80% of small-business data breaches are associated with insecure implementation and/or servicing by point-of-sale (POS) integrators and resellers, according to a recent statistic from Visa. For businesses like yours, the QIR program allows you to easily identify and engage a qualified professional to install and support PA-DSS validated payment applications such as point-of-sale systems. The once-optional program is now becoming a requirement for businesses.
Restaurants Pay the Price
Hackers broke into Spanky’s POS system. “Magnetic data was taken which I didn’t even know we were storing in the hard drive, and new cards were made and sold over the Internet,” said owner Carla Yarborough, in a video interview with the Retail Solutions Providers Association.
“I just felt I had been blindsided because I was not aware it could even happen,” Carla said. She didn’t learn of the breach until February of the following year. Hackers had the run of her system for nearly seven months before suspicious transactions were tracked to her restaurant. Like many operators, Carla didn’t realize that her POS stored cardholder data, even though the information was no longer needed after the transaction has been authorized. “I didn’t think I was at risk,” Carla said. “I thought I had everything I needed because I had a brand new POS system and I thought that my software was compliant.”
Trustwave reports that in 60% of the cases where data is compromised, merchants are relying on outdated software that improperly handles sensitive cardholder data. Buying and maintaining compliant equipment is a crucial step toward protecting your customers from theft and your business from liability. “I think you don’t have a choice,” Carla said. “You can take the risk if you want to, but I’m sitting here as a witness that it can happen. The damages far outweigh the cost of upgrading your system.”
At the time of the interview, the breach at Carla’s restaurant had cost her $110,000 and counting. “The small business person is taking up the brunt of the whole thing,” Carla deplored. “We have to pay for it one way or the other, if not by closing our doors, then by having to pay out big sums of money.”
What Is A QIR's Responsibilities?
A certified QIR company/professional is responsible for:
Solution providers become certified by registering and paying for the program on the PCI Security Standards Council’s website, studying the course material that includes videos, guides, checklists, etc., and passing the exam at an on-site training center. Companies and professionals must re-qualify every year.
Evident Business Solutions is a PCI certified QIR in Northern California, we offer POS sales and installs throughout the region. Please do not hesitate to contact us if you have questions about your systems security or if you are looking to get a new system installed.