cancel
Showing results for 
Search instead for 
Did you mean: 
erica34
Level 1

SecurityMetrics Intuit Basic PCI Compliance

I just want to weigh in here because I am livid.

 

I have spent upwards of 3 hours on the phone trying to get an answer to this. The first two people I spoke with from QB told me that it was a phishing attempt and would not discuss PCI compliance. They insisted it was a scam. While I agreed that it indeed felt very scammy, it was consistent with what the QB website states, so I felt it was not likely to be a phishing email.

 

The next person I spoke with from Merchant Services told me verbally that I could ignore the emails, but I had nothing in writing to contradict QB's repeated claim that I'm not in compliance and therefore in breach of their TOS. She then told me that I could just upload my SAQ-A and AOC to a portal, and proceeded to send me the SecurityMetrics website. I explained that this was exactly what I was trying to avoid, and that it costs money. She insisted that it was free, (it's not). And then said, "Well if you won't listen to me then I'll send you a different link" and that link is literally a "how to sign up for SecurityMetrics" tutorial! *head-exploding emoji*

 

Seeing no ability to get clarity through QB, I called the SecurityMetrics folks who assured me that a 3rd party certification was required (of course). They offered me a "very special discounted price of $85." I asked what the basic QB customer discount price was, and surprise! $85. I laughed indignantly, and they offered me $50 instead since I was such a nice lady (I was not).

 

I finally just relented and paid the $50 to just be done with it, but I'm regretting that now since I can't find anything in the actual TOS that says 3rd party verification/certification is required. It just lists out the explicit requirements, all of which I'm already meeting because I do all my CC transactions through QB Payments.

 

Also, for extra icky measure, the SecurityMetrics guy told me that he knew another woman with my name and she was also "quite spicy." I feel absolutely disgusted and gross. I'm debating trying to cancel the charge since they bald-faced lied to me about needing a 3rd party certification. 


Speaking of lying... the QB Payments landing page/marketing has this FAQ: 

 

Q: Do I have to sign up separately to accept credit cards and bank transfers?

A: QuickBooks Payments requires application approval, but once you have an account, you don’t have to do anything else to take credit cards and bank transfers. 

 

I added the emphasis, but this feels like false advertising if they truly are going to *force* you into paying a mandatory annual PCI compliance fee. I think a careful reading of the TOS shows that SecurityMetrics or any 3rd party fee is not actually required though. Simply doing business in alignment with the principles appears to be sufficient.  

NATSLLC
Level 2

SecurityMetrics Intuit Basic PCI Compliance

Something tells me this is a complete scam. Caution. 

NATSLLC
Level 2

SecurityMetrics Intuit Basic PCI Compliance

Second, who is responsible for writing these emails? They are doing an awful job. This should be extremely straightforward and someone should communicate it that way. Leave it to Intuit to write a very cryptic message about something you have to comply with and then give you no information.  Pathetic. 

Designva1
Level 2

SecurityMetrics Intuit Basic PCI Compliance

Perhaps all of us disgruntled small business owners who feel that Intuit should be covering any PCI compliance matters should consider filing a class action lawsuit. 

SJ3351
Level 3

SecurityMetrics Intuit Basic PCI Compliance

The Email that you received from Security Metrics is deceiving. QuickBooks does not require you to  purchase Security Metrics products, regardless of what Security Metrics says.  I had a long discussion with a rep in the Payments department about this.  We do not have access to our clients payment options, we do not accept Credit Cards so we do not need this at all.  I contacted Security Metrics to opt out and the rep sent a low key threatening email stating that they were going to report me to QB and insinuated that QB would fine our company for not purchasing their products.

SJ3351
Level 3

SecurityMetrics Intuit Basic PCI Compliance

I've had conversations with 2 QB reps about this and was advised that PCI compliance is NOT required at this time and since we do not have access to our clients credit cards or bank accounts that we do not need to be PCI compliant.  I find it weird that Security Metrics are able to send out these emails almost threatening your clients that if they did not purchase SM products that QB would punish them by fining them.

 

This is not a good look for QB as there are definitely other options for accounting software

SJ3351
Level 3

SecurityMetrics Intuit Basic PCI Compliance

Hi I am going to upload what I received from Security Metrics and what I received from Qbooks.  QBooks was very clear that this is not a requirement as of yet and since we do not have access to our clients payment options we do not need this.  Security Metrics, of course says that it is a regulation.

 

 

[Re-attached screenshots with masked PII]

SJ3351
Level 3

SecurityMetrics Intuit Basic PCI Compliance

[Re-attached screenshots with masked PII]

#2

SJ3351
Level 3

SecurityMetrics Intuit Basic PCI Compliance

From 
Quickbooks

 

[Re-attached screenshots with masked PII]

SJ3351
Level 3

SecurityMetrics Intuit Basic PCI Compliance

Neither does mine, but SM tells me that it is a requirement.  QB says it's not and like you since we do not have access to our clients payment options, we will not be purchasing any SM products.  I will switch to a different accounting software before doing that.  

SJ3351
Level 3

SecurityMetrics Intuit Basic PCI Compliance

Same here.  Below is what was sent to me by a QB Payments Rep.  See Attached

 

[Re-attached screenshots with masked PII]

 
birtaneedscoffee
Level 2

SecurityMetrics Intuit Basic PCI Compliance

But Security Metrics told me one of the things they would do is to check my firewalls etc and that means I would give them access to my computer.  lol I don't even let my kids have access to my computer.  I 100% will not let a random person do it. That question in itself raised many red flags. 

TNT2023
Level 2

SecurityMetrics Intuit Basic PCI Compliance

You do realize you’re not telling customers that they can be PCI compliant by completing other assessments. If you go to the security council’s website they have all of the necessary information.

After completing the worksheet on the security council’s website, I provided my completed information to Security Metrics proving I was PCI compliant and they stopped harassing me. I find your response very misleading and unprofessional. While I love Intuit products I’m tired of the price increases and the fact that Intuit doesn’t EVER offer a discount or refund when they make a horrible mistake. I have numerous support issues all acknowledged by Intuit and I will waste hours with support, follow up, yet it’s an engineering issue. Will I ever see a credit? No! I will just waste hours of my precious time that I could be spending on running my business. Intuit is buying too many products, increasing prices, forgetting about the accountant user, trying to get customers to go directly to them, and screwing up the products, and service in the meantime! Mistake after mistake! 

victor_sp
Level 2

SecurityMetrics Intuit Basic PCI Compliance

Hi TNT2023, can you please tell me which specific worksheet you filled out on the Security Council website?  They seem to have quite a few forms under the "Document Library" area.

LBenware
Level 3

SecurityMetrics Intuit Basic PCI Compliance

I just received a “final reminder” email today, saying that it is a requirement by the Intuit Terms of Service for my business to be PCI compliant. I received it because I use quickbooks payments. Guess I’ll be switching to a different software if they turn off my account🤷🏻‍ definitely not interested in giving their “partner” extra money on top of the monthly fee I already pay. 

TNT2023
Level 2

SecurityMetrics Intuit Basic PCI Compliance

Who sent you the email? Intuit or Security Metrics? I haven't received anything from Intuit stating I had to use Security Metrics to be PCI compliant. I am PCI Compliant, but I don't use Security Metrics. They did hound me until I showed them proof I was compliant. Then they literally disappeared. While I'm very disappointed in Intuit at the moment from subscription transfer issues to QB checking envelopes for autopayroll that do not work as described all the time, I think the Security Metrics has overstepped their boundaries unless Intuit has bought them out too and we now have to follow their rules. Until I see this, I'm listening to QB Payments rules and staying PCI compliant as I have been and will continue to do so. So I'm not leaving until they tell me to.

LBenware
Level 3

SecurityMetrics Intuit Basic PCI Compliance

The email came from intuit themselves. It doesn’t state I have to use security metrics necessarily. But is there a reason you yourself need to be pci compliant? Do you store credit card info for your business?

2 Sharp Rob
Level 1

SecurityMetrics Intuit Basic PCI Compliance

I'll not be paying any complaint fees. Especially since I have no control over any of it. I don't keep cc#s on file. Done everything else for compliance falls on Intuit. I've been through this junk before work other CC processors which is why I went with intuit to begin with. I'm not paying that. I'll stop takeing CC all together. No problem. 

bestbookkeepernj
Level 1

SecurityMetrics Intuit Basic PCI Compliance

What will happen to our payment account if the compliance is not completed?

LBenware
Level 3

SecurityMetrics Intuit Basic PCI Compliance

I guess technically intuit can disable you from being able to accept credit cards. But I’ll wait for that to happen before I pay anything. 

JoesemM
Moderator

SecurityMetrics Intuit Basic PCI Compliance

Hi there, @bestbookkeepernj, @LBenware. I'll share some details on what will happen if you fail to comply with the PCI Compliance.

 

Given the increasing number of cybercriminals nowadays, data security is more important than ever. Any company or organization that handles cardholder data, whether to process, store or transmit, must meet PCI compliance requirements. It is a set of rules that businesses must abide by in order to take credit cards. Additionally, it will help you manage, process, and safely store delicate credit card data.

 

As a merchant, you’re responsible for protecting payment card information and meeting PCI compliance requirements. Failure to comply could mean costly fines and audit costs. And if the card gets stolen, it could mean even more costs and restrictions. You may also need to spend on card re-issuance, acquirer and legal fees, and more.

 

For complete details, see these articles:

 

 

Moreover, Intuit has partnered with Security Metrics to streamline the PCI compliance validation process. Security Metrics charges an annual fee to merchants who are validating compliance for Intuit.

 

Please leave a comment below, if you have any additional inquiries regarding PCI Compliance. I'd be happy to assist. Stay safe.

LBenware
Level 3

SecurityMetrics Intuit Basic PCI Compliance

Right, and that’s why I pay intuit a nice monthly fee to take care of that for me. They store the credit card, they see the info. I have nothing to do with it, and do not see nor store any data. 

bestbookkeepernj
Level 1

SecurityMetrics Intuit Basic PCI Compliance

Will the account shutdown if the compliance is not done?  When is the deadline?

CharleneMaeF
QuickBooks Team

SecurityMetrics Intuit Basic PCI Compliance

I'm here to share additional details about PCI Compliance, bestbookkeepernj.

 

The process of becoming PCI-compliant doesn't have a specific deadline. It is an ongoing process that involves submitting Self-Assessment Questionnaires (SAQ) and passing the necessary scans on an annual basis. Hence, there's no recent update indicating that your account will be shut down for non-compliance.

 

However, please keep in mind that failing to achieve PCI compliance leaves your business vulnerable to costly attacks and data breaches. If this occurs while not being compliant, your business may face penalties and fines.

 

For more details about this, I recommend browsing these resources:

 

 

Additionally, I've added these articles that'll help you protect your business account and data from fraudulent activities:

 

 

Please keep us posted if you have any further questions or concerns about PCI and being compliant. It's our priority to ensure your data is protected.

marcycpa
Level 3

SecurityMetrics Intuit Basic PCI Compliance

I don't see where your question was even answered... "will they shut the account down?"

Sign in for expert help
Ask questions, post replies & join our community of QuickBooks users.

Need to get in touch?

Contact us