Much of the talk around the proverbial POS Industry “water cooler” has been around the now more than six month old announcement about the new Visa requirement for all Level 4 merchants. As a refresher: the card brand is requiring that merchants in this tier must use only PCI QIR professionals for POS application and terminal installation and integration. This requirement will go into effect in January 2017. It marks Visa’s effort, in their words, to establish requirements “for acquirers to ensure their small merchants are taking steps to secure their payment environment.”
The Visa requirements not only hold Tier 4 merchants responsible for the security of their payment environments, but place additional responsibility on acquirers and VARs. It’s those additional responsibilities on VARs, in particular, that have many RSPA members losing sleep. Achieving the QIR certification takes additional time, dollars, and effort, resources that resellers of a certain size—especially those who serve Tier 4 merchants—cannot spare very easily.
RSPA has received many questions from members about the impact of Visa’s requirements—including, questions that go beyond the answers outlined in Visa’s bulletin on the subject (originally published in October 2015, and updated in January 2016). Recently, we took some of the questions we’ve received directly to the source, Visa.