if you never see or handle credit card data, you do not need to be PCI compliant; PCI compliance is only required for businesses that store, process, or transmit cardholder data, meaning if you don't interact with any credit card information, you are not subject to the PCI standards.

I am in the same situation.  Our company uses another service (NOT Security Metrics)  We are PCI compliant but continue to get these non-compliant notices via email from BOTH Security Metrics and QB.  Oh, QB says "if you're already compliant you can ignore this message"  Figure out a way to either let us upload our compliance documents or let us please opt out of these very disturbing and threatening emails.  PLEASE!!!

I tried talking to Intuit - 35 minutes later they are no help.  They will report you to SecurityMetrics as non-compliant.  But they say they have no way to let them know that you are compliant if you use a 3rd party vendor.  This is not right and actually will cause people to buy products from Security Metrics that they may not need out of fear or ignorance on the subject. 

If QB can report us as non-compliant then they have an obligation to let their "partner" know this is incorrect.  Otherwise your compliant customer receives a shake-down email from Security Metrics.  Not nice and makes me wonder how much commission Intuit makes from every new account they sign up with SM.  For anyone else feeling distress about this subject I highly recommend you file a fraud complaint with the FTC https://reportfraud.ftc.gov/  If enough people take action we may be able to get Intuit to care a little bit about the frustration they have caused their customers with this greed-motivated / scam / scare tactic. Thank you @DarixWiseman 

The worst part is they will not allow for self-assessment certifications. They make you go through a 3rd party, or you can be fined, charged more, etc.

To me the worst part is that we already have a 3rd party vendor for PCI compliance but both Intuit and Security Metrics flat out refuse to recognize them and mark us as compliant.  They like keeping us in the non-compliant status. So I can only assume this is so we inadvertently sign up with their partner and double pay!  This is not a fair system and the customer is being ignored ... someone is behind this to make more money.  Otherwise - fix it!!

I just want to know if this is absolutely required simply because we run credit cards.  This is an extra cost!

"I just want to know if this is absolutely required simply because we run credit cards.  This is an extra cost!"

@dgoldstein   If you accept Credit cards, it IS absolutely required.   The extra cost sucks, but it is better than being fined for not being compliant. 

You don't have to use Security Metrics, either. In fact, I recommend finding another company. We use the one that we go through for payment processing. 

Other companies are  nicer, more professional, and a lot cheaper than this one that QB insists on.  

Security Metrics are just a bunch of rip-offs and bullies.  

Most businesses taking credit cards are required by their merchant account vendors to be PCI compliant.  However, if your merchant provider does not assist with this then you have to do it yourself or use a 3rd party.  Basically all small business taking credit cards should do an annual self assessment questionnaire.  There are companies that do this for a pretty low cost.  And I see the best place to get general info and questions answered is pcifree.com  Not sure if it's really free...but they do give a lot of good information.   

If you ask me, it's like Intuit reporting to Staples that we haven't bought toner.  Their tactics are a complete scam, but I'm not worried. 

If you never see or handle credit card data, you do not need to be PCI compliant; PCI compliance is only required for businesses that store, process, or transmit cardholder data, meaning if you don't interact with any credit card information, you are not subject to the PCI standards.  All my credit card transactions are between my customers and QBO and Shopify.  I never even see their cards or information, so let them try to make me buy their BS compliance.  Not gonna do it. 

It would probably be best if Security Metrics indicated in their email that they are an official partner of Quickbooks. Or maybe this email should come from Quickbooks directly.