New PCI Rules for Level 4* Merchants Regarding POS Integrators and Resellers
Protecting cardholder data is imperative to the practice of accepting credit and debit cards. As large merchants implement secure data encryption technologies, hackers have set their targets on small businesses. One area that has been identified as a risk for compromise relates to remote access support services used by software integrators and resellers.
In a continued effort to mitigate merchant breaches, the major card networks established new data security program requirements. Beginning January 31, 2017, all Level 4 merchants must use only Payment Card Industry (PCI)-certified Qualified Integrators and Reseller (QIR) professionals for point-of-sale (POS) application and terminal installation and integration.
The PCI Security Standards Council manages the PCI QIR program and maintains the list of certified QIR companies. Companies that offer the following services must adhere to the QIR program standards:
You can find a current list of QIR-certified professionals by clicking here.
No further action is required at this time by merchants that meet the following criteria:
If you use a third-party provider for POS installation, software integration or remote support services, and you do not see their name on either of the lists, we suggest you contact them to make sure that they are aware of these requirements and are prepared to be certified by the end of the year.
Please contact our Customer Care team at 1-888-288-2692 or via email: firstname.lastname@example.org if you have any questions regarding this communication.
* PCI Level 4 Merchants are those processing less than 20,000 eCommerce transactions annually, or processing less than 1 Million transactions annually, regardless of acceptance method