The Payment Card Information Security Standards Council has announced a new certification in response to research indicating that 76 percent of card data breaches involve vulnerabilities associated with the installation or integration of payment acceptance applications in merchants’ systems. The research was published in February by PCI solutions vendor Trustwave. The new certification, called the Qualified Integrator and Reseller (QIR) program, will be expressly for channel partners who engage in development and deployment of payment applications and will be launched late this summer, according to PCI council chairman Bob Russo.
This initiative is the outcome of a special task force of merchants, acquirers, payment software vendors and other interested parties looking for a strategy to resolve the vulnerability.
“We’re going to create the certification, which includes about a day’s worth of training on how to install these things securely, how to make sure they are secure, and how to make sure that you’re making the merchant aware of their responsibilities as pertains to security,” explained Russo to CRN. “We will qualify companies that do these installations, and then we are going to train their people who will then become individually certified. Those certifications will be listed on our website so the retailer can see that the stamp of approval is present.”
The curriculum will be presented online, culminating in an examination through which the certification will be awarded. Intervals for renewal have not yet been determined.
“Unfortunately, this is a need that needs to be addressed,” added Russo. “And we feel that more education will help to make sure that the payment chain is secure.”
Click here to read more from CRN.