Skip to main content

Get 50% OFF QuickBooks for 3 months*

Buy now
Switch to QuickBooks and 70% off for 3 Months
July 23, 2025
Question

Hello. I want to be sure my company's QBO has PCI compliance set up. I am getting aggressive emails from SecurityMatters and want to understand what to do.

  • July 23, 2025
  • 1 reply
  • 10 views
No text available

1 reply

QuickBooks Team
July 23, 2025

Let's ensure your QuickBooks Online (QBO) company is PCI compliant, Tammy.

 

First, please note that if you're using QuickBooks Online Payments, Intuit handles PCI compliance for processing credit cards. This means sensitive card data is securely processed within Intuit’s PCI-certified system, so you do not store, process, or transmit cardholder data on your end. As a result, your PCI compliance obligations as a merchant are significantly reduced.

 

Regarding the SecurityMetrics emails, they come from an official Intuit partner offering PCI compliance validation services, including vulnerability scans, Self-Assessment Questionnaires (SAQs), and breach protection warranties. These services come with associated fees and are designed to help merchants who process, store, or transmit cardholder data to meet PCI DSS requirements.

 

However, if your business uses QuickBooks Payments exclusively and customers enter their payment information directly on invoices without you storing, processing, or transmitting cardholder data, then Intuit’s PCI compliance covers the payment processing portion. In this case, SecurityMetrics services are optional, not mandatory.

 

You can also check out this article for more details about PCI DSS Compliance Services for QBO: Learn about QuickBooks PCI DSS Compliance Services.

 

If you have further questions about being PCI compliant in QuickBooks Online, please feel free to comment below.