PCI certified QIR

Discussion in 'General Discussion' started by galaxy, Dec 30, 2016.

  1. galaxy

    galaxy Mega Poster

    Messages:
    241
    I just received an email from my processor BluePay about Visa putting a mandate on PCI compliance with 3rd party software.
    They say Visa will now require a PCI certified Qualified Integrator and Reseller (QIR) by Jan 31, 2017.

    I don't see Odin in there. Will OBAS be compliant and certified by then?

    Here's the main contents of the email:

    Important Information Regarding Merchant Security


    Effective January 31, 2017, Visa requires all merchants to use only Payment Card Industry (PCI) certified Qualified Integrator and Reseller (QIR) professionals for point-of-sale application and terminal installation and integration.

    How does this apply to me?

    This only applies to merchants using a third-party vendor (in addition to BluePay) to process transactions. You are being contacted by BluePay because our records indicate that you are integrated into our BluePay Gateway or use a third-party software within your business.

    What do I do?

    Click Here to see if your third-party vendor is listed as a QIR:

    If the third-party vendor you are using is listed as a certified QIR or you no longer use a third-party system, no additional action is required.

    If the third-party vendor you are using is NOT listed as a QIR, please contact them directly to determine the status of their certification.

    How does this impact me?

    Currently, Visa is not assessing proactive fines to merchants that are not using a certified QIR, however, in the event of a data security breach, fines may be assessed on a case-by-case basis. We anticipate fine amounts varying depending upon several factors including PCI Compliance status, use of a certified QIR, and use of a validated payment application.

    What if I choose to not do anything?

    Taking no action will not immediately result in changes to your business or your ability to process credit cards. As the payment card industry continues to gather data in an effort to increase security, we expect processes to change to include proactive fines for both third-party agents and merchants if they continue forward without adhering to the security requirements.

    As your payment processor, we will continue to update you on any additional changes to the security and compliance process.
     
  2. galaxy

    galaxy Mega Poster

    Messages:
    241
    So any word? The mandate becomes effective on Jan 31, less than a week...
     
  3. dkolvakh

    dkolvakh Odin Team

    Messages:
    317
    Hello.

    OBAS wasn't being certified by PCI. You can always switch to tokenised payment methods, which do not require any PCI because no CC data will be kept in DB.
     
  4. galaxy

    galaxy Mega Poster

    Messages:
    241
    Are there plans to make any of your billing systems PCI compliant?
    I can't believe that we get a response the day prior to it becoming required and asked back in December. That puts your customers in jeopardy...
     
  5. dkolvakh

    dkolvakh Odin Team

    Messages:
    317

Share This Page