Can you provide a breakdown of the PCI SSC's new QIR program? Is it strictly for retail IT providers? Is it similar...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
to any other security audits or compliance standards?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous
The Payment Card Industry Security Standards Council (PCI SSC), the governing body for the Payment Card Industry Data Security Standard (PCI DSS), recently announced the launch of its new Qualified Integrators and Resellers program, also known as QIR. This program is designed to close a gap in the payment card software installation process.
Prior to the program's launch, merchants that used software for processing payment card transactions were subject to PCI DSS, and developers that created the software had to do so in accordance with the Payment Application Data Security Standard (PA DSS). However, there was no compliance program covering the integrators and resellers that installed and configured the software at a merchant's site.
QIR is not a new compliance standard or audit requirement. It is a certification program for integrators and resellers. The educational component of the program is designed to ensure that the reseller can install and configure PA DSS-certified applications in a manner that allows merchants to comply with PCI DSS. In order to become a QIR, a firm must submit a written application documenting that its staff has the skill, knowledge and experience required to install software in a PCI DSS-compliant fashion.
Merchants are not required to use a QIR, but they will have access to a registry of QIRs, allowing them to select integration partners that fulfill the PCI SSC requirements that have demonstrated a base-level of PCI DSS and PA DSS knowledge. While this program is not a requirement, it does provide peace of mind to merchants that rightly make PCI DSS compliance a top priority.
Dig Deeper on PCI Data Security Standard
Related Q&A from Mike Chapple
Cloud compliance issues are no reason for enterprises not to move to the cloud. Expert Mike Chapple explains why, as well as what to keep in mind ...continue reading
The GAO reported on SEC cybersecurity weaknesses, even though the SEC regulates cybersecurity. Expert Mike Chapple discusses the effects of this ...continue reading
Enterprise compliance can be a burden to manage, which is where a PCI ISA can be helpful. Expert Mike Chapple explains how a PCI Internal Security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.