QIR for Partners

Qualified Integrators and Reseller (QIR) FAQ for Partners

What is the Visa QIR Requirement?

Effective January 31, 2017, Visa is requiring merchants to use only Payment Card Industry (PCI) certified Qualified Integrators and Reseller (QIR) professionals for point-of-sale application terminal installation and integration. Using organizations that have completed the PCI SSC QIR training program helps improve payment security. They do this by ensuring that all payment applications and terminals are installed and integrated in a way that reduces payment data breaches, and promotes a merchant’s PCI DSS compliance.

Do these requirements apply to all merchants?

Currently, the VISA QIR Requirement is limited to merchants that fall into the following categories:

  • Small merchants processing fewer than 20,000 Visa e-Commerce transactions per year and all other merchants – regardless of acceptance channel – processing up to 1,000,000 Visa transactions per year (i.e. PCI DSS Level 4 merchants).
  • Merchants operating in the U.S. and Canada.
  • Merchants that have integrated POS applications and systems that are either installed, integrated, or monitored by a third-party.
Why is Visa establishing these requirements now?

Small merchants remain a target of hackers attempting to compromise payment data. Links have been identified between improperly installed POS applications, and merchant payment data environment breaches. Specifically, reports note security gaps in remote access services that integrators and resellers use to provide monitoring and software support. Visa is establishing these requirements now to ensure that small merchants are taking steps to secure their environment.

Am I required to become a QIR?

It depends upon the scope of your business. Generally speaking, if you do not use a reseller or external third-party to install your systems into a merchant environment, the QIR requirement would not apply to you. In the event your organization installs a third-party software into a merchant environment, then you may be required to complete the QIR certification.

If I need to certify as a QIR, where do I go for more information? What is the process?

The PCI SSC manages the PCI QIR program.  Detailed information about the course, including the training schedule, pricing, registration and qualification criteria are all listed at the link below: https://www.pcisecuritystandards.org/program_training_and_qualification/qualified_integrator_and_reseller_certification

What kinds of companies are required to participate in the QIR Program?

The QIR Program is designed to educate, qualify, and train organizations involved in the implementation, configuration, support and/or maintenance of POS payment applications on behalf of merchants or service providers.  The program focuses on ensuring that QIR companies install and configure payment applications into customer environments in a manner that supports PCI DSS compliance.  The types of services offered that qualify a company for the QIR program include any of the following:

  • Configuring and/or installing POS software, payment applications or terminals for merchants.
  • Supporting or servicing POS software, payment applications or terminals for merchants – including accessing these systems remotely for troubleshooting, delivering system updates or offsite support.

**Companies that support ancillary applications integrated into the POS systems but are properly segmented from the payment processing operations are not subject to the requirement.

I am currently certified (or in the process of becoming certified) as a third-party service provider. Do I need to certify as a QIR as well?

The QIR certification is the least intensive of all PCI certifications. The process to certify as a third-party requires secure practices broader than what is required of QIR professionals only. As long as all integration and/or reseller activities are identified and covered in your PCI scope, separate QIR certification should not be necessary.

An Award-Winning Integrated payment Provider
  • Microsoft Gold Partner Badge
  • Susan G. Komen for the Cure Supporter
  • 2018 American Business Awards Gold Stevie® Winner Badge for Best Payment and Electronic Commerce Solution
  • 2018 CNP Awards Customer Choice Winner Badge for Best E-Commerce Platform/Gateway
  • Best in Biz Awards 2018 Silver Winner Badge for Business Development Department of the Year
  • TSG Gateway Awards 2019 BluePay
BluePay Processing, LLC is a registered ISO of Wells Fargo Bank, N.A., Concord, CA, 94524 U.S.A.
BluePay Canada ULC, is a Registered ISO/MSP of Peoples Trust Company, Vancouver, Canada.