QIR mandate and what it means for you

Visa recently announced that Level 4 merchants (small merchants) must use payment solutions providers that have been trained, tested, and certified as a Qualified Integrator and Reseller (QIR) company.  As part of the Visa announcement, all Level 4 merchants utilizing a Reseller or Integrator for hardware and software installations, effective January 31, 2017, must have that installation completed by a PCI QIR registered Professional. Visa has recommended that merchants use POS integrators and resellers selected from the PCI SSC QIR Companies list. The list of those certified companies can be found here.

Additionally, Visa announced that all Level 4 merchants must complete the annual validation of PCI DSS compliance. Visa stated that “forensic investigators have identified links between improperly installed POS applications and merchant payment data environment breaches”. The investigators specifically noted that small merchants are significant targets of data breaches due the lack of best security practices. Remote access without two-factor authentication or a regular password change is a gap that opens up significant risk or data compromise.

Among the advantages of becoming a QIR certified company:

  • Make certain you are following all of the practices related to payments security
  • You are listed on the PCI website as a QIR certified company
  • You have the ability to use the QIR logo on marketing materials to show you are committed to installing equipment and software securely
  • You gain trust of the merchants, and can advise them on the threats and products that protect their business