Visa: VARs, Integrators Must Be QIR Certified
Understand recent changes to requirements and how RSPA can — and did — help.
In an effort to help reduce the risk of data theft from hackers, Visa has announced small merchants must use IT solutions providers that have achieved Qualified Integrator and Reseller (QIR) certification. Visa advised acquirers that as of March 31, 2016, all new Level 4 merchants must use only Payment Card Industry (PCI)-certified QIR solutions providers for POS application and terminal installation and integration. As of January 2017, all Level 4 merchants must use solutions providers with this certification. (Update 1/20/2016 see Visa's revised policy here http://www.bsminfo.com/doc/visa-gives-vars-more-time-for-qir-certification-0001.)
For solutions providers that questioned some of the requirements of the QIR program when the Payment Card Industry Security Standards Council (PCI SSC) originally published them — a topic of discussion at the Retail Solutions Providers Association (RSPA) RetailNOW in August — the announcement from Visa might cause concern.
But it’s important to know things have changed.
PCI Responds To Industry Feedback
In October, PCI SSC updated the QIR program, making changes to qualification requirements, the program guide, and the program’s legal agreement. PCI SSC says among those changes are no longer requiring two trained employees — which enables sole proprietors to become certified — and streamlining the QIR legal agreement from 12 pages to 2 pages.
PCI SSC took action based on feedback from the industry, including representatives from the RSPA. Kelly Funk, president, tells Business Solutions that RSPA has been working with PCI SSC on ways in which the two organizations can partner better, evidenced by RSPA including PCI-QIR certification in its professional development curriculum. “As we launched that certification enhancement at RetailNOW, we received feedback from our members that we continued to share with the council.” In a message to RetailNOW attendees, she thanked RSPA general counsel Bob Goldberg, Mercury Payment Systems, and Visa for their collaboration to share this feedback with PCI SSC.
“The council incorporated that feedback as well as the feedback of several RSPA members into their own program evaluation, and we were delighted when they shared the revised requirements with us,” Funk says.
“One of the great benefits of membership in an organization is the ability to be heard and represented. RSPA plays a critical role in the commerce ecosystem and we have a unique voice that is important to have represented. I’m very proud to represent RSPA as a member of the PCI Security Council’s Board of Advisors. This allows me to share the voice of the RSPA membership, as well as bring back valuable information to share with our members,” Funk comments.
At a recent PCI event, she pointed out RSPA members have a front row seat to what is happening in the merchant community and play an important advisory role, supporting, educating, and influencing that community. “RSPA will continue to cultivate relationships to further amplify the voice of our members to maximize the impact we can have,” she says.
RSPA Resources To Help You With QIR Certification
As a part of RSPA’s professional development program, members can take advantage of a significantly discounted price of $75 per individual to prepare and test for QIR certification. UPDATE 1/29/2016: RSPA has been able to extend the deadline for its members to take the QIR course and exam at the discounted price to Feb. 29. For more information, visit http://www.gorspa.org/professional/.
PCI SSC’s QIR Program
PCI SSC, shared with Business Solutions that the QIR eLearning course and exam cover the following topics:
- a PCI DSS overview
- understanding payment industry transactional processes, terminology, players, and provider relationships
- understanding payment card brand compliance programs
- an overview of PCI roles and responsibilities along with understanding the role of the Qualified Integrator/Reseller (QIR)
- a cardholder data review
- an overview of PA-DSS applications, requirements overview and the PA-DSS Implementation Guide
- preparing for and performing a qualified installation
- QIR quality assurance expectations
- introductory guidance on PCI PTS, skimming prevention, and EMV
In addition to achieving industry-recognized certification, the QIR program can provide benefits to your business. You will be authorized to use the QIR logo on your promotional materials, helping you stand out from your competition and providing evidence of your commitment to payment security.
As U.S. merchants are moving toward the adoption of EMV technology, you can leverage QIR training to advise them as they evaluate their payment infrastructure and security controls.
Also, QIR certified solutions providers will have increased visibility among merchants and acquirers through the listing on the directory of qualified providers on the PCI website.