cancel
Showing results for 
Search instead for 
Did you mean: 
rthatcher
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

PCI compliance is a requirement from the credit card companies (Visa, MC and AMEX).  The US federal government has nothing to do with it.  There are no laws requiring PCI compliance.

Fiat Lux - ASIA
Level 15

Security Metrics sent an email for PCI compliance. Is this legit?

@Metaphyz 

Any suggestions for a less conflicted software product for a small services company? 

 

I can recommend 3 accounting apps to explore. The real question is will you ready to buy a conversion service?

Joannamann
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

I agree. This kind of thing has me looking for another company to work with. Totally deceptive.

bcran-4
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

How do you show QB that you ARE PCI compliant without using Security Metrics. We have an outside company making sure we are protected and meet the necessary requirements as we are non-profit, but I have already gone through the process to the last step with Security Metrics.  Now they want to do a "vulnerability scan".  I don't know at this point what they are wanting to scan as we don't use a card reader or anything similar.  Only used QB online payments when in QuickBooks.

alw4335
Level 2

Security Metrics sent an email for PCI compliance. Is this legit?

This is the email I received today.  Scare tactics at their finest.

 

Sean @ SecurityMetrics.  Hope you had a good holiday. When is a good time to talk today or tomorrow at the latest so your account doesn't get escalated to non-compliant | refused status? You are almost done. We need to get a compliance status update over to the processor/bank.

(801) 705-5674  - I can do this for you faster than online.

No reply is an eventual refusal. If you prefer online, below are copied links and instructions for how to complete this at securitymetrics.com. If you do it online, shoot me an email so I can double check and cross it off. 


Just_me
Level 11

Security Metrics sent an email for PCI compliance. Is this legit?

Why are they harassing everyone so bad?  So utterly disgusting.  

compliancequeen
Level 2

Security Metrics sent an email for PCI compliance. Is this legit?

Thank you all for this informative discussion and insights. I have been very stressed over Security Metrics harassment. I don't mind completing a questionnaire for Intuit, if need be. But with Security Metrics, you can't even pass 25% completion of the form without making your purchase option.

 

Like many of the folks on this thread, clients pay us via QB. I'm going to have Gmail mark Security Metrics as spam.

mechanicandy
Level 2

Security Metrics sent an email for PCI compliance. Is this legit?

I just called Intuit and representative said it was a scam so they got me last year but not this year .

jaKingdom
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

Stripe and Square dont do this to their customers

bahamabreeze
Level 3

Security Metrics sent an email for PCI compliance. Is this legit?

I had the same experience today on the chat with QB. Nico told me the same after much prodding. He said that the Security Metrics email is just a solicitation and that by using the QB software for the cc pymts we are already compliant and that we can just ignore it.

 

bahamabreeze
Level 3

Security Metrics sent an email for PCI compliance. Is this legit?

If you go to the PCI Security website it shows that the credit card companies are the ones who started the website. That totally explains the confusion.

 

Who are the founders of the PCI Security Standards Council?

The founders of the PCI Security Standards Council are American Express, Discover Financial Services, JCB, Mastercard, and Visa Inc.
 
November 2021
Article Number 1227
bahamabreeze
Level 3

Security Metrics sent an email for PCI compliance. Is this legit?

I had the same sort of email:

 

 

When is a good time to talk today, or tomorrow at the latest, so your account can be reported to Intuit as compliant? 

 

This is the annual security requirement for all business owners who receive revenue via card transactions. Right now we show your status as registered but “Not Compliant” and in the emails that you received from Intuit QuickBooks it states, "As a part of the Intuit Terms of Service, it is required that your business is PCI compliant.".

 

If you are using “e-invoicing” as your primary payment method, please reply and let me know. The process is simplified when you don’t see or handle card data face-to-face.

 

Here are the steps to get your compliance status reported to Intuit…

  • Answer a handful of self-guided questions online (or over the phone)

  • Choose 1 of 3 PCI Compliance packages that best fits your payment method

  • Complete your Self-Assessment Questionnaire (SAQ)

 

For your convenience, there are several ways you can fulfill the steps above:

  1. Log in at www.securitymetrics.com  and complete it on your Customer Portal 

  2. Reply to this email with any questions or a date and time I could call you

  3. Call us @ 801.995.6400, we are located in Orem, Utah which is mountain time, and are available 6am-6pm M-F

 

Many merchants have questions about this process, and I am happy to answer any and all of those you may have. I am including a couple links below that could help you as well. You also should have received an email from Intuit (see attachment). 

 

 

Industry Resources - does this apply to me?

https://usa.visa.com/support/small-business/security-compliance.html#1 

https://listings.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf 

Intuit FAQs - what does Intuit say about all this?

https://quickbooks.intuit.com/learn-support/en-us/help-article/data-security/quickbooks-pci-service-faqs/L7ipNg7n9_US_en_US?uid=ln1wbr6a 

https://quickbooks.intuit.com/learn-support/en-us/help-article/data-security/explanation-pci-dss-compliance-services/L5tbibLub_US_en_US?uid=ln1wcdn4 

 

Best,

Kevin Nguyen | Compliance Consultant

 

P: (801) 623-5683

bahamabreeze
Level 3

Security Metrics sent an email for PCI compliance. Is this legit?

We also have a Stripe acct for certain customers. I just went to their website and with one click on the PCI compliance page, I have my SAQ report. Easy as pie.

bahamabreeze
Level 3

Security Metrics sent an email for PCI compliance. Is this legit?

Just for everyone's info......

If you go to the PCI Security website it shows, in their FAQ section, that the credit card companies are the ones who started the website. That should explain the confusion on the matter. The card companies are have found a new money maker for themselves.

 

Who are the founders of the PCI Security Standards Council?

The founders of the PCI Security Standards Council are American Express, Discover Financial Services, JCB, Mastercard, and Visa Inc.
 
November 2021
Article Number 1227
STEEL-TOES
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

I don't believe it's a completely legitimate company. I purchased the service recommended by Intuit. They stored my bank information and enrolled me in automatic payment for the second payment. When I logged into my account on their website, I realized that they don't give you access to your payment information. I also did not receive any explanatory email about this automatic payment. In the end, I had to call and have customer service send me an email confirming the deactivation of the automatic payment. What a disappointment. I'd screenshot shows a service expiring, not an automatic autopayment due coming.

 

[Removed]

mechanicandy
Level 2

Security Metrics sent an email for PCI compliance. Is this legit?

I had to call

amex and have them cancel

it in disputes I hope it is resolved 

Shawn_STLRWS
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

Hi Renae.  We've been scouring the earth for the right merchant processor, with the right features and capabilities, that will also at least provide options to pass-thru transaction fees.  Since you mentioned finding one, would you be kind enough to share the solution you found?  Many QBO threads have tons of people out there seeking the same, so you'd probably be helping a bunch more than just myself.  Much appreciated and all the best.  -Shawn, accounting

4Gal
Level 11

Security Metrics sent an email for PCI compliance. Is this legit?

@Shawn_STLRWS 

Is your company B2B or B2C?

mechanicandy
Level 2

Security Metrics sent an email for PCI compliance. Is this legit?

Security metrics is crap company like many other we think we need that Leget . That just want to suck your money out the cc account or bank . I change to intuit monthly subscription and using go payment app and reader being now mobile and it works and it still suck money out of my wallet . Per 500 dollar transaction 17 and 24 a month for intuit small business on line which downloads my bank and Amex account to track my spending . Take it they have no provision to separate fuel purchases and cost of goods I have to do that manually . 

Shawn_STLRWS
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

B2B only

Fiat Lux - ASIA
Level 15

Security Metrics sent an email for PCI compliance. Is this legit?

@Shawn_STLRWS 

If you are B2B, I can recommend one processor to integrate with QBO or QBD. You can accept payments for free with ACH, credit card and debit card. They are fully compliant with the PCI-DSS. They use a third-party card processor which is a certified Level 1 PCI Compliant Service Provider (the highest level), and don’t store any sensitive credit card information on their servers. 

 

Contact me in private and we share more details about them. You don't need to bother with this PCI Compliance issue any longer.

jmeyers2
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

We are PCI compliant through Clover.

Where do I attached my certificate?

LouiseG
QuickBooks Team

Security Metrics sent an email for PCI compliance. Is this legit?

Hi there, @jmeyers2.

 

Since you're already PCI compliant outside QuickBooks, you don't need to attach the certificate, as proof isn't required currently.

 

Also, please know that as long as you have an active MID, you'll receive system-generated email notifications about the PCI DSS Compliance Services. You can however disregard them since you already are.

 

For more comprehensive information about PCI Compliance, feel free to visit these articles:
 

 

You can add a Reply below if you have other questions related to PCI compliance or need assistance performing tasks inside the program. We'll be here to assist you anytime.

CHCHCH
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

Now I am glad that we are moving away from "Go Payment".    Square has been so much easier to use. 

Jim11141
Level 1

Security Metrics sent an email for PCI compliance. Is this legit?

What in the world is going on here??  This "Intuit partner" is engaging in deceptive practices, threatening Intuit customers and lying about whether or not this is "required", and Intuit has allowed this to go on for OVER A YEAR???  

 

I demand to know why.  I almost filled all of this out.  It is posed as if it is a strict Intuit requirement and that if I don't do it, I won't be able to continue to accept credit cards.  This is OUTRAGEOUS!

Sign in for expert help
Ask questions, post replies & join our community of QuickBooks users.

Need to get in touch?

Contact us