Can you provide a breakdown of the PCI SSC's new QIR program? Is it strictly for retail IT providers? Is it similar...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
to any other security audits or compliance standards?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous
The Payment Card Industry Security Standards Council (PCI SSC), the governing body for the Payment Card Industry Data Security Standard (PCI DSS), recently announced the launch of its new Qualified Integrators and Resellers program, also known as QIR. This program is designed to close a gap in the payment card software installation process.
Prior to the program's launch, merchants that used software for processing payment card transactions were subject to PCI DSS, and developers that created the software had to do so in accordance with the Payment Application Data Security Standard (PA DSS). However, there was no compliance program covering the integrators and resellers that installed and configured the software at a merchant's site.
QIR is not a new compliance standard or audit requirement. It is a certification program for integrators and resellers. The educational component of the program is designed to ensure that the reseller can install and configure PA DSS-certified applications in a manner that allows merchants to comply with PCI DSS. In order to become a QIR, a firm must submit a written application documenting that its staff has the skill, knowledge and experience required to install software in a PCI DSS-compliant fashion.
Merchants are not required to use a QIR, but they will have access to a registry of QIRs, allowing them to select integration partners that fulfill the PCI SSC requirements that have demonstrated a base-level of PCI DSS and PA DSS knowledge. While this program is not a requirement, it does provide peace of mind to merchants that rightly make PCI DSS compliance a top priority.
Dig Deeper on PCI Data Security Standard
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.