How do Visa QIR Requirements affect my online business?

Merchant processing is a delicate process. On the customer side, it may look quite simple. After all, they simply flick their wrists and swipe their cards, or maybe key their details onto a website. For some, it’s as easy as waving their cards over the NFC reader on a mobile phone. In reality, it’s a complex transaction involving two different banks.

Any transaction that involves banks needs an additional layer of security. Merchant processors have to ensure that their systems protect customer privacy. The processors have to do as much as possible to prevent identity theft or card fraud, as well as keeping the transacted cash secure. Ideally, they should offer these benefits at affordable rates.

In the past, there were two main security requirements that card processing companies had to meet. One, they needed to be compliant with PCI (Payment Card Industry) regulations. These regulations include maintaining a firewall, strong passwords, data protection, updated antivirus software, and regular security tests.

Understanding QIR

Payment processors also benefit from using strong encryption on their platforms. From January 2017, an additional security requirement came into play. QIR (Qualified Integrator and Reseller) rules mean that anyone that has less than a million Visa transactions in a year needs extra compliance. This applies if they’re using a merchant processor for their payments.

QIR isn’t a new set of regulations. It’s more a reinforcement of PCI terms. It can be challenging for sellers to understand these systems, so they may wish to engage the services of PCI QIR compliance experts. The experts can review their business and advise them on how to apply the new rules, and why it’s beneficial to their business.

The new terms went into effect on January 31st 2017. QIR is applicable to businesses in Canada and the US that regularly trade online, though it also covers electronic keypads. According to the rules, all Level 4 businesses must engage the new compliance system. Level 4 is defined as 20,000 online card transactions, or one million in-person card swipes.

How QIR is different from other requirements

As much as 90% of US businesses fall into Level 4. Studies have shown that scammers target small businesses through third party payment processors, so QIR aims to resolve this matter by keeping those small businesses more secure. It may not seem important, but smaller businesses have less of a buffer against the financial effects of card fraud.

For this reason, it’s important to take preventive measures to protect both your customers and your business. Since QIR is still in its early stages, there are a limited number of experts. A lot of the compliance is being handled by merchant account processors, so as a small business, it may not be something you have to worry about.

If you’re already using a processor that you’re happy with, ask them what – if anything – you need to do about your QIR status. For more information about Visa QIR requirements or to sign up for a merchant account, please call (888) 924-2743 or go to



Leave a Comment