i keep getting these emails about PCI compliance from securitymetrics does anyone know if they are legit. is the PCI something i can do through quickbooks?

It sounds like you have received a concerning email regarding PCI compliance, and it's completely valid to want clarity about it, gabrielvirtualassistant. Let us provide information about why you're getting emails about PCI compliance.

All businesses that handle credit or debit card transactions are required to comply with PCI DSS, regardless of transaction volume. While the necessary level of compliance may vary based on transaction volume, the fundamental need for compliance remains. To learn more about QuickBooks PCI compliance and the Payment Card Industry Data Security Standard (PCI DSS), you can check out this article: Learn about the PCI DSS Compliance services.

Also, the PCI Security Standards Council created the PCI DSS Standard to protect customer payment card data from suspicious actions sufficiently. Choosing not to use the PCI service will cause no disruptions to your QuickBooks business. However, any company that handles cardholder data, whether to process, store, or transmit, must meet PCI compliance requirements to ensure that payments are safe and secure. 

In this case, we suggest contacting our QuickBooks Payment Support Team. They can provide further details about the PCI compliance service and how it works. They'll also check your subscription for any add-on PCI Service fee.

Additionally, you can check this article to learn how to accept online payments: Receive and process payments.

You can add a Reply below if you have other questions about PCI compliance or need assistance performing tasks in QBO. We'll be here to assist you anytime.

What if I already have a service I pay to monitor my system and be sure I am compliant? I don't want to pay SecurityMetrics if I already have this service. But their website says I show as non-compliant; and when I "click" to "correct" the problem, I am taken to a page to purchase their service. In the past, one of my clients was non-compliant and paid $19.99 per month because of it. I do not want to pay $19.99 extra per month and I do not want to pay SecurityMetrics for a service I already have.

Yes, you could get fined if you don't follow PCI rules, hotmissy314. You'll want to reach out to our support team for answers.

Although Intuit has partnered with SecurityMetrics to meet PCI requirements, you're not limited to this platform alone for compliance solutions. Since you already have another service, I recommend contacting SecurityMetrics Support to clarify the status and explain your existing service. This way, you can also determine if SecurityMetrics is required, or you may need to submit proof to update the status and prevent charges.

To know more about PCI DDS compliance, please see this article: Learn about QuickBooks PCI DSS Compliance Services.

If you have other concerns about your QuickBooks account, please don't hesitate to let me know in the comments below. I'll gladly help. Take care.

This answer is insufficient. It appears that QuickBooks has partnered with SecurityMetrics, a company that is telling every customer they are not compliant. When people are asking questions in the QuickBooks community forum (even where they have already paid for the PCI service), QuickBooks is simply telling them how to pay again. With this level of 'expertise', I would not trust QuickBooks or SecurityMetrics to do anything other than take money (with or without merit).

Message for QuickBooks: To truly help your customers, you need to be more transparent about what is legally required and what you are trying to sell to people.

Actual obligation for merchants: 
While PCI DSS compliance isn't a legal requirement mandated by government legislation, it is essentially enforced through contractual agreements with payment card companies like Visa, Mastercard, and others. Merchants and service providers who handle cardholder data are contractually obligated to comply with PCI DSS. Failure to comply can result in significant financial penalties, reputational damage, and loss of business.

PCI Security Standards Council has guidance for merchants on their website.
Go to PCI security standards (dot) org (slash) merchants