I received an email from SecurityMetrics, regarding Intuit’s PCI compliance. Is this legit?

I'm glad to see you here, @tim-centralbooki.

Allow me to share some info on why you received an email from SecurityMetrics.

SecurityMetrics is a legal entity whose goal is to protect your payment card account. If your business processes, stores, or transmits payment card data, you're required to implement the standard cardholder data theft as part of the PCI DSS requirements.

If you're a non-compliant, this is the reason why you received an email reminding your status. By logging into your SecurityMetrics account utilizing your email and password, you can review the requirements for PCI compliance.

You can click this link for more info: https://www.securitymetrics.com/blog/securitymetrics-support-faq

I'll also add this article to help you recognize official Intuit correspondence and websites: Identify suspicious activity, phishing scams, and potential fraud.

For additional questions about managing your account security, feel free to return here. We'll be willing to help. Thanks, and have a good one.

More straight forward answer is Security Metrics is a legit company. PCI Compliance is a legit thing.  

However, Security Metrics is a HORRIBLE company that tries to bully QB customers into believing that we HAVE t o use them for PCI compliance.  

You only have to be PCI compliant IS you take or store credit cards/ info.  

If you don't take or store them, you are all good.  

If you need to become PCI compliant, I would suggest that you use a different company.  One that is NOT associated with Intuit/ QB.  You'll get treated better, and may find that it is a LOT cheaper and easier.