Where to submit filled our PCI to Quickbooks

Thanks for reaching out to the Community, WilliamK.

I appreciate you wanting to submit a copy of your PCI documents to Intuit, but can confirm you won't need to send any copies to QuickBooks.

When you choose to set up PCI Services with SecurityMetrics, you'll initially create an account with them. After creating one, you can complete their FastPass and purchase a PCI package that best suits your needs. From here, you'll complete an SAQ and be able to set up the necessary scans.

You can learn more about PCI Compliance in our Learn about QuickBooks PCI Compliance article.

Please don't hesitate to send a reply if there's any additional questions. Have a wonderful Thursday!

I did not say, "I chose to set up PCI Services with SecurityMetric." Please do not refer to this.

To clarify the question:

I filled out the form Self-Assessment Questionnaire A.

Please confirm if it needs be submitted to you or not. If so, where?

Thanks

Hey there, @WilliamK. 

Thanks for coming back and adding some details about your issue. 

To clarify, please provide us with answers to the questions below: 

• Where did you fill out the form?
• Do you accept payments for your business?

This will help us determine what steps you need to take to get this resolved. I'll be waiting for your response! 

Where did you fill out the form?

From https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf

Do you accept payments for your business?

Only payments for credit cards are from Quickbooks Online invoices invoices that customers enter through Intuit system.

No Credit cards onsite, no credit cards stored, No POS system, No touching of credit cards. Just Quickbooks Online.

Thank You

Thanks for following up with the Community, WilliamK.

I'd recommend checking with our QuickBooks Payments team to see if they need any PCI documentation from you. They'll be able to pull up your account in a secure environment and discuss this with you.

They can be reached while you're signed in.

Here's how:

1. Use the Help (?) icon.
   
   
    
2. Click Contact Us.
   
   
    
3. Enter a description of your situation in the What can we help you with? field, then hit Let's talk.
   
   
    
4. Select Start messaging or Get a call.
   
   

Be sure to review their support hours so you'll know when agents are available.

I'll be here to help if there's any questions. Have a wonderful Thursday!

Yes, I need to be PCI compliant.

My question remains unanswered:

I filled out the form Self-Assessment Questionnaire A.

Please confirm if it needs be submitted to you or not. If so, where? <--- This is the question

Hi, @WilliamK. I'm here to address your query about submitting the Self-Assessment Questionnaire.

Once you're done with the assessment, you can contact the Security Metrics Support for submission. 

Here's how:

1. Access this link: https://www.securitymetrics.com/portal/app/ngsm/pcidss/intuit.
2. Select Contact Us, then Contact Support.
3. Fill out the form and click Submit for them to contact you.
4. You can also reach them via phone call or email (contact number and email address posted in the page). 

You can also reach out to other companies that can verify your compliance form. 

Furthermore, for guidance on effectively meeting compliance requirements, you can visit PCI Compliance FAQs.

If you have additional questions about submitting your Self-Assessment Questionnaire, post them below. We'll be here to respond and provide the best solution to help you achieve your goal. Have a good one.

Why do you keep ignoring the question

I did not say, "I chose to set up PCI Services with SecurityMetric." Please do not refer to this.

To clarify the question:

I filled out the form Self-Assessment Questionnaire A.

Please confirm if it needs be submitted to you or not. If so, where?

Or is it just kept on file?

Thanks for checking back in, @WilliamK.

Once the Self-Assessment questionnaire has been completed, you’ll receive a confirmation of your compliance, usually in the form of a certificate. Make sure to save a copy for your records. If required by your bank or payment processor, provide them with a copy of your PCI compliance certificate.

If you don’t see any PCI compliance-related options or need further assistance, you can contact QuickBooks Payments support for clarification on your status and next steps. You can use the link I'm including below to connect with our Payments Team directly.

• Contact Payments Support

Please don't hesitate to let me know if you have any additional questions or concerns about this process. Take care! 

The only person asking for PCI compliance is QuickBooks. We do not do any other credit card transactions.

It is my understanding after making calls to a couple organizations now. 

Since we are already PCI-compliant outside Intuit, we don't need to be compliant via SecurityMetrics as long as cardholder information and authentication data are protected.

Using the form from https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf confirms we are compliant

Quickbooks doesn't need to retain this form unless there had a breach or Common Point of Purchase inquiry.

You can confirm this by calling the PCI Standards group (https://www.pcisecuritystandards.org/contact_us/) and picking '1' once the messaging starts. 

We will keep our self assessment on file and review annually.

Is any of this incorrect?

I have the same question, and the push to use their partner service rather than help the customer with a simple answer is pretty shady.  

Agreed! 

I received the request for PCI compliance on 03.19.2025 with no ability to upload my PCI compliance attestation through the Standards Security Council. This is a backdoor handshake relationship with a money grab by a 3rd party vendor. 

Dear Quickbooks,

I do not elect or require the use of SecurityMetrics PCI. If you require proof of PCI compliance, please provide a non-SecurityMetrics PCI portal through Quickbooks for upload and annual documentation. Otherwise, please note that I have chosen to use an "other PCI compliance vendor". Your language. 

Sincerely,

Jeffrey Wolfe

Same!

We also received the request for PCI compliance with no ability to upload our PCI compliance attestation through the Standards Security Council. This is no doubt a backdoor handshake relationship with a money grab by a 3rd party vendor that everyone should be aware of and not use SecurityMetrics so Intuit / QuickBooks will stop exploiting their monopoly to blackmail their customers through 3rd party partners.

Dear Quickbooks,

I do not elect or require the use of SecurityMetrics PCI. If you require proof of PCI compliance, please provide a non-SecurityMetrics PCI portal through Quickbooks for upload and annual documentation. Otherwise, please note that we have chosen to use an "other PCI compliance vendor".

Sincerely,

Ben and the Droidox team

Did you ever get a straight answer?  Here we are 10 months later (after your post) and in my search for "where to send the assessment" I stumbled on this thread, plus a few others that are equally upsetting.  We used Security Metrics last year and will never use them again.  They have very, very poor business practices. Piranhas! I paid them July 15, 2024 and they started harassing me in September! Saying my account was set to expire. Fear tactics. I complained to QBs and they eventually laid off, until the last two months. They are now hounding me via repeated emails, several emails a day.  After a few days they started calling me DEMANDING I call them back. Emails just kept coming in along with repeated phone calls, that went to voicemail. I'm now blocking their phone number. They are using the same pressure as you might experience from a nasty car salesman (not all car salesmen are bad, but many use this same badgering method).  This is a total money grab and Quickbooks should be ashamed of themselves for unleashing this beast on their customers.  We pay plenty to do business here and should be treated with some form of respect.  Our business doesn't retain any card data. Everything is entered on QBs online. We don't even take credit or debit if we can help it. The card fees were eating us alive and we went to ACH billing.  We have maybe 4 or 5 accounts at the most who are using a card, with no saved data on our end.   I really need these people to leave me alone and for someone to tell me where to submit my "Self-Assessment".  After reading everything in this community it appears that I didn't even need to complete the assessment.  Security Metrics could have mentioned that before they took my money. Someone should have mentioned to us that we did not have the pay the crooks!  That we could self assess.  QBs give a link the the standards but evidently hasn't read rules themselves!  

Message to Quickbooks: I have completed the SAQ, my business is compliant.  Since you are providing no way to send it to you, I will be filing it into my file cabinet.  If you ever create a department to manage the process of compliantcy please let us know.    

Did you ever get a straight answer?  Here we are 10 months later (after your post) and in my search for "where to send the assessment" I stumbled on this thread, plus a few others that are equally upsetting.  We used Security Metrics last year and will never use them again.  They have very, very poor business practices. Piranhas! I paid them July 15, 2024 and they started harassing me in September! Saying my account was set to expire. Fear tactics. I complained to QBs and they eventually laid off, until the last two months. They are now hounding me via repeated emails, several emails a day.  After a few days they started calling me DEMANDING I call them back. Emails just kept coming in along with repeated phone calls, that went to voicemail. I'm now blocking their phone number. They are using the same pressure as you might experience from a nasty car salesman (not all car salesmen are bad, but many use this same badgering method).  This is a total money grab and Quickbooks should be ashamed of themselves for unleashing this beast on their customers.  We pay plenty to do business here and should be treated with some form of respect.  Our business doesn't retain any card data. Everything is entered on QBs online. We don't even take credit or debit if we can help it. The card fees were eating us alive and we went to ACH billing.  We have maybe 4 or 5 accounts at the most who are using a card, with no saved data on our end.   I really need these people to leave me alone and for someone to tell me where to submit my "Self-Assessment".  After reading everything in this community it appears that I didn't even need to complete the assessment.  Security Metrics could have mentioned that before they took my money. Someone should have mentioned to us that we did not have the pay the crooks!  That we could self assess.  QBs give a link the the standards but evidently hasn't read rules themselves!  

Message to Quickbooks: I have completed the SAQ, my business is compliant.  Since you are providing no way to send it to you, I will be filing it into my file cabinet.  If you ever create a department to manage the process of compliancy please let us know.    

I never did get a formal reply, just a conclusion.

I need check to make sure it does not auto renew. We save no credit cards and only charges are from invoicing via Quickbooks.