Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
I just want to weigh in here because I am livid.
I have spent upwards of 3 hours on the phone trying to get an answer to this. The first two people I spoke with from QB told me that it was a phishing attempt and would not discuss PCI compliance. They insisted it was a scam. While I agreed that it indeed felt very scammy, it was consistent with what the QB website states, so I felt it was not likely to be a phishing email.
The next person I spoke with from Merchant Services told me verbally that I could ignore the emails, but I had nothing in writing to contradict QB's repeated claim that I'm not in compliance and therefore in breach of their TOS. She then told me that I could just upload my SAQ-A and AOC to a portal, and proceeded to send me the SecurityMetrics website. I explained that this was exactly what I was trying to avoid, and that it costs money. She insisted that it was free, (it's not). And then said, "Well if you won't listen to me then I'll send you a different link" and that link is literally a "how to sign up for SecurityMetrics" tutorial! *head-exploding emoji*
Seeing no ability to get clarity through QB, I called the SecurityMetrics folks who assured me that a 3rd party certification was required (of course). They offered me a "very special discounted price of $85." I asked what the basic QB customer discount price was, and surprise! $85. I laughed indignantly, and they offered me $50 instead since I was such a nice lady (I was not).
I finally just relented and paid the $50 to just be done with it, but I'm regretting that now since I can't find anything in the actual TOS that says 3rd party verification/certification is required. It just lists out the explicit requirements, all of which I'm already meeting because I do all my CC transactions through QB Payments.
Also, for extra icky measure, the SecurityMetrics guy told me that he knew another woman with my name and she was also "quite spicy." I feel absolutely disgusted and gross. I'm debating trying to cancel the charge since they bald-faced lied to me about needing a 3rd party certification.
Speaking of lying... the QB Payments landing page/marketing has this FAQ:
A: QuickBooks Payments requires application approval, but once you have an account, you don’t have to do anything else to take credit cards and bank transfers.
I added the emphasis, but this feels like false advertising if they truly are going to *force* you into paying a mandatory annual PCI compliance fee. I think a careful reading of the TOS shows that SecurityMetrics or any 3rd party fee is not actually required though. Simply doing business in alignment with the principles appears to be sufficient.
Something tells me this is a complete scam. Caution.
Second, who is responsible for writing these emails? They are doing an awful job. This should be extremely straightforward and someone should communicate it that way. Leave it to Intuit to write a very cryptic message about something you have to comply with and then give you no information. Pathetic.
Perhaps all of us disgruntled small business owners who feel that Intuit should be covering any PCI compliance matters should consider filing a class action lawsuit.
The Email that you received from Security Metrics is deceiving. QuickBooks does not require you to purchase Security Metrics products, regardless of what Security Metrics says. I had a long discussion with a rep in the Payments department about this. We do not have access to our clients payment options, we do not accept Credit Cards so we do not need this at all. I contacted Security Metrics to opt out and the rep sent a low key threatening email stating that they were going to report me to QB and insinuated that QB would fine our company for not purchasing their products.
I've had conversations with 2 QB reps about this and was advised that PCI compliance is NOT required at this time and since we do not have access to our clients credit cards or bank accounts that we do not need to be PCI compliant. I find it weird that Security Metrics are able to send out these emails almost threatening your clients that if they did not purchase SM products that QB would punish them by fining them.
This is not a good look for QB as there are definitely other options for accounting software
Hi I am going to upload what I received from Security Metrics and what I received from Qbooks. QBooks was very clear that this is not a requirement as of yet and since we do not have access to our clients payment options we do not need this. Security Metrics, of course says that it is a regulation.
[Re-attached screenshots with masked PII]
Neither does mine, but SM tells me that it is a requirement. QB says it's not and like you since we do not have access to our clients payment options, we will not be purchasing any SM products. I will switch to a different accounting software before doing that.
But Security Metrics told me one of the things they would do is to check my firewalls etc and that means I would give them access to my computer. lol I don't even let my kids have access to my computer. I 100% will not let a random person do it. That question in itself raised many red flags.
You do realize you’re not telling customers that they can be PCI compliant by completing other assessments. If you go to the security council’s website they have all of the necessary information.
After completing the worksheet on the security council’s website, I provided my completed information to Security Metrics proving I was PCI compliant and they stopped harassing me. I find your response very misleading and unprofessional. While I love Intuit products I’m tired of the price increases and the fact that Intuit doesn’t EVER offer a discount or refund when they make a horrible mistake. I have numerous support issues all acknowledged by Intuit and I will waste hours with support, follow up, yet it’s an engineering issue. Will I ever see a credit? No! I will just waste hours of my precious time that I could be spending on running my business. Intuit is buying too many products, increasing prices, forgetting about the accountant user, trying to get customers to go directly to them, and screwing up the products, and service in the meantime! Mistake after mistake!
Hi TNT2023, can you please tell me which specific worksheet you filled out on the Security Council website? They seem to have quite a few forms under the "Document Library" area.
I just received a “final reminder” email today, saying that it is a requirement by the Intuit Terms of Service for my business to be PCI compliant. I received it because I use quickbooks payments. Guess I’ll be switching to a different software if they turn off my account🤷🏻
Who sent you the email? Intuit or Security Metrics? I haven't received anything from Intuit stating I had to use Security Metrics to be PCI compliant. I am PCI Compliant, but I don't use Security Metrics. They did hound me until I showed them proof I was compliant. Then they literally disappeared. While I'm very disappointed in Intuit at the moment from subscription transfer issues to QB checking envelopes for autopayroll that do not work as described all the time, I think the Security Metrics has overstepped their boundaries unless Intuit has bought them out too and we now have to follow their rules. Until I see this, I'm listening to QB Payments rules and staying PCI compliant as I have been and will continue to do so. So I'm not leaving until they tell me to.
The email came from intuit themselves. It doesn’t state I have to use security metrics necessarily. But is there a reason you yourself need to be pci compliant? Do you store credit card info for your business?
I'll not be paying any complaint fees. Especially since I have no control over any of it. I don't keep cc#s on file. Done
What will happen to our payment account if the compliance is not completed?
I guess technically intuit can disable you from being able to accept credit cards. But I’ll wait for that to happen before I pay anything.
Hi there, @bestbookkeepernj, @LBenware. I'll share some details on what will happen if you fail to comply with the PCI Compliance.
Given the increasing number of cybercriminals nowadays, data security is more important than ever. Any company or organization that handles cardholder data, whether to process, store or transmit, must meet PCI compliance requirements. It is a set of rules that businesses must abide by in order to take credit cards. Additionally, it will help you manage, process, and safely store delicate credit card data.
As a merchant, you’re responsible for protecting payment card information and meeting PCI compliance requirements. Failure to comply could mean costly fines and audit costs. And if the card gets stolen, it could mean even more costs and restrictions. You may also need to spend on card re-issuance, acquirer and legal fees, and more.
For complete details, see these articles:
Moreover, Intuit has partnered with Security Metrics to streamline the PCI compliance validation process. Security Metrics charges an annual fee to merchants who are validating compliance for Intuit.
Please leave a comment below, if you have any additional inquiries regarding PCI Compliance. I'd be happy to assist. Stay safe.
Right, and that’s why I pay intuit a nice monthly fee to take care of that for me. They store the credit card, they see the info. I have nothing to do with it, and do not see nor store any data.
Will the account shutdown if the compliance is not done? When is the deadline?
I'm here to share additional details about PCI Compliance, bestbookkeepernj.
The process of becoming PCI-compliant doesn't have a specific deadline. It is an ongoing process that involves submitting Self-Assessment Questionnaires (SAQ) and passing the necessary scans on an annual basis. Hence, there's no recent update indicating that your account will be shut down for non-compliance.
However, please keep in mind that failing to achieve PCI compliance leaves your business vulnerable to costly attacks and data breaches. If this occurs while not being compliant, your business may face penalties and fines.
For more details about this, I recommend browsing these resources:
Additionally, I've added these articles that'll help you protect your business account and data from fraudulent activities:
Please keep us posted if you have any further questions or concerns about PCI and being compliant. It's our priority to ensure your data is protected.
I don't see where your question was even answered... "will they shut the account down?"
You have clicked a link to a site outside of the QuickBooks or ProFile Communities. By clicking "Continue", you will leave the community and be taken to that site instead.
For more information visit our Security Center or to report suspicious websites you can contact us here