Help protect your merchants from data theft
In order to help reduce the risks associated with data theft Visa made an announcement that smaller merchants (Level 4 Merchants) must utilize payment solutions providers that have achieved the Qualified Integrator and Reseller (QIR) certification. Smaller merchants remain targets of hackers that are attempting to compromise payment data. Investigators had concluded that there are links between data breaches and a lack of payment card industry (PCI) best practices, which is what is ultimately leading to these system compromises. Effective on January 31, 2017, all Level 4 merchants that use a Reseller or Integrator for payment applications and/or terminal installation services must only use a Registered PCI QIR Professional. In addition to this, all Level 4 merchants must ensure the annual validation of PCI Data Security Standard compliance.
It is not shocking that Visa is targeting Level 4 Merchants for their emphasis on payment security. Though Level 4 merchants rank among the smaller in the four tiers, they represent 90 percent of the five million-plus card-accepting merchants in the United States, and they also account for 94 percent of data breaches. This means that it is imperative that Level 4 merchants receive their QIR certification. Aside from increasing the merchants’ overall safety, there are many other benefits to becoming QIR certified. Becoming QIR certified allows merchants to use the QIR logo on promotional materials, leverage QIR training, and placement on the PCI Security Standards Council’s list of qualified providers.
Earning QIR Certification
Employees of resellers and integrators may become QIR certified after taking an approved training program and passing a certification exam. Every company seeking to qualify needs at least one employee to pass the training. After they have passed the training, they will need to requalify every three years. For a reseller or an integrator to become QIR certified, they must also provide a business license and show that they have no criminal charges on their record. The company that is seeking qualification must confirm they support the PCI SSC Code of Professional Responsibility.
Follow these 8 steps below to becoming certified:
- Company Information Form – Register for the program on PCI SSC’s website. Complete a short information form about your company that takes about five minutes to complete. You will receive an email from the PCI SSC with your username and password to complete your company’s application.
- Company Application – Log into the portal with username and password sent from PCI SSC. Complete your company application, which will take about 10 minutes. You will be asked to submit your company’s Articles of Incorporation or Certificate of Formation.
- Professional Application – This is a basic resume of the employee taking the test. Once your company information, company application and professional application have been submitted, it takes about one week to get approval to access QIR training materials.
- Course Payment – Payments are made directly through the PCI SSC’s website and the cost is $395. It may take three to four business days to receive the invoice for payment.
- Access to Training Materials – Once approved and payment is received, it can take up to 48 hours to receive the username and credentials to gain access to training documentation. If the training page is blank, you will need to email the support link found on the page. It may take 24-48 hours to gain access following the request.
- Review Training Materials – Materials include online training, videos, and user guides. The PCI SSC states it’s a 6-hour training course, but we have been informed it can take much longer to study appropriately.
- Schedule the Test – Once you have completed the training materials, sign-up to take the test at a Pearson Vue Training Center. Contact a local Pearson Vue Center that supports PCI testing to schedule. Testing availability is typically 24-48 hours. The cost for the test is included in the $395 sign-up fee.
- Take the Test – You have 90 minutes to complete the test. The test has 60 questions: 30 technical and 30 PCI-related. You can flag or skip questions and go back to them at the end. Pearson Vue Centers do not allow cell phones, watches, anything in your pockets, hoodies, purses, tablets, or computers. You will be provided a locker for your personal belongings. Once the test is completed and submitted, you will receive a pass or fail. You need at least a 75 percent to pass.
For more information, view Sterling Payment Technologies’ PCI QIR certification checklist and Guide to PCI QIR Certification for Resellers and Integrators.Back To News