Hello, @Steve40. Let me help clarify PCI compliance and SecurityMetrics for you.
Yes, Payment Card Industry Data Security Standard (PCI DSS) compliance is a mandatory requirement for all businesses that accept credit or debit cards. These regulations, established by major card brands, are designed to protect cardholder data and shield your business from the costly consequences of data breaches.
Also, the SecurityMetrics is a reputable and certified security firm. As an authorized Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA), Intuit collaborate with them to help you complete required Self-Assessment Questionnaires and network scans.
Completing this process ensures you meet your merchant service agreement and verifies that your systems meet industry security standards.
Note that you must renew your certification annually and ensure your systems remain compliant with these requirements.