SECURITY
25IKiLB
25IKiLB
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SECTION 3: SECURING THE PAYMENT<br />
SECTION 3: SECURING THE PAYMENT<br />
New POS Security Requirements Affect Industry Partners<br />
By: Paul St. George<br />
ONE SIMPLE PAYMENT INTEGRATION WITH<br />
Retail businesses are<br />
constantly under attack<br />
by cybercriminals trying<br />
to steal payment card<br />
data—and in some cases,<br />
retailers are making it easier<br />
for hackers to succeed. In fact,<br />
credit card company Visa has<br />
found that improperly installed<br />
POS applications and merchant<br />
payment devices create the<br />
conditions hackers like to exploit<br />
to steal information.<br />
That’s why the financial services<br />
giant is pushing merchants,<br />
payment application developers,<br />
POS system integrators and<br />
resellers to comply with security<br />
requirements designed to combat<br />
the threat of hacker attacks. Visa<br />
has set a deadline of March 31 for<br />
small merchants to meet a set of<br />
requirements that restricts who<br />
they can buy POS technology<br />
from.<br />
As of March 31, all new Level<br />
4 merchants (owner-operated<br />
retail locations of franchise or<br />
corporate organizations) must<br />
use only Payment Card Industry<br />
(PCI)-certified QIR resellers and<br />
integrators for the installation and<br />
integration of POS applications<br />
and terminal installations. Also,<br />
as of Jan. 31, 2017, all Level 4<br />
merchants must validate full PCI<br />
DSS compliance annually.<br />
Requirement Revisions<br />
As the March deadline looms,<br />
it’s important to know that the<br />
Payment Card Industry Security<br />
Standards Council (PCI SSC)<br />
has eased QIR requirements.<br />
Changes to the requirements,<br />
which had caused some concern<br />
among solution providers, include<br />
condensing the QIR agreement<br />
(from 12 pages to less than<br />
three) and requiring only one<br />
employee per company—or a<br />
sole proprietor—to qualify for QIR.<br />
The previous requirement called<br />
for two qualified employees.<br />
This easing of requirements<br />
should remove some of the<br />
obstacles for POS solution<br />
providers to earn their QIR<br />
certifications. While the mandate<br />
may feel like a burden, integrators<br />
and resellers should look at it this<br />
way: Visa is effectively forcing<br />
merchants to work with the best<br />
qualified providers to ensure<br />
retail operations have properly<br />
designed and installed systems<br />
with the security they need to<br />
protect themselves and their<br />
customers.<br />
For you, our partners, QIR<br />
certification brings some real<br />
benefits. Qualified providers<br />
stand to expand their businesses<br />
with existing customers, win new<br />
customers and boost revenue. So<br />
if you don’t have QIR certification<br />
yet, it’s time to start the process.<br />
Learn more about the process<br />
by visiting the PCI site, or by<br />
contacting RSPA for more<br />
information.<br />
3/15/16 UPDATE:<br />
(NEW) Effective 31 March 2016,<br />
acquirers must communicate<br />
to all Level 4 merchants that<br />
beginning 31 January 2017, they<br />
must use only Payment Card<br />
Industry (PCI)-certified Qualified<br />
Integrators and Reseller (QIR)<br />
professionals for point-of-sale<br />
(POS) application and terminal<br />
installation and integration.<br />
Effective 31 January 2017,<br />
acquirers must ensure that<br />
Level 4 merchants using third<br />
parties for POS application<br />
and terminal installation and<br />
integration engage only PCI QIR<br />
professionals.<br />
Effective 31 January 2017,<br />
acquirers must ensure Level 4<br />
merchants annually validate PCI<br />
DSS compliance or participate<br />
in the Technology Innovation<br />
Program (TIP).<br />
EMV LEVEL 3 CERTIFIED<br />
LOGISTICS<br />
When you integrate your POS application with Paygistix, you gain a partner who handles the<br />
configuration, testing, deployment, end user setup and ongoing support associated with adding a<br />
payment device to your system - freeing you up to focus on what you do best.<br />
BENEFITS<br />
Add immediate support for EMV & NFC<br />
Remove POS application from scope of PA-DSS & PCI DSS<br />
Connect to multiple major processing networks<br />
Maximize ROI with competitive revenue sharing options<br />
The QIR (Qualified Integrators and<br />
Resellers) designation is issued<br />
to solution providers that have<br />
received training and qualification<br />
on the secure installation of<br />
Payment Application Data<br />
Security Standard (PA-DSS)-<br />
validated payment in compliance<br />
with the PCI Data Security<br />
Standard.<br />
Visa’s new requirement affects<br />
merchants and their POS<br />
suppliers alike. If, as a reseller<br />
or integrator, you have yet to<br />
earn QIR certification, you’ll be<br />
excluded from a lot of business<br />
opportunities going forward.<br />
More than 1/3 of consumers reported<br />
they ignored data breach notification<br />
letters, taking no action to protect<br />
themselves from fraud.<br />
Source: 2014 Ponemon Institute Study<br />
FEATURES<br />
• Traditional Tip Adjust on EMV sales<br />
• PIN Bypass<br />
• Online Signature Capture<br />
• Pay at the Table<br />
• Tokenization<br />
DEVICES<br />
• ISV / VAR End User Billing<br />
• P2P Encryption<br />
• Recurring Billing<br />
• Customer Interaction Platform<br />
• Real-time Transaction Management<br />
888.472.9564 | paymentlogistics.com<br />
26 APRIL/MAY www.GoRSPA.org<br />
www.GoRSPA.org<br />
connect 27
Change language