Visa recently issued a new mandate related to merchants that use service providers to install and maintain point-of-sale (POS) systems and software within the merchant environment. Examples of merchants that often use these types of POS providers include food and beverage establishments, lodging, pharmacies, or other industries that benefit from specialized computer integrated POS systems.
A recent trend has indicated that hackers target POS providers. Because POS providers often maintain remote access to the POS systems within their business customer merchant locations, hackers are using this remote access to install malicious software at the merchant locations. The software ultimately steals credit card data from the merchant locations.
Related to this trend, Visa is initiating the following mandate:
As of January 31, 2017, merchants must use POS providers that are Qualified Integrator & Reseller (QIR) certified.
The QIR Certification Program is designed to help POS providers better understand data security responsibilities and practices within the payments system. If your business experiences a credit card related data breach as the result of using a POS provider that is not QIR certified after January 2017, it’s possible that Visa will levy additional fines to your business.
To confirm if your provider is QIR certified, please reference the official list here. Note that because this is a new program, that most POS providers are not yet certified. We expect the list from Visa to expand throughout the year.
If this Visa mandate applies to your business, we recommend that you contact your POS provider to inquire as to when they intend to obtain the Qualified Integrator & Reseller Certification in order to beat the January 2017 deadline. This blog can also be forwarded to them for information.
Note: This mandate is applicable only to merchants that use specialized computer integrated POS systems and software installed and serviced by a third party. It is not applicable to merchants that use only telephone or IP connected table top terminals, virtual terminals, wireless terminals, mobile payment acceptance, or cell phone or tablet dongles obtained from Wind River Financial.