PCI Security Standards provides Self Assessment Questionnaires   Here's a link for one if all your transactions are outsourced. https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf  

I also saw a site that looked interesting - it say PCI compliance is free...but I have not used them https://pcifree.com/  You can check them out for more information if you don't want to go it alone.

Our company uses another vendor (NOT Security Metrics) We use PCI+ and we are happy with their services, they do charge an annual fee but it is not as high as Security Metrics.  I am not sure why Intuit is pushing their customers into Security Metrics.  That is disturbing, maybe they get a kick back??  I don't like that Intuit has shared our information with this company and then allow them to send NON COMPLIANT emails to customers who are compliant!  If Intuit is expecting all users of their payment services to be compliant they need to provide better understanding of the task (as I am doing!!)  And also allow customers who are compliant outside of Security Metrics to declare this and get off the non-compliant email list.