cancel
Showing results for 
Search instead for 
Did you mean: 
ddb281
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Why do I need to pay for PCI compliance through a third party when QB handles all my cc transactions and I don’t touch CC at all?
40 Comments 40
IrizA
QuickBooks Team

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

I understand the confusion you have about PCI compliance, ddb281. Let me explain and share some information about it.

 

In QuickBooks, merchants who process, handle, transmit, or store credit card data are required to be PCI compliant. The emails you're receiving from PCI aim to inform you about the necessary PCI compliance standards for merchant services. 

 

While Intuit handles your credit card transactions through e-invoices, PCI compliance provides resources where merchants can obtain security and compliance services. It's important for all businesses that accept credit card payments to maintain PCI compliance to ensure the security of sensitive financial information. 

 

Additionally, Intuit has partnered with SecurityMetrics, a leading PCI service provider, to help you meet the requirements.  It's important to note that SecurityMetrics charges an annual fee to merchants validating compliance for Intuit. 

 

You can visit this article to learn more about PCI compliance: 

 

 

If you have further concerns or questions about PCI compliance and its relation to your specific situation with QuickBooks Online, please feel free to comment below. We're here to assist you.

Just_me
Level 11

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

According to QB own website & information, You don't have to go through the Compliance thing. 
 
As stated STRAIGHT from QB, "Do you have to be PCI compliant with QuickBooks?
Merchants who process, handle, transmit, or store credit card data are required to be PCI compliant."
 
If you aren't the one that is processing the credit cards, then YOU don't have to be compliant.  QB does.  If you, for any reason, take credit cards at your location, then you would need to be compliant.  IF you do need to be compliant, there are other companies you can use. IT would benefit you and your company to use a company that isn't involved with QB at all like Security Metrics is.  They are horrible to deal with and are bullies.  
We use a different company... 
 
 
BLS4315
Level 2

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Can you share what company you do use, if not SecurityMetrics?

wildworks
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

It seems ridiculous that we have to pay an ADDITIONAL fee to another company when we are paying for you to process these things. Is there a way for us to directly submit the SAQ form? (Otherwise, I will be discontinuing using Quickbooks as a payment platform. I am already using other 3rd party processors who do not harass me for this like Securitymetrics.) This seems like an undisclosed fee that you are requiring users to pay in order to utilize your services, unless there is another way for us to submit it.

LuisDRamirez
Level 2

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Does everyone who accepts credit card payments have to subscribe to Securymetrics services?

 

Just_me
Level 11

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

@LuisDRamirez , You do NOT have to use Security Metrics.  There are plenty of other companies that do it, and WON'T bully or belittle you. They are cheaper, too. 

I don't know the name of the one that we use here.  I will try to find out, though. 

I think it's through our CC processor... that ISN'T QB.  

ZackE
Moderator

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Thanks for joining the Community and getting involved with this thread, LuisDRamirez.

 

Intuit partners with SecurityMetrics to help businesses using our QuickBooks Payments services meet PCI requirements.

 

The program includes:
 

  • Threat prevention tools to simplify your PCI compliance process and better defend customers card data. This includes vulnerability/mobile scans and SecurityMetric PANscans, which make it easier to identify unencrypted card data and prevent a breach.
  • Card data breach protection for up to $100,000 premium service warranty. To qualify for this benefit, enroll in the program that offers the warranty. You should also be up-to-date on service fees.

 

Currently there's no other options Intuit provides for PCI compliance. SecurityMetrics will be the only available option if you're using a QuickBooks Payments account. Outside of Intuit, all merchants that accept credit and/or debit cards are required to follow PCI DSS Standards.

 

I've also included a couple detailed resources about working with SecurityMetrics which may come in handy moving forward:
 

 

Please don't hesitate to send a reply if there's any additional questions. Have a lovely Tuesday!

Shift_CO
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Joining the conversation here - I do NOT process any credit card payments, take credit card numbers, store information, etc. as this is all handled through QB invoices which are paid directly to QB.  Why would I need to have a third party to subscribe to, in this case shouldn't I could on QB as being PCI compliant because they are the ones accepting, processing, and storing the information?

 

RoseJillB
QuickBooks Team

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Allow me to dive into this thread to address your concerns in QuickBooks Payments, @Shift_CO.

 

Consumers with active payment accounts are required to comply with QuickBooks Payment Card Industry Data Security Standard (PCI DSS) compliance. This is a global card brand requirement to protect customers and their businesses from cardholder data breaches. 

 

The data standard must be followed by any business or service provider that stores, processes, or transmits payment card data, regardless of their size or the amount of annual payment card transactions. 

 

Regardless if you don’t store credit card information, as long as you process or take payments from your customer with QuickBooks Payments, then you’re required to comply with the security measures implemented by Intuit.

 

You might find these articles helpful to learn more about PCI DSS Compliance Services:

 

 

If there are any other queries you would like to address regarding PCI DSS or if you have any further inquiries, please do not hesitate to leave a comment below. I am always at your service to assist. Stay well!

SteveKEC
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Since this is contrary to the advice I received a year ago and seems to contradict both the Intuit TOS and research I did by making a lot of phone calls last year, I'd like to speak to a representative about this instead of getting the chat post. 

 

Who can I call?

ddb281
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

This just seems like a scam to me. I have no secure data because I never handle the credit card. That is all done by QuickBooks. I don’t even put in the info, it’s all done by the customer on intuits site. I have no business network to security test because I don’t have a brick and mortar sight. Everything I process is done via my phone, except cc transactions which I don’t do at all. This just makes no sense. Why am I paying QB for the service if they can’t isolate me and prevent this additional extortion of fees?

jeanbiverly_
QuickBooks Team

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Let me share some insights about QuickBooks Compliance, @SteveKEC and @ddb281.

 

If you're processing, handling, transmitting or storing credit card data in QuickBooks, it's important to be PCI compliant. The emails you're getting from PCI are meant to inform you about the necessary standards for merchant services.

 

While Intuit handles credit card transactions through e-invoices, PCI compliance offers resources that can help you obtain security and compliance services. It's essential for any business that accepts credit card payments to maintain PCI compliance to ensure the security of sensitive financial information. For your reference, visit: Learn about QuickBooks PCI Compliance and Learn about the PCI DSS Compliance Services.

 

If you need further guidance, you can contact our support team. They have the proper tools and resources to address your concerns. Here's how:

 

  1. Sign in to your QuickBooks Online company.
  2. Choose Help (?) at the top right.
  3. Select or type Contact Us.
  4. Enter your concern, then click Let's talk.
  5. Choose a way to connect with us.

 

Please note that support is available Monday through Friday, from 6 AM to 6 PM Pacific Time. Additionally, you can visit the QuickBooks Payments FAQ page to review a list of articles that can help you with the most commonly asked questions. 

 

If there's anything else related to QuickBooks Payments you need help with, feel free to leave a reply. We're always here to assist in any way we can. 

syringaboutiquei
Level 2

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

The canned response just smacks of bs. I think QB is just trying to scam us out of more money. Be sure to do your research on PCI Compliance requirements. I did. 

FTP17
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Take payments how?  QB takes the payments, we merely receive the funds, after QB takes a percentage.  My company never sees a credit card #, QB is the sole processing, there is nothing for us to be in compliant for as we DO NOT get ANY credit information, QB does.

Rainflurry
Level 14

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

@FTP17 @syringaboutiquei 

 

PCI compliance is required even if you don't do any processing of credit cards on your local workstation/terminal because you still have a merchant account that you can log into from a browser.  When you log in, you can place charges and issue refunds through your merchant account.  PCI compliance makes sure that you have adequate safeguards and a plan of action if your login/merchant account is compromised.  It ain't BS.  

TerraOwriter
Level 2

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Are we required to use Security Metrics? That seems sketchy.

LeizylM
QuickBooks Team

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Yes, if you process credit card and debit card transactions, you need to use security metrics, TerraOwriter.

 

PCI DSS compliance ensures that credit card data is handled securely to prevent fraud and data breaches. Companies like Security Metrics offer services to help businesses achieve and maintain PCI compliance.

 

Let me also share these resources that tackle the PCI DSS Compliance Services and frequently asked questions about Security Metrics: Learn about the PCI DSS Compliance Services.

 

I'll be right here to keep supporting you regarding PCI compliance. The Community forum is always available to help you

TerraOwriter
Level 2

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

My question was whether SECURITYMETRICS was the only game in town. Your 'partnership' comes across as sketchy. You know that, right?

Just_me
Level 11

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

"Yes, if you process credit card and debit card transactions, you need to use security metrics,"

 

@TerraOwriter   Actually, NO, you're NOT required to use Security Metrics.  You can use ANY company you choose, as long as you are PCI compliant.  

FTP17
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

Thank you for your reply. I have read about self-assessment and submittal of a SAQ (?) I am just trying to avoid going through a company that had no regulations in regards to how much they charge us on an annual basis, it $100+ now and next year could go up and up all for a compliance that I feel should be in Intuits side as they are the ones taking transactions. 

3LT
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

You didn't answer the question. We don't recieve and CC credentials when people pay though QB, so why are we required to be PCI compliant? I don't take the number nor do I see it.  Can you answer that please.

James_AL
QuickBooks Team

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

We know that PCI compliance can be confusing for you, 3LT. Allow me to clarify and provide you with more information about it.

 

The necessity for PCI compliance arises from the presence of computers and mobile devices that have access to both QuickBooks and your merchant account using your login information. Even though you may not physically have access to your customer's credit card credentials, they are stored in your merchant account, leaving you vulnerable. PCI compliance is specifically designed to address and mitigate this vulnerability.

 

 You are receiving emails from PCI to inform you about necessary PCI compliance standards for merchant services.

 

Intuit manages your credit card transactions through e-invoices. PCI compliance offers services for merchants to ensure security and compliance. It's crucial for all businesses accepting credit card payments to maintain PCI compliance, safeguarding sensitive financial information.

 

Furthermore, Intuit collaborates with Security Metrics, a prominent PCI service provider, to assist you in meeting the requirements. It’s essential to be aware that Security Metrics imposes an annual fee on merchants who validate compliance for Intuit.

 

You can visit this article to learn more about PCI compliance: 

 

 

Keep me posted if you have other concerns or additional questions about PCI compliance. I'm always ready to assist you further. 

Rainflurry
Level 14

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

@3LT 

 

"We don't recieve and CC credentials when people pay though QB, so why are we required to be PCI "compliant?

 

You need to be PCI compliant because you have computers/mobile devices that have access to QB and your merchant account via your login.  Your customer's cc credentials are stored in your merchant account even if you can't "see" their credentials.  That makes you vulnerable and PCI compliance is designed to address that.  

Rara_123
Level 1

Why is PCI compliance companies emailing me? All my CC transactions are handled by e-invoices through Intuit.

This should be a platform cost, it's a scam that they are trying to pass the buck to their customers.  If you support it, good for you, but I hope Quickbooks is paying you for cleaning their boots. 

Sign in for expert help
Ask questions, post replies & join our community of QuickBooks users.

Need to get in touch?

Contact us