10 Jan What Business Owners Need to Know About QIRs (Qualified Integrators & Resellers)
Per recent statistics from Visa, 80% of small-business data breaches are associated with insecure implementation and/or servicing by point-of-sale (POS) integrators and resellers.
To decrease those breaches, the Visa Small Merchant Security Program has released a new requirement this year that affects many small businesses. Starting January 31, 2017 merchants processing less than 1 million annual Visa transactions and using third parties for POS application, terminal installation and integration must engage a point-of-sale (POS) integrator and reseller that is PCI qualified: a Qualified Integrator & Reseller, or a QIR.
What exactly does that mean?
Let’s go through it. As a business owner, this is what YOU need know about QIRs (Qualified Integrator & Resellers).
What is a QIR?
A QIR is an organization or person that is authorized by the PCI Security Standards Council (PCI SSC) to “implement, configure and/or support” POS systems. These persons go through a course with the PCI SSC to become certified as a QIR. Their job is to make sure that small businesses reduce their risk of a breach by installing and servicing POS systems in a PCI Compliant manner.
Do you need a QIR?
Right after, “What is a QIR?” the question we hear most from our merchants is “Do I need to have one?” While the language from Visa can be confusing, there are several cut and dry processing methods that do not require the assistance of a QIR. Below are several examples to help you determine if you need to utilize a QIR.
1. You use a stand-alone payment terminal
You do not need to use a QIR. Your terminal stands alone and does not have remote access capabilities.
2. You use a virtual terminal. You log into a website to securely process credit cards.
You do not need to use a QIR. Virtual Terminals process and transmit information differently than POS terminals.
3. You use a mobile swipe device
You do not need to use a QIR.
4. You use a plug-and-play POS system.
You may need a QIR. There are some POS systems that are stand-alone devices. Merchants often install these devices themselves. These systems may have many of the features of a POS like a cash drawer and inventory capabilities but they are typically a simple set up. If you installed the system yourself you most likely do not need to engage a QIR.
5. You use a POS system with multiple stations. Your POS stations were set up by your reseller and can interact with each other over your network. Your POS reseller can remote into your network for support.
If any of the above statements describe your business, you need to engage a QIR. QIRs make sure a merchant’s processing method is implemented securely. Many merchants don’t know the intricacies of their own network. They trust their system was set up correctly and securely by the 3rd party they hired. However, if there is a breach in security the merchant is held responsible.
You need a QIR. Now what?
The first step is to find a QIR that works in your area. The PCI SSC has a list of QIRs on their website for the convenience of merchants. This list can be FOUND HERE. If you aren’t sure if your POS system was installed by a QIR, call the business and ask them. If they are a QIR make sure to ask for their QIR certificate number. You will need it to report your QIR to your credit card processor / merchant services provider.
If the business you are currently working with is not a QIR, it’s ok to ask them if they plan to become one. The process can take time and money. Resellers are only going to become certified if merchants let them know it is a service they value and want. Let them know that you take your security and the security of your customers seriously.
How can BASYS Processing help?
At BASYS Processing we do everything we can to assist you in keeping you and your customers’ information safe and secure. We separate ourselves from our competitors by having an in-house PCI Compliance Team, based at our home office in Lenexa, KS. Our compliance specialists are thoroughly trained on the latest version of PCI DSS and QIRs. We pro-actively contact our merchants and specifically speak with them regarding QIRs. We are here to answer our merchants’ questions, report their QIRs, and protect their customers.
If you are current merchant, and have QIR questions or concerns, please call us at (800) 386-0711 and ask to speak with someone in PCI Compliance. Our PCI Team is available Mon-Fri, 8am – 5pm CST to help protect your business.
If you are with another processor, and PCI Compliance or QIRs are a concern, a risk, or a headache for you, please call BASYS Processing at (800) 386-0711. Let’s talk about moving your credit card processing to BASYS and solving that problem for you.
About BASYS Processing
BASYS Processing provides credit card and debit card processing services, and solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale; customized to fit any need. Banks, associations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personalized Payment Processing.
Learn more at basyspro.com, and connect with us online at: