QIR certification: What’s required and why it matters

 PCI QIR Program

Security is one of the hottest topics – if not the hottest – in the retail and payment landscapes today. Everyone – from merchants to POS providers – are working to batten down their hatches and trying to avoid becoming the victim of the next major data breach. And while payment systems have come a long way in the past few years, especially in the United States thanks to EMV and the move toward encryption/tokenization, there are still a few relatively massive omissions in the grand scheme that have to be reconciled soon to keep the ball rolling in the right direction. One of these matters involves Qualified Integrators and Reseller Qualification, which essentially ensures that equipment is being installed properly by competent and qualified individuals.

Today, many POS installers rely on third-parties to handle networking which adds liability for the installer and also leaves opportunity for revenue on the table. POS providers who strive to become the qualified “one-stop shop” for POS installation and service will see the most success in coming years. With deadlines approaching for a range of requirements, the time is now to understand why QIR qualification is so important for POS providers.

Requirements at a glance
The PCI Security Standards Council explains that the QIR qualification is used to designate companies that are prepared to properly implement, integrate, configure and support PA-DSS payments technology and applications. The chances of an installer having success in the market without this designation in the coming years is going to get lower as time goes on, especially considering the compounding issues involved in incorrect configuration and deployment.

Security and compliance are the more obvious sources of concern, but functionality and continuity can also be major issues when systems are not installed by a qualified provider. For example, poor configurations can lead to a complete lack of compatibility across systems, essentially making it impossible to securely process transactions, maintain record-keeping, and implement reporting.

Here are some of the core requirements levied by the PCI SSC:

  • Must fulfill documentation requirements to prove that employees are capable of adhering to guidelines.

  • Background check standards must be met and sustained, while procedures under the QIR program have to be followed every step of the way.

  • Data privacy and security need to be in optimal standings.

  • Quality assurance models must conform to the PCI SSC’s standards.

Simply put, if a POS provider does not adhere to those requirements, the consequences can potentially be dire for the merchant – with fees associated with Data breaches often forcing merchants out of business.

Where to begin
The PCI SSC offers thorough information on the types of coursework involved in QIR certification, as well as how to identify the right courses in accordance with specific backgrounds. As a note, POS providers that are looking to requalify for QIR certification have separate options available to make the process as easy as possible.

Remember, working with the right payments provider will be paramount when putting QIR qualifications to good use. Should the backend technology used not align with the demands of PCI compliance and modern security standards, certification will not be maintained, nor work to the advantage of the reseller and installer.

Questions about QIR? We can help get the conversation started.