Recording Your QIR: SecurityMetrics’ New QIR Feature
See how SecurityMetrics is helping merchants with VISA’s new QIR mandate.In recent years, QIRs have become more important to businesses, particularly those that deal with card payments. Thanks to Visa’s new mandate that businesses must get their payment processing applications from a QIR by January 2017, it’s now becoming a big issue.
Here’s what you need to know about QIRs and how SecurityMetrics is addressing Visa’s mandate.
What is a QIR?QIR Stands for Qualified Integrators and Resellers. These vendors are certified by the PCI DSS to correctly integrate payment applications. Integrators and resellers that want to become QIRs have to take a training course and an exam provided by the PCI Security Standards Council.
According to forensic reports many data breaches were the result of security protocol gaps in remote-access services used by integrators and resellers to provide monitoring and software support. These gaps create significant risk of payment data compromise. Having a QIR correctly integrate payment applications helps address this problem and helps businesses secure their data properly.
Boiled down, you need someone with proper training to integrate payment products from a security perspective.
How does the new VISA mandate affect QIRs and merchants?Come January 31 2017, merchants will be required to use QIRs for their payment applications. This is in response to the rising data breaches involving insecure payment applications, and improper set up of remote access. VISA now wants QIRs to be in charge of installing and configuring these payment applications.
SEE ALSO: Staying Compliant: Visa’s New Level 4 Requirements
What is SecurityMetrics doing with QIRs?In response to Visa’s new mandate, SecurityMetrics has added a new feature that allows users to document their QIR when filling out the self-assessment questionnaire (SAQ). This feature will record on your SAQ whether or not you’re using a QIR for your payment processes. The QIR data should only apply to applicable merchants, which depends on PCI scope.
To store your QIR data, sign into securitymetrics.com, access your SAQ and go to the “Card Acceptance Section.” Once you select your Payment Application, the page will ask you who installed the system.
You can now select the option that you got your payment application from a QIR. Once you do that, you then can fill out information on your QIR, including the name of the QIR, the integration date, and a location.
What sets SecurityMetrics apart is how we handle QIRs. If a merchant puts in an integrator who isn’t a QIR, we can tell them whether they aren’t in Visa’s list of QIRs.
Why did SecurityMetrics include this new feature?Even though Visa’s new requirement isn’t in place yet and won’t be until 2017, we’re gathering that data to make the transition smoother for our merchants and acquirers.
Getting your payment applications from a QIR is a great step to getting compliant and securing your data. SecurityMetrics has provided an easy way to validate that you are using a QIR for your payment methods.
Need help with data security? Talk to one of our consultants!