PCI I don't keep any cust cc data

I appreciate you taking the time to share this concern in the Community, MichaelOD. I'm here to provide information about QuickBooks Payment Card Industry Data Security Standard (PCI DSS) compliance.

All businesses or service providers that store, process, or transmit payment card data are required to comply with the data standard, regardless of their size or the amount of annual payment card transactions.

While Intuit products are PCI compliant, you also need to validate that your business handles payment card data safely through PCI compliance certification. 

Furthermore, the use of QuickBooks Payments services doesn’t mean you’re already PCI compliant. With this, we partnered with SecurityMetrics, a leading PCI service provider, to help you meet your requirements. They charge an annual fee to merchants who are validating compliance with Intuit. This program includes Threat Prevention Tools and Card Data Breach protection.

If you have any concerns or inquiries about Intuit's policies and the fees related to PCI compliance, I suggest reaching out to our QuickBooks Payments Support Team. To do so, please log in to your QBO account, click on the Help menu, and select Contact us for further assistance.

You may want to check out these articles to learn more about PCI DSS Compliance Services: 

• Learn about the PCI DSS Compliance Services
• Learn about QuickBooks PCI Service

If you have other concerns about PCI DSS or follow-up questions, please feel free to add a comment below. I'm always ready to help. Take care, and I wish you continued success.

Well that's just it, I don't store process or transmit data, you do.  Any credit card data is entered by my customer into your pay online program and if in person, it's an iPhone running your app.  If intuit is storing those numbers, or doing whatever with them, great, you be compliant.  It's kind of like a forklift operators license.  I don't have a forklift.  I don't need the license.  So how do I opt out, since I do not store, process or transmit card data?

I heard your sentiments regarding opting yourself out from complying with QuickBooks Payment Card Industry Data Security Standard (PCI DSS), @MichaelOD.

Since the Community is a public forum, we’re unable to provide such details about removing or providing exemptions to the compliance mentioned above. Thus, I recommend contacting our Customer Care Team. Our support will be able to see available options or assist you further in achieving the following.

Here’s how:

1. Sign in to your QuickBooks Online account.
2. Click the Help button.
3. In the QuickBooks Assistance chat box, select Talk to a human and or tap the Contact Us button at the bottom.
4. Then, type in your reason for contacting us in the What can we help you with? Box and click Continue.
5. From there, choose a way to connect with us: Chat with us, get a Callback, or call our support line directly by getting our Phone number.

Additionally, refer to this article for other options when contacting them. You can also scroll down to the bottom to see their support schedules and hours: QuickBooks Online Support.

Let me know if you have more concerns with any QuickBooks-related concerns. I’ve always got your back. Stay safe!

"All businesses or service providers that store, process, or transmit payment card data are required to comply with the data standard, regardless of their size or the amount of annual payment card transactions."

I do not store, process or transmit payment data. That is why I pay you.  For those of us that do not "store, process or transmit payment card data," this is just a money grab and pure theft. Your crappy program has already caused me to lose quite a bit of money (over the annual cost of renting this garbage) since you cannot handle basic accounting. Now, you want to steal even more money from me. How special. 

So I contacted support over this issue and was told (basically) so sad, too bad. 

Really? Well guess what QBO, I just got a new CC Processor and Bank. Try to extort money out of me? We'll see. Will be transitioning off of QB Checking and going with an honest vendor. 

My understanding is that if you organization accepts credit cards as a payment method, then it must be PCI DSS compliant, even if it is not handling the collection, processing, and storage of the protected cardholder data.

That being said, depending on size and circumstances, many small companies qualify for self assessment. Check out the various SAQs to see which one applies to you. If you only accept card-not-present transactions, all processing is outsourced, you don't electronically store, process, or transmit, etc. - most likely SAQ-A. SAQ-A requires you only meet 2 out of 12 of the compliance requirements. You can fill it out on your own, instead of using (and paying) a Qualified Security Assessor. 

That being said, all of our transactions go through three different processors - Intuit, Stripe and PayPal. I haven't looked into PayPal yet, but for Stripe, the merchant needs to only answer a few questions and then based on your answers, Stripe generates the SAQ-A for the merchant. 

"If you only accept card-not-present transactions, all processing is outsourced, you don't electronically store, process, or transmit, etc. - most likely SAQ-A. SAQ-A requires you only meet 2 out of 12 of the compliance requirements. You can fill it out on your own, instead of using (and paying) a Qualified Security Assessor."

This is not an option offered. It is simply "pay these people over here or else." We, under no circumstances, would ever have a "on hands" transaction. There is no e-commerce, no POS and no purpose for obtaining a CC from a client. In fact, CC's are only accepted as a convenience for our clients. I would prefer not to take them at all. 

That being said, and from dealing with my new processor, they will take care of that for me. I may pay 0.02% higher for my transaction, but they at least understand how to take care of the people that contribute to their paychecks. Intuit is a garbage company. Can't wait to be rid of them completely. 

Don't misunderstand my message. I am in no way promoting Intuit, or supporting the position they are taking relating to PCI DSI compliance. Just sharing some of the research I've done on my own instead of blindly following the steps they are telling me to take, and paying another third party to do the SAQ for me. Additionally, sharing that Stripe generates the SAQ on behalf of its customers, rather than taking a position that customers have to pay another third party for a discount - because hey, I appreciate this and kudos for to Stripe for taking care of its customers...

I went with square and they do the same. I am washing my hands of QB.