Hello there, @junwin. I have here some details to share about being PCI compliant. Let me elaborate on them for you.

All merchants who process, handle, transmit, or store data are required to be PCI compliant. If you receive customer payments through credit or debit cards, regardless of not saving the customers' detail, you are still required to be PCI compliant. However, if you only accept checks or cash, then you don't need to be one.

To determine what requirements you need to follow, I recommend checking out this article for detailed information: Learn about QuickBooks PCI Service.

Also, if you already have PCI compliance service with another company other than SecurityMertrics, you can disregard the emails you received. Since these are just security emails to make sure that all merchants that fall into the mentioned categories can comply. 

Additionally, I'd still suggest getting in touch with PCI support to confirm if you really need to comply.

Moreover, here's an article that'll give you some tips on how to keep your account and financial information secure: Privacy and security in QuickBooks.

I know these are trying times but we appreciate your patience while we continue to work with this. Please don't hesitate to hit me up by leaving a comment below if you have further questions about PCI compliance. I'll be sure to get back to you. Take care.