Weak and default passwords. Unpatched software. Insecure remote access. These are the major causes of merchant data breaches, according to data breach reports.
Failure to address these areas during the installation and maintenance of payment systems makes businesses especially vulnerable to having their valuable payment data stolen by cybercriminals.
There is a growing need for those professionals that install and support merchant payment systems to be aware of and trained on critical security controls to help these businesses protect themselves against data breaches.
To help address this challenge, the PCI Security Standards Council (PCI SSC) is introducing changes to its PCI Qualified Integrators and Resellers (QIR) training and certification program for payment system installers.
The revised QIR program aims to reduce merchant risk overall by doing two key things. First, it will increase the number of trained professionals available to help merchants, and second, it will make sure that they are focused on the critical security controls that will prevent the majority of breaches.
Becoming a QIR just got a lot easier, and that is by design. Changes include reducing the cost of the training to $100, shortening the training and shifting the training to an online format. By removing barriers to adoption, we will train more installers and resellers, which in turn will increase the number of professionals available to help merchants reduce their payment security risk.
Most breaches, especially for small merchants, could be prevented if basic security controls are in place. The revised QIR training program will focus heavily on three critical security controls to mitigate merchant risk: insecure remote access, weak password practices and outdated and unpatched software.
By increasing the number of trained professionals to the marketplace and training them to install payment systems in a secure manner, merchants will be better protected against the cybercriminals seeking their payment card data.