QIR Compliance: What’s it got to do with you?
Qualified Integrators and Resellers (QIR) compliance is a standard set for resellers by the Payment Card Industry (PCI) Security Standards Council to implement, configure and support Payment Application Data Security Systems (PA-DSS). QIR validated companies are listed on the website of the PCI Council.
Although QIR compliance has not yet become a compulsory requirement, card brands like Visa are making it mandatory for merchant acquirers to verify that all Level 4 merchants acquired since April 1, 2016 are using QIR validated merchant card service providers for Point of Sale (POS) application and terminal servicing. They have also introduced a mandate that all Level 4 merchants within the Visa portfolio are using QIR validated providers.
Although other card brands have not introduced similar requirements, it is inevitable that they will follow suit within the very near future.
How does that impact merchants?
That all sounds rather technical and as a merchant you are probably wondering what the impact is on your business.
Regardless of your merchant level, be prepared for the use of a QIR merchant card service provider to become a mandatory requirement across all card brands and merchants within the very near future. Check the PCI council’s website to see if your merchant cards service provider is listed as a QIR validated company. If they are not listed, contact them immediately to confirm that they are working towards PCI QIR validation and the date by which they expect to be compliant. If your provider is not working towards compliance, then consider looking for a QIR compliant provider that can take over the service for you.
It is anticipated that using the services of a QIR validated provider is going to become a mandatory requirement by the PCI in the near future and will be included in the PCI DSS Self Assessment Questionnaire (SAQ) for merchants.
QIR will be mandatory, but why?
Numerous security breach investigations revealed that merchant networks are compromised predominantly because of incorrect installation and maintenance of card payment applications by merchant service providers.
As a merchant you rely heavily on your appointed merchant card service provider to ensure that all card payment systems are properly installed and maintained. You also rely on them to ensure that security systems are maintained, upgraded with new developments in technology, and that they comply with all regulatory requirements.
Your customers put the security of their credit card information in your hands, so if your merchant card service provider is poorly equipped to manage what you entrust to them, you stand a good chance of losing business.
If a customer’s secure credit card details are accessed fraudulently after they made a card payment for purchases from your business, they are not going to question your merchant card service provider – they are going to place the blame on your business.
You cannot afford to lose business because your merchant card service provider is not a partner who enhances your business to grow sales, but a dinosaur still existing in the dark ages of credit card payment acceptance. For more information about QIR Compliance or to sign up for a merchant account, please call (888) 924-2743 or go to Charge.com.