Skip to main content
B
Brad59
June 21, 2024
Question

Why do I need to provide QB/Intuit with PCI Compliance when QB/Intuit handles the credit card transactions and I never see or touch the credit card?

  • June 21, 2024
  • 2 replies
  • 0 views
QB/Intuit requires me to submit PCI Compliance documentation in order to use QB/Intuit credit card processing. According to the industry regulatory agency, PCI Security Standards Council, since I don't see, touch, or store the credit card, all I need is PCI DSS Compliance. PCI Security Standards Council states my credit card vendor, QB/Intuit, should provide me with that Self-Assessment Questionnaire at no charge. Instead, they're referring me to their vendor, SecurityMetrics, who's charging me $85 annually. C'mon QB, I pay Intuit plenty and have been a loyal customer for over 25 years!!!

    2 replies

    M
    MichaelaS
    June 22, 2024

    I hear your sentiments and recognize that every penny counts, especially to a business person like you, @Brad59.

     

    Intuit is PCI compliant, ensuring the security of QuickBooks applications. However, using QuickBooks Payments services doesn't automatically make you PCI compliant; it indicates that specific transaction components meet compliance standards.

     

    The PCI Security Standards Council created the PCI DSS Standard to better protect customer payment card data from suspicious activities. All merchants that accept credit or debit cards are required to complete a Self-Assessment Questionnaire (SAQ) and are responsible for protecting payment card information and meeting PCI compliance requirements.

     

    Yes, Intuit will request you to submit PCI compliance documentation to confirm that you have met security requirements. As a merchant, you are responsible for safeguarding payment card information and fulfilling all PCI compliance requirements.

     

    For the PCI annual payment, Intuit works together with Security Metrics to streamline the PCI compliance validation process. Security Metrics requires merchants to pay an annual fee. If you choose to use Security Metrics, you have to set up an account with them. Once you have completed Security Metrics Fast Pass, choose the PCI package that meets your needs. Then, complete an SAQ and set up your scans accordingly.

     

    You can check these articles to learn more about the PCI compliance usage:

     


    On the other hand, If you don't have a QuickBooks Payment account and have been requested to fulfill the security requirements, I recommend contacting our Payment Support Team to authenticate your account and inform us that you no longer require this compliance.

    Furthermore, I'll provide this article to assist you in accepting online payments.: Receive and process payments.

     

    Let us know if you have other questions about security compliance. I'm always here to address them all. Stay well.

    T
    TravelingEye
    September 20, 2024

    You did not answer the question and many of us share it. We do not store or digitally transmit or save our payments we receive from our clients via phone. We are told we can answer the questions for free yet at 51% of the questions answered it tries to have you choose an unneeded and not wanted service package. There should be a box for No credit card information sent, received, or stored, digitally. At which point the rest do not apply and we should be certified or at least or account should show no pci needed. Why does intuit try to nickel and dime us with not needed services? Promise us a way to proceed without it (if not needed) and then try to force us to sign up for a not needed service?

      K
      kklkawev
      March 19, 2025

      I got an email saying that I had to sign up for an account with Security Metrics and pay them $375 in order to continue using QuickBooks payments. Is there a way that I can fill out a Self-Assessment Questionnaire (SAQ) to remain PCI compliant?

       

      J
      JustMeAt107
      March 19, 2025

      Confirm the requirement with QuickBooks support (what I did).  SecurityMetrics is trying to scare you into something you don't need, because they need to make money to stay in business.

      Bottom line, if you do not handle credit card information from your customers, you don't need their product.

       

       

      Terms & ConditionsAccessibility statement