Why You Need A QIR For Your Restaurant's POS System

80% of small-business data breaches are associated with insecure implementation and/or servicing by point-of-sale (POS) integrators and resellers, according to a recent statistic from Visa. ​For businesses like yours, the QIR program allows you to easily identify and engage a qualified professional to ​​install and support PA-DSS validated payment applications such as point-of-sale systems. The once-optional program is now becoming a requirement for businesses.

---

​Restaurants Pay the Price

Hackers broke into Spanky’s POS system. “Magnetic data was taken which I didn’t even know we were storing in the hard drive, and new cards were made and sold over the Internet,” said owner Carla Yarborough, in a video interview with the Retail Solutions Providers Association.

“I just felt I had been blindsided because I was not aware it could even happen,” Carla said. She didn’t learn of the breach until February of the following year. Hackers had the run of her system for nearly seven months before suspicious transactions were tracked to her restaurant. Like many operators, Carla didn’t realize that her POS stored cardholder data, even though the information was no longer needed after the transaction has been authorized. “I didn’t think I was at risk,” Carla said. “I thought I had everything I needed because I had a brand new POS system and I thought that my software was compliant.”

Trustwave reports that in 60% of the cases where data is compromised, merchants are relying on outdated software that improperly handles sensitive cardholder data. Buying and maintaining compliant equipment is a crucial step toward protecting your customers from theft and your business from liability. “I think you don’t have a choice,” Carla said. “You can take the risk if you want to, but I’m sitting here as a witness that it can happen. The damages far outweigh the cost of upgrading your system.”

At the time of the interview, the breach at Carla’s restaurant had cost her $110,000 and counting. “The small business person is taking up the brunt of the whole thing,” Carla deplored. “We have to pay for it one way or the other, if not by closing our doors, then by having to pay out big sums of money.”

---

What Is A QIR's Responsibilities? 

A certified QIR company/professional is responsible for:
​

• Ensuring installations and configurations of PA-DSS validated Payment Applications are in accordance with the applicable PA-DSS Implementation Guide in a manner which supports PCI DSS compliance.
• Providing the customer with a completed QIR Implementation Statement after installation and configuration of a PA-DSS validated application. (Note: this should be provided to you within 10 business days after the installation is complete).
• Documenting any potential risks to PCI DSS compliance identified by the QIR Employee in the QIR Implementation Statement.
• Maintaining a quality assurance program that includes vetting of employees involved in Qualified Installations, personnel training and education on PCI DSS and applicable PA-DSS Implementation Guides.
• Protecting confidential and sensitive information.
• Supporting any PFI forensic investigations in which the application the QIR installed at a customer environment may be involved.
• Servicing the payment applications (for example, troubleshooting, delivering remote updates and providing remote support) if engaged to do so, according to the PA-DSS Implementation Guide and PCI DSS.

Solution providers become certified by registering and paying for the program on the PCI Security Standards Council’s website, studying the course material that includes videos, guides, checklists, etc., and passing the exam at an on-site training center. Companies and professionals must re-qualify every year.

Evident Business Solutions is a PCI certified QIR in Northern California, we offer POS sales and installs throughout the region. Please do not hesitate to contact us if you have questions about your systems security or if you are looking to get a new system installed.

---

Paul Adams

Paul Adams is the founder of Evident Business Solutions, a technology company in Northern California that specializes in enabling the hospitality industry. We specialize in online ordering, branding, web design and would love to help you get your business to the next level!