Problem solve Get help with specific problems with your technologies, process and projects.

Breaking down PCI SSC's Qualified Integrators and Resellers program

Mike Chapple breaks down PCI SSC's new Qualified Integrators and Resellers (QIR) program, explaining the compliances requirements for merchants.

Can you provide a breakdown of the PCI SSC's new QIR program? Is it strictly for retail IT providers? Is it similar...

to any other security audits or compliance standards?

Ask the Expert!

Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous

The Payment Card Industry Security Standards Council (PCI SSC), the governing body for the Payment Card Industry Data Security Standard (PCI DSS), recently announced the launch of its new Qualified Integrators and Resellers program, also known as QIR. This program is designed to close a gap in the payment card software installation process.

Prior to the program's launch, merchants that used software for processing payment card transactions were subject to PCI DSS, and developers that created the software had to do so in accordance with the Payment Application Data Security Standard (PA DSS). However, there was no compliance program covering the integrators and resellers that installed and configured the software at a merchant's site.

QIR is not a new compliance standard or audit requirement. It is a certification program for integrators and resellers. The educational component of the program is designed to ensure that the reseller can install and configure PA DSS-certified applications in a manner that allows merchants to comply with PCI DSS. In order to become a QIR, a firm must submit a written application documenting that its staff has the skill, knowledge and experience required to install software in a PCI DSS-compliant fashion.

Merchants are not required to use a QIR, but they will have access to a registry of QIRs, allowing them to select integration partners that fulfill the PCI SSC requirements that have demonstrated a base-level of PCI DSS and PA DSS knowledge. While this program is not a requirement, it does provide peace of mind to merchants that rightly make PCI DSS compliance a top priority.

This was last published in March 2013

Dig Deeper on PCI Data Security Standard

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.