The PCI SSC’s the Qualified Integrators and Resellers (QIR)™ Program will train and qualify integrators and resellers that sell, install and/or service payment applications on the secure installation and maintenance of PA-DSS validated payment applications to support merchant PCI DSS security efforts.
Eligible organizations can now register for the QIR program by visiting the PCI SSC website. Training will be available beginning October 1, 2012.
“Integrators and resellers play a key role in securing the payment ecosystem as merchants depend on these providers to install, configure, and maintain their PA-DSS validated applications in a way that facilitates their PCI DSS compliance. Industry reports point to errors being made during the implementation and maintenance process as a significant risk to the security of cardholder data. The QIR program provides integrators and resellers with highly specialized training to help address these risks, such as ensuring that remote access is used securely and that all vendor default accounts and values are disabled or removed before the customer uses the application.
Merchants will benefit from a global list of QIRs on the PCI SSC website, providing them with a trusted resource for selecting PCI approved implementation providers. The program also includes a feedback loop for merchants to evaluate a QIR’s performance.”
QIR customers will have the opportunity to submit a formal feedback form online, which the Council will review as part of its quality assurance process.
The QIR training curriculum is comprised of an eight-hour self-paced eLearning course made up of three modules covering:
- PCI DSS awareness overview and understanding industry participants
- QIR roles and responsibilities
- PA-DSS and key considerations for QIRs when applying expertise to installing and configuring the PA-DSS application
- Guidance for preparing and implementing a qualified installation
After taking the eLearning course, participants will be eligible to schedule the 90-minute exam at one of more than 4,000 Pearson VUE Testing Centers worldwide. Once a company has two employees complete the training and pass the exam, the company and QIRs will be listed on the PCI SSC website for merchants to use as a resource for choosing a PCI SSC approved provider. The training course and exam will be available October 1, 2012.
The Council will also host a webinar for those interested in learning more about the QIR program, followed by a live question and answer session with PCI SSC experts:
- To register for the Thursday, August 16, 2012 session, click here.
- To register for the Wednesday, August 29, 2012 session, click here.
“Although the merchant community continues to accept and adopt PCI, small merchants are increasingly being targeted as opportunities to steal card data,” said PCI SSC Chair and Vice President of Global Data Security Policies and Process for American Express, Mike Mitchell.
“This new and exciting PCI program will continue to close the gap from implementation, to ongoing compliance and in the assessment processes. Merchants should start to feel better about having a “hard-hitting” partner in their fight to prevent fraud.”