These instructions don't work at all for QB Desktop.  Can you provide the directions for Desktop so we can provide our current PCI compliance that was not done with Security Metrics?  Believe it or not, there are other companies that do PCI compliance for less that Security Metrics.  I just want to update our QB profile so we no longer get the non-compliance threatening emails on this subject.  

Let me route you to the best support who can update your QuickBooks profile for PCI Compliance, Anne16720.

Since you already have PCI Compliance services with a company other than SecurityMetrics, I recommend contacting our Merchant Services team to provide this information. Please see the QuickBooks Desktop with Payments section in this article on how to do so: Contact Payments Support.

Additionally, if you wish to learn more about PCI DSS Compliance Services, check out this article: Payment Card Industry Data Security Standard Compliance Services.

We'll be glad to have you back in the Community if you have other PCI Compliance concerns or issues about managing payment transactions in QuickBooks Desktop. Just click the Reply button, and we'll be ready to help you.

I followed the link you provided with a contact phone number of 800-446-8848.  I am now on hold for over 10 minutes.  Now I am told I have to be transferred to Merchant Services....still on hold.  This is why I resisted contacting anyone about this.  You guys are seriously wasting my time. 

Total garbage.  After 35 minutes on the phone the best answer is for me is to ignore these messages.  This is not right. 

If QB is reporting their customers to their partner "Security Metrics" as not compliant - then you need to find a way that we can assert our compliance and stop the shake down emails.   This is meant to confuse and scare folks who do not know much about PCI compliance. Plus every email is from a noreply address. 

Here are the exact words in the email sent by Security Metrics.  

We are Intuit's PCI Compliance partner. You should have received an email recently from Intuit regarding this matter.

and in bold type --> Currently you are not being reported as "Compliant", but we can help with that.

This scenario is for taking payments from an e-mailed invoice FROM QUICKBOOKS to the QUICKBOOKS servers for payment: (Their email system; their host)

The answers QB employees have posted here are AMBIGIOUS as it can get. They state that if you use their "Quickbooks CC payment" plan you need to be PCI. Every answer here has been side stepping the actual question: If my customers only pay for invoices through YOUR QB web site why do I need to be complaint?

Since no customer Credit Card information is being taken by any other DEVICE besides QB web server.

It absolutely makes NO SENSE to be PCI compliant for this scenario. 

So in the case of any device touching their server, that would mean EVERY CUSTOMER whom uses ANY DEVICE to contact the QB server would have to be PCI certified. See? Makes absolutely no sense. The LIABILITY of security is 100% on QB. So if they are speaking PURELY of their Credit Card payment processon their site, then go with 3rd party vendors such as PAYPAL and STRIPE and SQUARE, whom you do NOT have to be PCI compliant to use.

This scare tactic is going to cost them as I turned OFF their CC payment systems and activated 3rd party ones ON the QB site. Meaning, all transactions go through vendors that are NOT applying penalty fees for non-compliance. The best method now is to STOP all QB payment processes and let them feel the heat for this scam. No more taking a percentage of the money I EARN for NOTHING. TURN OFF QB CC PROCESSING NOW.

huge. thank you. 

thank you. I'm about 1 email or cold call away from cancelling QB from all this harassment and confusion. 

Hey Flexserve, thanks a lot for the info you provided. Thankfully after some serious stressing out on my part about 4 months ago, I was told about this nonsense and to ignore it. I did that and the rare few customers who have needed to pay using a credit card through my emailed invoice to them haven't had an issue making their payment, but your comment is kind of freaking me out... I haven't looked at my payment portal for a while and never heard anything about getting charged a "non compliance" fee... Are you saying they are charging a fee on top of the standard 3.5% or whatever and calling it a "non compliance fee"? I'm definitely logging on and checking my payments now, but that would be infuriating!

" I haven't looked at my payment portal for a while and never heard anything about getting charged a "non compliance" fee... Are you saying they are charging a fee on top of the standard 3.5% or whatever and calling it a "non compliance fee"?

The non-compliance fee is if you're NOT PCI compliant. It has nothing to do with other fees associated with credit card processing. 

I am getting messages from Security Metrics that I am not PCI compliant.  How do they know this?  We only use QuickBooks online through a secure VPN with only their payment sysem, do not accept or store credits cards onlline, just through the QB payment system where the customer received a secure link.  

This push for Security Metrics may violate terms that would be eligable for a class action suit.  I will be filling out my own questionnaire and follwing up.

That didn't answer the question. You just canned responded with the same thing from your initial posting!

With Stripe, Paypal and a number of providers, you are able to complete the SAQ directly and submit for compliance. What Quickbooks has done is partnered with Security Metrics and is trying to tell us we have to pay in order to get compliance (even though your emails say we don't have to use Security Metrics, you sure don't give us any other details regarding options or methods of obtaining and submitting compliance to you). 

I get partnerships can be lucrative for both sides, heck, all businesses use them to profit, but when you make it a core aspect of what we have to do to use your product the way it was intended, then you're forcing us to give your "friends" money just so they can hand some of it back to you.

And since many people use Quickbooks directly (especially the online version) where they send out invoices and the client/customer pays it themselves and Quickbooks is the one handling all the card information and security and we the end user don't have access to the full card data.... the aspect of compliance becomes COMPLETELY on Intuit! Unless we're taking cards by phone and manually keying them in, or using the POS system for swiping/tapping cards.... then we don't have any access to card information, so if that fits your business (like it does mine) then why should I have to spend more to use your system? And why can't you provide a self-assesment directly (like Stripe and Paypal do), or at least give me a place to upload the self-assesment available from the PCI Security Standards Council at )https://www.pcisecuritystandards.org/documents/SAQ_A_v3.pdf so that you could see I have no direct access or handling of the full secured data and as such am compliant.

And of course we're doing to trust YOUR compliance, since Intuit handles everything from payment processing to coporate and individual taxes to email marketing platforms (Mailchimp) these days.

EXACTLY! What's worse is that Security Metrics auto debited $85 out of our business checking account without us having done or signed anything and I operate the same exact way that you described above. No POS and never take card info in person or over the phone, not EVER.

 I had someone tell me not to worry about the threatening emails because they didn't apply given how I use the emailed invoices etc., and suddenly I see a debit out of my account from Security Metrics..... no idea how, why or how many times they have/will do this - or - what the he** to do from here...

I have absolutely NO time at all to be jumping through hoops trying to deal with it either, so I'm really hoping soomeone here can help and give real answers/clarity.

Thanks!

After getting barraged with emails from Security Metrics to Comply, I closed all my Quickbooks Online accounts and switched to PayPal…

Agree - QB/Intuit always read to sell you something and cause you to pay more, but just some good info - hard to come by.

The PCI DSS Security Council does not regulate the compliance, they just set the standards.  The BankCards require the compliance.

Intuit/Quickbooks needs to find a better response to this issue.  $195 is stupidly impossible for a small business that ONLY takes credit cards through the e-invoice.  And the Merchant Account website is run through QB, and I can tell you with as little as my clients use the e-invoice, they would probably prefer to cancel their account than continue to pay exorbitant fees on each transaction as well as this compliance.  And as the one that convinced them to sign-up QB Payments, I can tell you that I will not ever do that again.

basically doesn't matter what you answer you will have to pay for them doing nothing just another subscription just like QuickBooks itself to keep water cooler hang outees employed when they don't add much to the final bottom line. Now with A.I. they are on borrowed time. Now because of another b.s. plea for yearly money of mine. My hard-earned money that I leave a desk and perform a hard physical service. But I guess the keyboard crowd don't understand what that takes to do that and not hide behind a keyboard in a cubical hellscape. And you milk us because your over lords (big investors) want more because they think they are intitled to what I've earned because why? So, for someone that deems me uncompliant because they have some type of virus protection than. Who does checks on this security metrics company. I now want to cancel my QuickBooks payments account. they tried and did sell me on the connivence excepting online payments and enticed me with the Fary tail percentages of the all the time and money I would be saving. made it look as if it would pay for itself ha. My butt it does. It's been absolutely a disaster like apocalyptic disaster. First transaction went to wrong account I shrugged it off as my fault user error. Second that was a real cluster beep, and you know what goes next. They put it on hold, I assumed like a bank account 72 hours max. They asked for more info than they needed which I provided then the no name, no face, the anonymous person that is over your account. You can't speak to said person so no matter what they could be having a bad day, and you would never know. Could have broken up with their other person and if your name matches the gender well you could be paying for it and not reaping and of the rewards but a person like that, I'd say the space is the reward. But after requesting the intrusive info. "it" asked for more any personal accounts etc. No way none of their business. So, when I took an actual stand and said enough is enough I was punished for it. And how I know this is because of their reasoning they needed proof that my transactions warrant basically prove that the accounts info I gave them prove that those invoices are common which I gave them the business account and if they wouldn't have been mean they would clearly see this same client has wrote 2 checks earlier about 2 weeks apart both for more than the transaction needing to be approved. For a small business having 7 grand held for a month hurt and almost destroys a small company eventually they cleared it. But they still took their pay for as far as I'm concerned didn't earn it. Did QuickBooks do anything to alleviate the situation. Heck no they should have refunded there charge and a payment loan I was stupid to accept still charged me a late fee when it was them that caused the late fee and that's the problem with not having someone to turn to about your case always a 3rd party they look at you as just a number not a human being so they don't take in to consideration what is this doing to a person's life. and for all the money they get from me I realize the service is trash. When all I freaking needed was an invoicing software for on the go and now with a little bit of time Im able to setup my own. and so, what I can't accept cc or online payment who cares been doing this for 7 years and only 2 cc purchases which were beyond not worth it. And also, reason for all the questions the main reason is to ask you how much you make without say hey how much you make so I can make what you have to pay a percent that you will not kick or disturb the water. but as high as I can for the bogus pci bs. So, when we get sued for being hacked, we don't pay for it you do that's exactly what it is for. Now like to see how long this stays where others can see because I am not the only one with their eyes open.

Right there with you and I'm going to share my experience and thoughts basically doesn't matter what you answer you will have to pay for them doing nothing just another subscription just like QuickBooks itself to keep water cooler hang outees employed when they don't add much to the final bottom line. Now with A.I. they are on borrowed time. Now because of another b.s. plea for yearly money of mine. My hard-earned money that I leave a desk and perform a hard physical service. But I guess the keyboard crowd don't understand what that takes to do that and not hide behind a keyboard in a cubical hellscape. And you milk us because your over lords (big investors) want more because they think they are intitled to what I've earned because why? So, for someone that deems me uncompliant because they have some type of virus protection than. Who does checks on this security metrics company. I now want to cancel my QuickBooks payments account. they tried and did sell me on the connivence excepting online payments and enticed me with the Fary tail percentages of the all the time and money I would be saving. made it look as if it would pay for itself ha. My butt it does. It's been absolutely a disaster like apocalyptic disaster. First transaction went to wrong account I shrugged it off as my fault user error. Second that was a real cluster beep, and you know what goes next. They put it on hold, I assumed like a bank account 72 hours max. They asked for more info than they needed which I provided then the no name, no face, the anonymous person that is over your account. You can't speak to said person so no matter what they could be having a bad day, and you would never know. Could have broken up with their other person and if your name matches the gender well you could be paying for it and not reaping and of the rewards but a person like that, I'd say the space is the reward. But after requesting the intrusive info. "it" asked for more any personal accounts etc. No way none of their business. So, when I took an actual stand and said enough is enough I was punished for it. And how I know this is because of their reasoning they needed proof that my transactions warrant basically prove that the accounts info I gave them prove that those invoices are common which I gave them the business account and if they wouldn't have been mean they would clearly see this same client has wrote 2 checks earlier about 2 weeks apart both for more than the transaction needing to be approved. For a small business having 7 grand held for a month hurt and almost destroys a small company eventually they cleared it. But they still took their pay for as far as I'm concerned didn't earn it. Did QuickBooks do anything to alleviate the situation. Heck no they should have refunded there charge and a payment loan I was stupid to accept still charged me a late fee when it was them that caused the late fee and that's the problem with not having someone to turn to about your case always a 3rd party they look at you as just a number not a human being so they don't take in to consideration what is this doing to a person's life. and for all the money they get from me I realize the service is trash. When all I freaking needed was an invoicing software for on the go and now with a little bit of time Im able to setup my own. and so, what I can't accept cc or online payment who cares been doing this for 7 years and only 2 cc purchases which were beyond not worth it. And also, reason for all the questions the main reason is to ask you how much you make without say hey how much you make so I can make what you have to pay a percent that you will not kick or disturb the water. but as high as I can for the bogus pci bs. So, when we get sued for being hacked, we don't pay for it you do that's exactly what it is for. Now like to see how long this stays where others can see because I am not the only one with their eyes open.