Where to submit filled our PCI to Quickbooks

Thanks for reaching out to the Community, WilliamK.

I appreciate you wanting to submit a copy of your PCI documents to Intuit, but can confirm you won't need to send any copies to QuickBooks.

When you choose to set up PCI Services with SecurityMetrics, you'll initially create an account with them. After creating one, you can complete their FastPass and purchase a PCI package that best suits your needs. From here, you'll complete an SAQ and be able to set up the necessary scans.

You can learn more about PCI Compliance in our Learn about QuickBooks PCI Compliance article.

Please don't hesitate to send a reply if there's any additional questions. Have a wonderful Thursday!

I did not say, "I chose to set up PCI Services with SecurityMetric." Please do not refer to this.

To clarify the question:

I filled out the form Self-Assessment Questionnaire A.

Please confirm if it needs be submitted to you or not. If so, where?

Thanks

Hey there, @WilliamK. 

Thanks for coming back and adding some details about your issue. 

To clarify, please provide us with answers to the questions below: 

• Where did you fill out the form?
• Do you accept payments for your business?

This will help us determine what steps you need to take to get this resolved. I'll be waiting for your response! 

Where did you fill out the form?

From https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf

Do you accept payments for your business?

Only payments for credit cards are from Quickbooks Online invoices invoices that customers enter through Intuit system.

No Credit cards onsite, no credit cards stored, No POS system, No touching of credit cards. Just Quickbooks Online.

Thank You

Thanks for following up with the Community, WilliamK.

I'd recommend checking with our QuickBooks Payments team to see if they need any PCI documentation from you. They'll be able to pull up your account in a secure environment and discuss this with you.

They can be reached while you're signed in.

Here's how:

1. Use the Help (?) icon.
   
   
    
2. Click Contact Us.
   
   
    
3. Enter a description of your situation in the What can we help you with? field, then hit Let's talk.
   
   
    
4. Select Start messaging or Get a call.
   
   

Be sure to review their support hours so you'll know when agents are available.

I'll be here to help if there's any questions. Have a wonderful Thursday!

Yes, I need to be PCI compliant.

My question remains unanswered:

I filled out the form Self-Assessment Questionnaire A.

Please confirm if it needs be submitted to you or not. If so, where? <--- This is the question

Hi, @WilliamK. I'm here to address your query about submitting the Self-Assessment Questionnaire.

Once you're done with the assessment, you can contact the Security Metrics Support for submission. 

Here's how:

1. Access this link: https://www.securitymetrics.com/portal/app/ngsm/pcidss/intuit.
2. Select Contact Us, then Contact Support.
3. Fill out the form and click Submit for them to contact you.
4. You can also reach them via phone call or email (contact number and email address posted in the page). 

You can also reach out to other companies that can verify your compliance form. 

Furthermore, for guidance on effectively meeting compliance requirements, you can visit PCI Compliance FAQs.

If you have additional questions about submitting your Self-Assessment Questionnaire, post them below. We'll be here to respond and provide the best solution to help you achieve your goal. Have a good one.

Why do you keep ignoring the question

I did not say, "I chose to set up PCI Services with SecurityMetric." Please do not refer to this.

To clarify the question:

I filled out the form Self-Assessment Questionnaire A.

Please confirm if it needs be submitted to you or not. If so, where?

Or is it just kept on file?

Thanks for checking back in, @WilliamK.

Once the Self-Assessment questionnaire has been completed, you’ll receive a confirmation of your compliance, usually in the form of a certificate. Make sure to save a copy for your records. If required by your bank or payment processor, provide them with a copy of your PCI compliance certificate.

If you don’t see any PCI compliance-related options or need further assistance, you can contact QuickBooks Payments support for clarification on your status and next steps. You can use the link I'm including below to connect with our Payments Team directly.

• Contact Payments Support

Please don't hesitate to let me know if you have any additional questions or concerns about this process. Take care! 

The only person asking for PCI compliance is QuickBooks. We do not do any other credit card transactions.

It is my understanding after making calls to a couple organizations now. 

Since we are already PCI-compliant outside Intuit, we don't need to be compliant via SecurityMetrics as long as cardholder information and authentication data are protected.

Using the form from https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf confirms we are compliant

Quickbooks doesn't need to retain this form unless there had a breach or Common Point of Purchase inquiry.

You can confirm this by calling the PCI Standards group (https://www.pcisecuritystandards.org/contact_us/) and picking '1' once the messaging starts. 

We will keep our self assessment on file and review annually.

Is any of this incorrect?

I have the same question, and the push to use their partner service rather than help the customer with a simple answer is pretty shady.