Credit card data theft continues to pose a threat to small merchants and their customers. To reduce hacking and fraud, Visa has recently announced that all new Level 4 merchants must use payment solutions that have achieved Qualified Integrator and Reseller (QIR) certification. Newly-boarded merchants must use the PCI-certified solutions (as of March 31, 2016) and existing merchants are expected to meet the requirement now as well (as of January 31, 2017). So, what is QIR certification? Here are some facts about the security measure…
- The Payment Card Industry Security Standards Council (PCI SSC) maintains a training and qualification program – the Qualified Integrator and Reseller (QIR) certification – for eligible professionals to securely install PA-DSS-validated payment applications in merchant environments.
- The reason for the Visa requirement stems from forensic investigations indicating that small (Level 4) merchants are targets for hackers attempting to compromise payment data. Security experts have identified a clear link between data breaches and a lack of PCI best practices.
- Merchants using QIR certified professionals know that payment applications and terminals are installed and integrated in a matter mitigating payment data breaches and complying with PCI-DSS.
- Merchants can obtain a list of approved providers from the PCI SSC here. https://www.pcisecuritystandards.org/assessors_and_solutions/qualified_integrators_and_resellers
- Learn more about Visa’s QIR requirements here. https://usa.visa.com/content/dam/VCOM/download/merchants/bulletin-small-merchant-security-faq.pdf