Thank you for posting your question in the Community forum, @Tim208. SecurityMetrics is Intuit’s partner that provides PCI compliance services to help cover the broader PCI requirements beyond what QuickBooks alone covers. They’re contacting you because you process or may process card payments through QuickBooks, and staying compliant across your entire payment environment is important.
PCI DSS is a set of 12 security requirements designed to protect card data for anyone who processes, stores, or transmits card information. QuickBooks is listed as PCI compliant, but true PCI compliance depends on your entire payment environment, not just one product. If other apps, devices, or data flows aren’t compliant, your overall PCI posture may not be fully compliant. Intuit offers SecurityMetrics services to help cover those additional areas, with fees and annual renewals.
Here are the items included in Intuit’s PCI program with SecurityMetrics:
- Threat prevention tools: vulnerability scans, mobile scans, and SecurityMetrics scans.
- Card data protection: a PCI service warranty of up to $100,000.
- Training: security training to help protect against phishing and other threats.
You can also check this article for additional information: Learn about QuickBooks PCI DSS Compliance Services.
I appreciate your questions and want to make sure you feel confident moving forward. If there’s a particular risk or scenario you’re concerned about, please let me know, and I’ll respond promptly to any follow-up questions you have.
