In the retail and payment industry, security is one of the hottest topics. From merchants to POS providers, everyone is working to strengthen their security and avoid falling victim to the next major data breach. Though payment systems have come a long way within the past few years in terms of security, due to EMV and the shift towards encryption/ tokenization, there are still a few respective immense exclusions in the grand scheme that need to be reconciled. The biggest being the Qualified Integrators and Reseller (QIR) Certification, which ensures that equipment is being installed correctly by qualified and proficient individuals. Many POS installers rely on third-parties to deal with networking which adds liability for the installer. As deadlines approach for a range of requirements, the time is now to understand why QIR certification is so important for POS providers.
Aiming to reduce the risk of data theft, Visa announced that smaller merchants (Level 4 merchants) are required to use payment solutions providers that have achieved QIR certification. Various investigations of breaches have found that the incorrect installation and maintenance of payment applications creates opportunities for merchant networks to be at risk. The QIR program and certification provide principles and guidelines for securely installing and maintaining validated payment applications in PCI DSS compliant ways.
Visa updated the policy they issued last October, giving acquirers, merchants, and VARs more time to get PCI QIT-certified. Level 4 merchants still need to use PCI QIRs, but resellers now have more time to become certified.
Starting January 31, 2017, all Level 4 merchants that use a POS reseller or integrator for payment applications and/ or terminal installation services must work exclusively with a registered PCI QIR Professional. On top of that, all Level 4 merchants must guarantee annual validation of PCI DSS compliance.
This course provides an opportunity for eligible professionals in qualifying organizations to receive training and qualification on the safest installation of Payment Application Data Security Standard (PA-DSS)- validated payment applications for merchants in a way that cooperates with PCI Security Standard compliance.
This is part one of a three part series on QIR certification. Check back for the second installment of this series.Back To Blog