Why am I getting emails about pci compliance. I only take payments with quickbooks

I appreciate you taking the time to express your concerns, @jkoenzuraida. Let me provide information about why you're getting emails about PCI compliance.

To start with, Intuit has a PCI service provider to help our QuickBooks Payments subscribers meet Data Security Standard (DSS) compliance requirements. If you've set up a QuickBooks Payments account to link with QuickBooks Self-Employed with SecurityMetrics, you'll have to complete its FastPass. This compliance is necessary if you purchase the PCI package from SecurityMetrics, which is why they charge a fee for the service.

In addition, you'll also need to complete Self-Assessment Questionnaires (SAQ) and set up your scans. You should also receive email instructions. If you haven't received email instructions, you can find more details about PCI compliance and your roles in this article: Learn about QuickBooks PCI Service.

To learn more about  PCI data security standard compliance services, check this article:

• Learn about the PCI DSS Compliance services.

Please let me know if you have any follow-up questions about PCI compliance, @jkoenzuraida. I'll be more than happy to answer them.

@jkoenzuraida   It's totally because QB doesn't want to pay it, so they are trying to force it's customers to pay it instead.  If you HAVE to be PCI compliant, use a different company, NOT the one that QB is partnered with.  They are as shady and horrible as QB is.  

Does this apply to non-profits and companies that have low credit card usage?

Let me shed you some confirmation about the PCI Compliance, @kcharleskc.

Yes, PCI Compliance applies to all businesses, including non-profit merchants, that meet the security standards established by the PCI Security Standards Council.

Since the merchant will collect information from your customers when they make card payments, PCI compliance is mandatory as long as the company receives or accepts any card.

To learn more about PCI compliance, here's an article for you to check out: Learn about QuickBooks PCI Compliance.

I'll be here if you still have questions about your payments. Have a great day.

If I only use Intuit's GoPayment on my phone, no other Intuit products.  for maybe a hundred CC transactions a year, why would I need to purchase a PCI compliance package?

Even with minimal GoPayment transactions, prioritizing PCI compliance is essential for protecting your business and ensuring compliance with industry regulations. Let me share more about this data security requirement.

All businesses that handle credit or debit card transactions are required to comply with PCI DSS, regardless of transaction volume. It includes small businesses using mobile payment solutions like GoPayment. While the necessary level of compliance may vary based on transaction volume, the fundamental need for compliance remains.

To gain a comprehensive understanding of QuickBooks PCI compliance and the Payment Card Industry Data Security Standard (PCI DSS), I highly recommend exploring this informative article: Learn about the PCI DSS Compliance services.

This resource delves into the essential requirements, best practices, and tools necessary to ensure your business meets the rigorous standards set forth by the PCI Security Standards Council.

Furthermore, I’m pleased to share these valuable resources designed to help you effectively manage your payments through the QuickBooks GoPayment app. These guides will empower you to streamline your payment processes and enhance your overall customer experience:

• Void a payment with the GoPayment app
• Process payments in the GoPayment app
• Accept customer payments using the GoPayment app

I'm here to help with questions or concerns about QuickBooks Payment Card Industry Data Security Standard (PCI DSS) compliance. Let me know by commenting down below. I'm dedicated to ensuring that your experience is both satisfying and secure.

I've spoke with SecurityMetrics regarding this.  I only run GoPayment on a single cell phone.  I do not know if GoPayment stores the whole CC number and CCV info.  At minimum they want me to purchase an $85 basic plan and a $10 phone scan, plus tax I would assume.  Seems that no one can tell me if what GoPayment stores by default is of actual concern or not.  So I feel like I'm just being fleeced for something that will actually do nothing.  Kevin at SecurityMetrics recommended that if I feel that way, I should just stop taking CC as payment.

Seems like Intuit may have lots of clients just using GoPayment.  Shouldn't there be a better definition of what is or is not required for just something that simple?  Intuits own description of what happens when your purchase a plan is quite vague.  Buy it and start a scan.  Really?  What exactly is being scanned and for what?  I certainly don't need one more scanning utility on my phone. 

QBO is passing the buck. They are already collect a high percentage of each sale, much higher if I went independent. They need to include PCI in their "CLOUD" database storage and pay for it themselves!

   I am looking for alternatives to QBO, sick of their ways.

Dos each processor i have need to be separate PCI compliant (as if i use Go Payment and chase for accepting CC) ? If not, could i send in my PCI compliance certificate from the other processor, and avoid using the company recommend by intuit to avoid the charges they have ? , or could i just stop my account w/ Go Payment, as i had almost not used it ?

I acknowledge that you seek guidance with PCI compliance in QuickBooks Online (QBO), PCI. I want to ensure that you will be guided accordingly.

Yes, if you are already a compliant with another company, there's no need to submit again to Security Metrics. However, it's important to ensure that each processor you use is PCI-compliant.

On the other hand, you can consider discontinuing your Go Payment if you frequently use it. This could help you to avoid unnecessary fees and streamline your payment processing setup.

Furthermore, check out PCI Compliance FAQs for guidance on meeting compliance requirements effectively.

Additionally, you can check this article to learn how to accept online payments: Receive and process payments.

Let us know in the comment section if you have further questions about PCI compliance. I'm here to lend a hand.

I'm still interested in receiving answers to the "specific" questions I asked above.  The resources listed by QB do not actually answer my questions.   Telling me that it's "Still a good idea" to purchase a plan, does not tell me what the plan is actually going to do that with mitigate risk.  If however, what I'm being told is that the plan functions as a general PCI liability shield from, then ok, I guess.  But I would ask that I be told that and not the continued run around.  Please? 

This is confusing, you used this phrase: 

Even with minimal GoPayment transactions, prioritizing PCI compliance is a proactive measure that protects your business from potential threats and ensures compliance with industry regulations.

Must I pay or not is the only real question to be answered.  I do not require all the links.  I want Intuit to tell me, if a user of their "GoPayment" mobile utility MUST purchase a minimal $85 + $10 phone scan every year to accomplish what is REQUIRED.  I am not a lawyer, a simple Yes you must or nope your good is what I'm looking for.  You may always contact me directly

Thanks for the prompt response, Only. Allow me to chime in on this thread to clarify your queries regarding whether a user of the GoPayment mobile utility is required to purchase a specific amount.

Yes, indeed Merchants are required to pay a fee for PCI compliance to safeguard customer payment card data. All merchants accepting credit and debit card payments must adhere to PCI compliance as outlined in the Merchant Agreement, specifically in the Data Security (PCI Compliance); Payor/Cardholder Personal Information section. However, if you don't use QuickBooks Payments for credit card transactions, you are not required to follow PCI DSS regulations or pay associated fees.

Additionally, you can refer to these articles concerning Intuit's collaboration with Security Metrics and get answers to commonly asked queries about the PCI DSS Compliance Services in QuickBooks:

• PCI DSS Compliance Security Metrics FAQ.
• Intuit and Security Metrics partnership.

If you require additional assistance or have further inquiries regarding PCI compliance in QuickBooks Self-Employed, please feel free to leave a comment on this thread. We remain available to provide any necessary help or support you may need. Stay safe!

I appreciate the feedback.

However, you talked in a circle.

At one point you stated this:

"Yes, indeed Merchants are required to pay a fee for PCI compliance to safeguard customer payment card data." 

Then you followed with this:

However, if you don't use QuickBooks Payments for credit card transactions, you are not required to follow PCI DSS regulations or pay associated fees.

I really would like someone to answer the specific question and not just cut and paste the usual narrative.

I use only "GoPayment" on my phone.  Does this application have holes in it that are of PCI concern, for which I "MUST" purchase the PCI Compliance Package.  It really is a very simple question.

Hi. I can share more details about your specific question regarding PCI compliance.

PCI compliance is essential even if you don't process credit card transactions since you still have a Merchant account that provides login access. It's necessary to ensure you have adequate safeguards established and a plan in place to respond promptly if your login or merchant account is compromised.

Additionally, visit the PCI Compliance FAQs for helpful tips on how to meet compliance requirements successfully. 

Furthermore, you can generate a report to get an overview of your business.

You can post a reply if you have further questions about PCI or need assistance with QuickBooks-related inquiries. I'm available to respond promptly.

Why does  my client have to be pci compliant when they do not accept credit card payments?

They only accept ACH transactions thru the QB Link

Kim

So, just to be clear.

In order to utilize any of the Intuit tools to facilitate Credit Card payments, I will have an Intuit login/password, Which I do.

At the absolute minimum of the PCI requirement stack, I am required to be PCI compliant because that account may get hacked. Therefore, I am required to purchase the $85 + $10 + tax package.

Have I summarized the previous response correctly?  (Yes/No) 

Please refrain from extra commentary, Just Yes or No.

Anything in addition, will only fuel my frustration with the absolute benign info war that is being thrown at all of the users of your CC payment products.

Yes, you're right. You'll need to be PCI-compliant even if you only use Intuit's GoPayment service. Let's discuss your options below.

Since Intuit has partnered with Security Metrics to streamline the PCI compliance validation process, you can purchase a package with them. To know how to create an account and proceed with the specifics, refer to this article: Learn about the PCI DSS Compliance Services.

On the other hand, you can also opt to look for a third party outside QuickBooks and be compliant with them. Once done, you won't need to pass any certification as Intuit doesn't require it for now. You'll just have to disregard the message.

Moreover, you can visit this article for future reference about managing invoice: Create invoices in QuickBooks Self-Employed.

Please post a response if you have clarifications about PCI compliance or other QuickBooks-related queries. We're always here to help you. 

Finally, 

Thank you,

You're always welcome, @Only-GoPayment.

I'm glad that your concerns are addressed by my colleague, GebelAlainaM above.

Please know that it's always our top priority to respond to your queries promptly to get you back to business seamlessly. You can be confident that we'll remain committed to providing the highest level of support.

Moreover, I've added this reference for more insights about the PCI DSS Compliance: Learn about the PCI DSS Compliance Services.

I'm still all ears if you have other concerns with PCI compliance. I'd be glad to assist you. Take care always. 

I think the question was misinterpreted the intent of the questioner.

If the only payment / card / account information is payments only processed through QB; as a QB customer with no access to account data why is an Intuit affiliated third party service required for compliance? 

Is Quickbooks Online not a PCI SSC validated product or solution?

if is:

Which standard was it validated?

What is the PCI-SSC Listing reference number?

As a long time customer: Quicken 1990, and then through Desktop, then Enterprise Desktop and now QB online 2024: Finding a new provider for accounting, invoicing and payments processing has found my to do list. email invoicing message failures + the PCI compliance runaround complimented by support ambivalence.

Great concept: punish the customer

The only method I use to receive payment is through the "PAYMENT LINK" option on Quickbooks online, which send the customer a link for payment, like an invoice via e-mail.  I never see a customer credit card.  I never process a card physically.  I send the "payment link" to the customer, and they pay it online.  

Is PCI compliance still necessary, if the only information I keep in my database is the customer name and date of purchase?  I used to use square in the same way and no compliance was necessary, but now it seems like Quickbooks is really pushing for me to do this compliance.  So, is it necessary?

Thanks for joining the conversation, @LeonardoG.

Yes, PCI compliance is necessary even if you only keep the customer's name and date of purchase in your database. All merchants who accept payments are required to follow PCI Standards to ensure data security, as mandated by the PCI Security Standards Council.

To learn more about it, check out this link: QuickBooks PCI Compliance 

Moreover, you may visit this article to learn how to accept online payments: Receive and process payments. Then, generate a report to have a quick overview of your business.

If you have any further questions or concerns about PCI compliance or managing customer payments, let me know by leaving a comment below, @LeonardoG. I'd be happy to lend a hand.