QuickBooks Tip / Security Concern: Did you Know You May Be Syncing Sensitive Financial Information with Intuit Servers?
Intuit Sync Manager may be syncing QuickBooks data (including sensitive financial data like Social Security numbers and customer credit card information) to Intuit servers without your knowledge. Read this article for details and recommendations to protect your sensitive financial information.
This may be a security concern for QuickBooks users who do not want to sync sensitive financial information with Intuit Servers. It should be a bigger concern for CPAs, Chartered Accountants and other accounting professionals. We are usually required to keep client information confidential and secure according to the AICPA, state laws or other regulations. If client data will be shared with third parties (i.e. Intuit’s servers), we should have consent from the client in an engagement letter or privacy notice.
Additionally, some clients are adamant about NOT having their financial information ‘in the cloud.’ They may be very upset to discover their data is syncing to Intuit servers. Please read this article to determine whether QuickBooks files are syncing with Intuit servers and how to turn it off if desired.
Overview of Intuit Sync Manager
Intuit Sync Manager syncs QuickBooks data from the file on your PC to Intuit Servers. This is great if you decide to subscribe to an app from Intuit or third party vendors in the App Center. This is what a knowledge base article says about Intuit Sync Manger (with emphasis added):
Intuit Sync Manager synchronizes your QuickBooks company file data with Intuit online services and third-party developed applications that you may subscribe to. To make it easier for you to use these connected services, Intuit Sync Manager is installed when you install QuickBooks, however it will not sync your file unless you set it up to do so.
However, “it will not sync your file unless you set it up to do so” appears to have changed somewhere along the way and this concerns me. I’m not a techie and I admit I do not fully understand the details surrounding Intuit Sync Manger. Please provide additional details or clarification in the comments to this article below.
QuickBooks 2012 Files
The default for Intuit Sync Manager appears to be set to sync data including sensitive financial information. When I create a new file with QuickBooks Accountant 2012, it doesn’t ask about syncing the file yet the sync manager is turned on and set to sync sensitive financial information.
In existing QuickBooks 2012 files with no app subscriptions, no payroll subscriptions. no Intuit Merchant Services or other apparent reasons to sync with Intuit servers, the Intuit Sync Manager preference is turned on including to sync sensitive financial information as shown in the image below. We don’t know how this was turned on.
I suspect Intuit needs to sync to confirm license registration, QuickBooks updates or other acceptable reasons. My primary concern is that Intuit Sync Manager also enables it to sync “Social Security numbers, customer credit card information, and other personal data.”
I think it is on by default (in QuickBooks Accountant 2012) because I cannot determine where it asks if you want to sync the file. Intuit’s support article indicates it “is installed when you install QuickBooks, however it will not sync your file unless you set it up to do so.” This doesn’t appear to be working as described.
Changes in QuickBooks 2013
Just like with QuickBooks Accountant 2012, when you create a new file in QuickBooks Accountant 2013 (QuickBooks Pro and Premier are different and discussed next), the file will be set up to sync with Intuit servers, including sensitive financial information as shown in the above image.
In QuickBooks Pro or Premier, 2013 (not QuickBooks Accountant as discussed above), when a new file is created, you need to create an Intuit account by entering your name and email address. You should un-check the box (see below) if you do not want to sync the data file with Intuit Servers.
Recommendation for Intuit
Please change it back to “it will not sync your file unless you set it up to do so.” The default should be to NOT start syncing the file unless we opt-in (not opt-out) especially where sensitive financial information is concerned!
Recommendations for Users and Accounting Professionals
Change the preference for Intuit Sync Manager if you do not want to sync your data or sensitive financial information. To do this: Edit > Preferences > Integrated Apps > Company Preferences > Intuit Sync Manager > Properties and un-check the boxes. NOTE: this should stop it from syncing in the future but your data has probably already been synced to Intuit’s servers.
Share Your Comments
Do you think this is an important issue for you or your clients? Do you have additional information or insights on how Intuit Sync Manager is working on other QuickBooks files? Do you agree that it should be opt-in as the default? I can share your comments with Intuit Product Managers next week at The Sleeter Group’s Accounting Solutions Conference.
UPDATE: Apparently it isn’t really syncing the data as it appeared. This was posted by Alex Chriss – Director, Intuit Partner Platform in the comments:
Hi Michelle and all. We appreciate the feedback and the discussion here. I think we caused some confusion with some poorly worded screens, so please allow me to clear it up.
First, Intuit does not sync company file data to our servers without explicit approval from customers. The preference setting you have screenshots for is actually a setting that tells Sync Manager WHAT to Sync IF it is explicitly enabled. By default, we give Sync Manager (“the app”) permission to sync data only IF the user explicitly turns it on.
In QuickBooks versions prior to 2013, the user would have to explicitly go through the sync setup flow to turn ON sync manager and move data to Intuit servers. In QuickBooks 2013, we’ve simplified this setup flow to enable easier access to integrated applications – and allow the user to activate (or not) sync during the creation of a company file – but it is still an explicit decision by the user.
Clearly we could do a much better job with our wording and explaining what’s happening here but I want to assure you that we take our customer data and preferences very seriously. QuickBooks customers have full control to decide whether to sync their file or not.
One change we are investigating, per the comments in your post, is changing the default setting of a new file creation in the Account Edition from opt-out to opt-in for added transparency.
Director, Intuit Partner Platform