the processor/bank.

(801) 705-5674  - I can do this for you faster than online.

No reply is an eventual refusal. If you prefer online, below are copied links and instructions for how to complete this at securitymetrics.com. If you do it online, shoot me an email so I can double check and cross it off. 

Why are they harassing everyone so bad?  So utterly disgusting.  

Thank you all for this informative discussion and insights. I have been very stressed over Security Metrics harassment. I don't mind completing a questionnaire for Intuit, if need be. But with Security Metrics, you can't even pass 25% completion of the form without making your purchase option.

Like many of the folks on this thread, clients pay us via QB. I'm going to have Gmail mark Security Metrics as spam.

I just called Intuit and representative said it was a scam so they got me last year but not this year .

Stripe and Square dont do this to their customers

I had the same experience today on the chat with QB. Nico told me the same after much prodding. He said that the Security Metrics email is just a solicitation and that by using the QB software for the cc pymts we are already compliant and that we can just ignore it.

If you go to the PCI Security website it shows that the credit card companies are the ones who started the website. That totally explains the confusion.

I had the same sort of email:

When is a good time to talk today, or tomorrow at the latest, so your account can be reported to Intuit as compliant? 

This is the annual security requirement for all business owners who receive revenue via card transactions. Right now we show your status as registered but “Not Compliant” and in the emails that you received from Intuit QuickBooks it states, "As a part of the Intuit Terms of Service, it is required that your business is PCI compliant.".

If you are using “e-invoicing” as your primary payment method, please reply and let me know. The process is simplified when you don’t see or handle card data face-to-face.

Here are the steps to get your compliance status reported to Intuit…

• Answer a handful of self-guided questions online (or over the phone)

• Choose 1 of 3 PCI Compliance packages that best fits your payment method

• Complete your Self-Assessment Questionnaire (SAQ)

For your convenience, there are several ways you can fulfill the steps above:

1. Log in at www.securitymetrics.com  and complete it on your Customer Portal 

2. Reply to this email with any questions or a date and time I could call you

3. Call us @ 801.995.6400, we are located in Orem, Utah which is mountain time, and are available 6am-6pm M-F

Many merchants have questions about this process, and I am happy to answer any and all of those you may have. I am including a couple links below that could help you as well. You also should have received an email from Intuit (see attachment). 

Industry Resources - does this apply to me?

https://usa.visa.com/support/small-business/security-compliance.html#1 

https://listings.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf 

Intuit FAQs - what does Intuit say about all this?

https://quickbooks.intuit.com/learn-support/en-us/help-article/data-security/quickbooks-pci-service-faqs/L7ipNg7n9_US_en_US?uid=ln1wbr6a 

https://quickbooks.intuit.com/learn-support/en-us/help-article/data-security/explanation-pci-dss-compliance-services/L5tbibLub_US_en_US?uid=ln1wcdn4 

Best,

We also have a Stripe acct for certain customers. I just went to their website and with one click on the PCI compliance page, I have my SAQ report. Easy as pie.

Just for everyone's info......

I don't believe it's a completely legitimate company. I purchased the service recommended by Intuit. They stored my bank information and enrolled me in automatic payment for the second payment. When I logged into my account on their website, I realized that they don't give you access to your payment information. I also did not receive any explanatory email about this automatic payment. In the end, I had to call and have customer service send me an email confirming the deactivation of the automatic payment. What a disappointment. I'd screenshot shows a service expiring, not an automatic autopayment due coming.

[Removed]

I had to call

amex and have them cancel

it in disputes I hope it is resolved 

Hi Renae.  We've been scouring the earth for the right merchant processor, with the right features and capabilities, that will also at least provide options to pass-thru transaction fees.  Since you mentioned finding one, would you be kind enough to share the solution you found?  Many QBO threads have tons of people out there seeking the same, so you'd probably be helping a bunch more than just myself.  Much appreciated and all the best.  -Shawn, accounting

@Shawn_STLRWS 

Is your company B2B or B2C?

Security metrics is crap company like many other we think we need that Leget . That just want to suck your money out the cc account or bank . I change to intuit monthly subscription and using go payment app and reader being now mobile and it works and it still suck money out of my wallet . Per 500 dollar transaction 17 and 24 a month for intuit small business on line which downloads my bank and Amex account to track my spending . Take it they have no provision to separate fuel purchases and cost of goods I have to do that manually . 

B2B only

@Shawn_STLRWS 

If you are B2B, I can recommend one processor to integrate with QBO or QBD. You can accept payments for free with ACH, credit card and debit card. They are fully compliant with the PCI-DSS. They use a third-party card processor which is a certified Level 1 PCI Compliant Service Provider (the highest level), and don’t store any sensitive credit card information on their servers. 

Contact me in private and we share more details about them. You don't need to bother with this PCI Compliance issue any longer.

We are PCI compliant through Clover.

Where do I attached my certificate?

Hi there, @jmeyers2.

Since you're already PCI compliant outside QuickBooks, you don't need to attach the certificate, as proof isn't required currently.

Also, please know that as long as you have an active MID, you'll receive system-generated email notifications about the PCI DSS Compliance Services. You can however disregard them since you already are.

For more comprehensive information about PCI Compliance, feel free to visit these articles:
 

• PCI DSS Compliance Services
• Learn about QuickBooks PCI Service

You can add a Reply below if you have other questions related to PCI compliance or need assistance performing tasks inside the program. We'll be here to assist you anytime.

Now I am glad that we are moving away from "Go Payment".    Square has been so much easier to use. 

What in the world is going on here??  This "Intuit partner" is engaging in deceptive practices, threatening Intuit customers and lying about whether or not this is "required", and Intuit has allowed this to go on for OVER A YEAR???  

I demand to know why.  I almost filled all of this out.  It is posed as if it is a strict Intuit requirement and that if I don't do it, I won't be able to continue to accept credit cards.  This is OUTRAGEOUS!