Qualified Integrators and Resellers Program Addresses POS Security Concerns

Security is a concern with every technological step forward. As people become more and more connected, a few bad apples are bound to take advantage of that connectedness for nefarious means. These bad apple types have always existed and chances are they always will. Counterfeit bills quickly followed printed currency, and people have been forging checks almost as long as they’ve been writing them. There’s a movie coming out next month called Identity Thief, and while I’m sure the plot will be a massive exaggeration of reality, identity theft is a legitimate real world concern—and it rarely results in hilarious shenanigans.

What I’m getting to is this: security is a concern for point of sale technology. Just as you need to password protect your Wifi connection, you need to take precautions to protect your information—and your customer’s information—when using POS.

To this end, the PCI Security Standards Council is now offering the Qualified Integrators and Resellers (QIR) Program. This program trains resellers and integrators to support security efforts. The program is for resellers rather than merchants because of the role resellers play in installing, configuring and maintaining systems. According to the PCI Security Standards Council, reports have indicated that errors that occur during the implementation and maintenance of POS systems present a significant risk to the security of cardholder information. The training provided by the QIR program provides highly specialized training “to help address these risks, ensuring that remote access is used securely and that all vendor default accounts and values are disabled or removed before the customer uses the application.”

The training program was announced last August, and began in October. It consists of an eight-hour eLearning course that includes the following units:

 PCI DSS awareness overview and understanding industry participants.

 QIR roles and responsibilities.

 PA-DSS and key considerations for QIRs when applying expertise to installing and configuring the PA-DSS application.

 Guidance for preparing and implementing a qualified installation.

Following the completion of the online hours, individuals taking the course can schedule a qualifying 90-minute exam at their local testing center. Once a reseller or integrator company has two employees who have successfully completed the course, they will be listed on the PCI SSC website, so that merchants will have easy access to a directory of approved providers.

The course has been available since October 2012. At the time of this writing, there is only one Qualified Integrator and Reseller listed on the PCI Security Standards Council website, but that number will surely increase as word of the program spreads and more people have the opportunity to complete it.

The PCI Security Standards Council was founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The council serves as a centralized resource for these companies and operates training programs such as the QIR program. It is important to note that while the council is a great security resource, it is not responsible for enforcing compliance—that is the responsibility of each individual payment brand.

Written by Alex Mehler

Related Articles:

Demystifying the POS Reseller

... typically doesn't buy POS systems directly from the companies that manufacture them. Instead, we have what are called POS resellers. A POSreseller is a person or company that packages all the software ...

Retrieving Lost POS Data: A Forensic Approach

... team at Background Backup has always restored their data.” For businesses, security is paramount.  If a system failure can result in business failure, backup is incredibly important.  Have you backed ...

"Dexter" Malware Attacks Global POS Systems

Security firm Seculert announced yesterday that it discovered a powerful new malware threat dubbed "Dexter."  The malware attacks point-of-sale systems and steals customer information when cards are swiped ...