Security is a concern with every technological step forward. As people become more and more connected, a few bad apples are bound to take advantage of that connectedness for nefarious means. These bad apple types have always existed and chances are they always will. Counterfeit bills quickly followed printed currency, and people have been forging checks almost as long as they’ve been writing them. There’s a movie coming out next month called Identity Thief, and while I’m sure the plot will be a massive exaggeration of reality, identity theft is a legitimate real world concern—and it rarely results in hilarious shenanigans.
What I’m getting to is this: security is a concern for point of sale technology. Just as you need to password protect your Wifi connection, you need to take precautions to protect your information—and your customer’s information—when using POS.
To this end, the PCI Security Standards Council is now offering the Qualified Integrators and Resellers (QIR) Program. This program trains resellers and integrators to support security efforts. The program is for resellers rather than merchants because of the role resellers play in installing, configuring and maintaining systems. According to the PCI Security Standards Council, reports have indicated that errors that occur during the implementation and maintenance of POS systems present a significant risk to the security of cardholder information. The training provided by the QIR program provides highly specialized training “to help address these risks, ensuring that remote access is used securely and that all vendor default accounts and values are disabled or removed before the customer uses the application.”
The training program was announced last August, and began in October. It consists of an eight-hour eLearning course that includes the following units:
- PCI DSS awareness overview and understanding industry participants.
- QIR roles and responsibilities.
- PA-DSS and key considerations for QIRs when applying expertise to installing and configuring the PA-DSS application.
- Guidance for preparing and implementing a qualified installation.
Following the completion of the online hours, individuals taking the course can schedule a qualifying 90-minute exam at their local testing center. Once a reseller or integrator company has two employees who have successfully completed the course, they will be listed on the PCI SSC website, so that merchants will have easy access to a directory of approved providers.
The PCI Security Standards Council was founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The council serves as a centralized resource for these companies and operates training programs such as the QIR program. It is important to note that while the council is a great security resource, it is not responsible for enforcing compliance—that is the responsibility of each individual payment brand.