Security Metrics sent an email for PCI compliance. Is this legit?

Trying to post this at the top of the thread as I have many questions.

In the e-mail (snip below) they say there are multiple companies that we can use to become PCI compliant, I'm already compliant through another merchant account and don't believe I need to then become compliant with a service I strictly allow the customers to pay online with as I don't integrate QBO Payments with any 3rd party. I belivve this is misleading expecially charging customers to "become PCI compliant" you either are or are not PCI Compliant. 

In fact, my other merchant services account does not charge to certify PCI compliance and nor should whomever is partnered with Intuit. 

If you really dig and really answer all the questions truthfully to ANY PCI compliance and if you are handling the PII (credit card numbers, etc) in your hands and the customer is not entering them into a company site like Intuit directly then it is nearly impossible for most small businesses to truely be 100% compliant, it is simply a way for the mechant service processing companies to shift blame to you under the veil of "protecting the customers information" Further, most companies want you to open back doors into your network so they can scan it for whatever they are scanning for, listen, if you cannot get in from outside then I'm doing my job and do not need to open a door for you to access. I'm not creating gaping holes in my network for a network I have no control of. Further, I do not see Intuit posting their PCI compliance certificates anywhere, how do WE know that you are really PCI compliant with OUR customer's data?

I think PCI Compliance had great intentions, and it is a great way for you to review your own processes, policies, network, devices etc every year to have as best proteciton as you can but in the end especially with Intuit Payments, this seems to be a money driven task that is pointless for 99% of intuit merchant services customers. 

I can't even get a hold of anyone at Security Metrics or QUICKBOOKS for that matter to have this discussion so with today 7/18/23 being the last day of "GET IT NOW OR ELSE" I would hope that Quickbooks or rather Intuit would send out a much better email with explination on how we can use our own 3rd party vendors to be "PCI Compliant" rather than this scammy company Security Metrics sending out these seemingly threating e-mails with "LAST DAY" "Better do it now" 

You can do better Intuit.

Exerpt from E-mail I received.1

"...There are multiple companies that provide security and compliance services you can use to become PCI compliant. Intuit has partnered with SecurityMetrics to help merchants become PCI compliant. You can receive a partner discount by using your email address ([email address removed]) to sign up for services. Visit the following link to get started online: [removed] or you can call them at [removed] ...." 

Is it true you can be fined for not being compliant?

looks like PCI wants $399 per year for small business compliance - WOW.  Maybe they give a discount for Intuit users I don't know, I don't have time to inquire or put up with another sales pitch, but If I have to pay an additional $400 per year to use QB online, we may stop credit card payments altogether...this is pretty bad.  We used to use quickbooks desktop and they did not require this ,so I am really confused and disappointed.

Yet QB is allowing Secure Metrics to send out aggressive emails telling their clients that subscribing to their products is mandatory and that you may be fined by QB if you do not.

Thank you all for this informative discussion and insights. I have been very stressed over Security Metrics harassment. I don't mind completing a questionnaire for Intuit, if need be. But with Security Metrics, you can't even pass 25% completion of the form without making your purchase option.

Like many of the folks on this thread, clients pay us via QB. I'm going to have Gmail mark Security Metrics as spam.

I had to call

amex and have them cancel

it in disputes I hope it is resolved 

Hi there, @jmeyers2.

Since you're already PCI compliant outside QuickBooks, you don't need to attach the certificate, as proof isn't required currently.

Also, please know that as long as you have an active MID, you'll receive system-generated email notifications about the PCI DSS Compliance Services. You can however disregard them since you already are.

For more comprehensive information about PCI Compliance, feel free to visit these articles:
 

• PCI DSS Compliance Services
• Learn about QuickBooks PCI Service

You can add a Reply below if you have other questions related to PCI compliance or need assistance performing tasks inside the program. We'll be here to assist you anytime.