Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

QIR

Merchants and Aquirers to Share PCI Lessons Learned at PCI SSC Community Meetings

The PCI Security Standards Council (PCI SSC), have announced PCI in Practice sessions for the 2013 PCI Community Meetings in Las Vegas, Nevada; Nice, France; and Kuala Lumpur, Malaysia. Case studies from members of the PCI community will share best practices in implementing payment card security programs.

PCI in Practice sessions for the North American and European Community Meetings will feature Chase Paymentech, Southwest Airlines and Time Warner Cable, Reliant Security, BT PLC and the Pan-Nordic Card Association. Australia Post will discuss its PCI journey at the Asia-Pacific Community Meeting:

  • The Importance of Merchant and Acquirer Communications Chase Paymentech, David Wallace, vice president of global merchant compliance; Southwest Airlines, Shawn Irving, senior manager of information security systems; Time Warner Cable, Erika Root, director, internal controls compliance, PCI Professional (PCIP) and Internal Security Assessor (ISA)
  • Secure Payment Systems Implementation – QIR in practice Reliant Security, Mark Weiner, managing partner, PCI Qualified Integrator & Reseller (QIR)
  • Successful Acquirer Collaboration on PCI – A Nordic case study Pan-Nordic Card Association, Mats Henriksson
  • QSAC Engagement – Tracing the PCI compliance journey of a multi-national corporation BT PLC, Sarah Nicholson, security policy & compliance manager; Candice Pressinger, head of group PCI-DSS compliance
  • Achieving and Maintaining Compliance – One approach to the PCI DSS journey Australia Post, Janelle Bull, risk manager, CardSafe program; Sharon Jokic, program director, CardSafe program

To register for the 2013 Meetings:

The Community Meetings are about sharing experiences and best practices with a large audience of peers for improved payment security,” said Bob Russo, general manager, PCI Security Standards Council. “And learning from one another is one of the best ways we as a community can continue to work together to increase payment card data protection globally. We’re looking forward to this year’s PCI in Practice sessions to hear about how these organizations representing different industries and geographies are effectively addressing PCI security within their unique business

Advertisements

PCI Security Standards Council’s Qualified Integrators and Resellers program is now live

The PCI SSC’s the Qualified Integrators and Resellers (QIR)™ Program will train and qualify integrators and resellers that sell, install and/or service payment applications on the secure installation and maintenance of PA-DSS validated payment applications to support merchant PCI DSS security efforts.

Eligible organizations can now register for the QIR program by visiting the PCI SSC website. Training will be available beginning October 1, 2012.

“Integrators and resellers play a key role in securing the payment ecosystem as merchants depend on these providers to install, configure, and maintain their PA-DSS validated applications in a way that facilitates their PCI DSS compliance. Industry reports point to errors being made during the implementation and maintenance process as a significant risk to the security of cardholder data. The QIR program provides integrators and resellers with highly specialized training to help address these risks, such as ensuring that remote access is used securely and that all vendor default accounts and values are disabled or removed before the customer uses the application.

Merchants will benefit from a global list of QIRs on the PCI SSC website, providing them with a trusted resource for selecting PCI approved implementation providers. The program also includes a feedback loop for merchants to evaluate a QIR’s performance.”

QIR customers will have the opportunity to submit a formal feedback form online, which the Council will review as part of its quality assurance process.

The QIR training curriculum is comprised of an eight-hour self-paced eLearning course made up of three modules covering:

  • PCI DSS awareness overview and understanding industry participants
  • QIR roles and responsibilities
  • PA-DSS and key considerations for QIRs when applying expertise to installing and configuring the PA-DSS application
  • Guidance for preparing and implementing a qualified installation

After taking the eLearning course, participants will be eligible to schedule the 90-minute exam at one of more than 4,000 Pearson VUE Testing Centers worldwide. Once a company has two employees complete the training and pass the exam, the company and QIRs will be listed on the PCI SSC website for merchants to use as a resource for choosing a PCI SSC approved provider. The training course and exam will be available October 1, 2012.

The Council will also host a webinar for those interested in learning more about the QIR program, followed by a live question and answer session with PCI SSC experts:

  • To register for the Thursday, August 16, 2012 session, click here.
  • To register for the Wednesday, August 29, 2012 session, click here.

“Although the merchant community continues to accept and adopt PCI, small merchants are increasingly being targeted as opportunities to steal card data,” said PCI SSC Chair and Vice President of Global Data Security Policies and Process for American Express, Mike Mitchell.

“This new and exciting PCI program will continue to close the gap from implementation, to ongoing compliance and in the assessment processes. Merchants should start to feel better about having a “hard-hitting” partner in their fight to prevent fraud.”

.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: