These instructions don't work at all for QB Desktop.  Can you provide the directions for Desktop so we can provide our current PCI compliance that was not done with Security Metrics?  Believe it or not, there are other companies that do PCI compliance for less that Security Metrics.  I just want to update our QB profile so we no longer get the non-compliance threatening emails on this subject.  

Let me route you to the best support who can update your QuickBooks profile for PCI Compliance, Anne16720.

Since you already have PCI Compliance services with a company other than SecurityMetrics, I recommend contacting our Merchant Services team to provide this information. Please see the QuickBooks Desktop with Payments section in this article on how to do so: Contact Payments Support.

Additionally, if you wish to learn more about PCI DSS Compliance Services, check out this article: Payment Card Industry Data Security Standard Compliance Services.

We'll be glad to have you back in the Community if you have other PCI Compliance concerns or issues about managing payment transactions in QuickBooks Desktop. Just click the Reply button, and we'll be ready to help you.

I followed the link you provided with a contact phone number of 800-446-8848.  I am now on hold for over 10 minutes.  Now I am told I have to be transferred to Merchant Services....still on hold.  This is why I resisted contacting anyone about this.  You guys are seriously wasting my time. 

Total garbage.  After 35 minutes on the phone the best answer is for me is to ignore these messages.  This is not right. 

If QB is reporting their customers to their partner "Security Metrics" as not compliant - then you need to find a way that we can assert our compliance and stop the shake down emails.   This is meant to confuse and scare folks who do not know much about PCI compliance. Plus every email is from a noreply address. 

Here are the exact words in the email sent by Security Metrics.  

We are Intuit's PCI Compliance partner. You should have received an email recently from Intuit regarding this matter.

and in bold type --> Currently you are not being reported as "Compliant", but we can help with that.

This scenario is for taking payments from an e-mailed invoice FROM QUICKBOOKS to the QUICKBOOKS servers for payment: (Their email system; their host)

The answers QB employees have posted here are AMBIGIOUS as it can get. They state that if you use their "Quickbooks CC payment" plan you need to be PCI. Every answer here has been side stepping the actual question: If my customers only pay for invoices through YOUR QB web site why do I need to be complaint?

Since no customer Credit Card information is being taken by any other DEVICE besides QB web server.

It absolutely makes NO SENSE to be PCI compliant for this scenario. 

So in the case of any device touching their server, that would mean EVERY CUSTOMER whom uses ANY DEVICE to contact the QB server would have to be PCI certified. See? Makes absolutely no sense. The LIABILITY of security is 100% on QB. So if they are speaking PURELY of their Credit Card payment processon their site, then go with 3rd party vendors such as PAYPAL and STRIPE and SQUARE, whom you do NOT have to be PCI compliant to use.

This scare tactic is going to cost them as I turned OFF their CC payment systems and activated 3rd party ones ON the QB site. Meaning, all transactions go through vendors that are NOT applying penalty fees for non-compliance. The best method now is to STOP all QB payment processes and let them feel the heat for this scam. No more taking a percentage of the money I EARN for NOTHING. TURN OFF QB CC PROCESSING NOW.

huge. thank you. 

thank you. I'm about 1 email or cold call away from cancelling QB from all this harassment and confusion. 

Hey Flexserve, thanks a lot for the info you provided. Thankfully after some serious stressing out on my part about 4 months ago, I was told about this nonsense and to ignore it. I did that and the rare few customers who have needed to pay using a credit card through my emailed invoice to them haven't had an issue making their payment, but your comment is kind of freaking me out... I haven't looked at my payment portal for a while and never heard anything about getting charged a "non compliance" fee... Are you saying they are charging a fee on top of the standard 3.5% or whatever and calling it a "non compliance fee"? I'm definitely logging on and checking my payments now, but that would be infuriating!

" I haven't looked at my payment portal for a while and never heard anything about getting charged a "non compliance" fee... Are you saying they are charging a fee on top of the standard 3.5% or whatever and calling it a "non compliance fee"?

The non-compliance fee is if you're NOT PCI compliant. It has nothing to do with other fees associated with credit card processing. 

I am getting messages from Security Metrics that I am not PCI compliant.  How do they know this?  We only use QuickBooks online through a secure VPN with only their payment sysem, do not accept or store credits cards onlline, just through the QB payment system where the customer received a secure link.  

This push for Security Metrics may violate terms that would be eligable for a class action suit.  I will be filling out my own questionnaire and follwing up.

That didn't answer the question. You just canned responded with the same thing from your initial posting!

With Stripe, Paypal and a number of providers, you are able to complete the SAQ directly and submit for compliance. What Quickbooks has done is partnered with Security Metrics and is trying to tell us we have to pay in order to get compliance (even though your emails say we don't have to use Security Metrics, you sure don't give us any other details regarding options or methods of obtaining and submitting compliance to you). 

I get partnerships can be lucrative for both sides, heck, all businesses use them to profit, but when you make it a core aspect of what we have to do to use your product the way it was intended, then you're forcing us to give your "friends" money just so they can hand some of it back to you.

And since many people use Quickbooks directly (especially the online version) where they send out invoices and the client/customer pays it themselves and Quickbooks is the one handling all the card information and security and we the end user don't have access to the full card data.... the aspect of compliance becomes COMPLETELY on Intuit! Unless we're taking cards by phone and manually keying them in, or using the POS system for swiping/tapping cards.... then we don't have any access to card information, so if that fits your business (like it does mine) then why should I have to spend more to use your system? And why can't you provide a self-assesment directly (like Stripe and Paypal do), or at least give me a place to upload the self-assesment available from the PCI Security Standards Council at )https://www.pcisecuritystandards.org/documents/SAQ_A_v3.pdf so that you could see I have no direct access or handling of the full secured data and as such am compliant.

And of course we're doing to trust YOUR compliance, since Intuit handles everything from payment processing to coporate and individual taxes to email marketing platforms (Mailchimp) these days.

EXACTLY! What's worse is that Security Metrics auto debited $85 out of our business checking account without us having done or signed anything and I operate the same exact way that you described above. No POS and never take card info in person or over the phone, not EVER.

 I had someone tell me not to worry about the threatening emails because they didn't apply given how I use the emailed invoices etc., and suddenly I see a debit out of my account from Security Metrics..... no idea how, why or how many times they have/will do this - or - what the he** to do from here...

I have absolutely NO time at all to be jumping through hoops trying to deal with it either, so I'm really hoping soomeone here can help and give real answers/clarity.

Thanks!

After getting barraged with emails from Security Metrics to Comply, I closed all my Quickbooks Online accounts and switched to PayPal…

Agree - QB/Intuit always read to sell you something and cause you to pay more, but just some good info - hard to come by.