Qualified PIN Assessor (QPA) Qualification
The Qualified PIN Assessor course provides instruction on how to perform assessments of entities in accordance with the PCI PIN Security Requirements and Testing Procedures (PCI PIN Standard). This training will provide you with an understanding of the requirements for the secure management, processing, and transmission of personal identification numbers (PINs) during payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals. Upon completion of the course, you’ll be able to conduct PCI PIN Assessments, validate and attest to an entity’s PCI PIN Security Standard compliance status, and prepare appropriate compliance reports (such as PIN Reports on Compliance, or PIN ROCs) required by payment card brands and acquiring banks.
Course Highlights
The PCI PIN Standard provides a set of security requirements as well as assessment procedures for performing PCI PIN Assessments. The PIN Assessor training covers the PCI PIN Security Requirements and Testing Procedures (PCI PIN Standard). Candidates will learn how to:
- Validate and confirm PIN Environment scope as defined by the assessed entity.
- Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed.
- Evaluate compensating controls as applicable.
- Apply independent judgement about whether the assessed entity meets the PCI PIN Security Standard.
- Effectively use the PCI PIN ROC Reporting Template to produce PIN Reports on Compliance (PIN ROCs).
- Validate and attest to an entity’s PCI PIN Security Standard compliance status.
- Conduct follow-up assessments as needed.
- Learn how to complete the PIN ROC and PIN AOC documentation required for submission of completed assessments.
Benefits:
- Support your organizations or client’s ongoing security and compliance efforts through your knowledge of the PCI PIN Standard.
- Gain recognition of your professional achievement with this industry credential.
- Listing in a searchable directory on the PCI website.
- Earn Continuing Professional Education (CPE) credits.
Right for You?
If you have at least three years of experience in cryptography and/or key management including these areas, consider the QPA qualification:
- Cryptography and/or Key Management.
- Cryptographic experience in the Payment Industry.
- Network Security, Systems Security.
- IT auditing or security assessments.
- Physical security techniques for high-security areas.
- POI key-injection systems and techniques.
Digital Badging
Schedule
Virtual Instructor-Led (vILT) classes are a combination of eLearning and a live webinar.
Prices
Course | Price | |
New QPA Training (In person & eLearning) |
$3,000 USD | |
Requalification QPA Training |
$1,800 USD | |
Knowledge Training Non-PO * |
$1,500 USD | |
Knowledge Training PO * |
$1,200 USD | |
Training class change fee |
$185 USD |
Please note: The training and exam will be delivered in English.
Price does not include any applicable VAT/HST/GST which will appear on your invoice.
* Knowledge training does not lead to assessor status.
This course is also offered as knowledge training for individuals who would like to increase their knowledge and do not necessarily need to achieve or are not eligible for qualification as an assessor
Training Formats and Exam Information
New Training Offerings:
- Virtual Instructor-led training (vILT): Combination online training and instructor-led webinar with an exam offered via Pearson Vue within 30 days of webinar.
- Please see Schedule tab for dates vILT trainings.
New Exam Specifics:
- All exams are closed book.
- Exam is 60 multiple choice questions with a 75-minute time limit.
- Results of Pearson Vue exams are delivered upon completion of the exam.
- 75% or higher to pass the exam; the only information that can be released concerning exams is your grade.
- If you fail the exam, you must take the training and exam from the beginning.
How to Prepare for the Exam
Prior to taking the QPA training and exam, candidates should familiarize themselves with information regarding the PIN Standard, the QPA program and supporting documents. These materials may be found in the Document Library
Registration Process
Step 1 – Review
Refer to the QPA Qualification Requirements for complete program description and requirements and to confirm that you are well suited for the program.
Then complete the QPA registration form online (see step 2).
Step 2 – Apply
Complete the online application form through PCI SSC’s secure portal. Application requirements include:
- Submit QPA registration form
- Complete company application (Primary Contact will gain access to the online application only after the QPA registration form has been approved by PCI SSC).
- Enroll professionals in QPA training (Primary Contact will have the ability to enroll professionals in QPA training through the portal only after the QPA Company application has been approved).
- Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of QPA training request approval). For more information about the training fees, please see the QPA Training Pricing page.
Step 3 - Train
Upon receipt of payment the primary contact will receive the location details for the instructor-led class.
Step 4 - Enrollment
Once the application has been approved by the PCI Security Standards Council, and its designated QPA employees have attended and passed the QPA training, the QPA Company will receive confirmation of acceptance into the program, and the QPA employees will each receive a Certificate of Qualification. The QPA employees will be added to the Council’s database of certified QPA personnel, and the company may now perform its own security audits until the time comes to complete the annual Requalification training to maintain the certification.
Knowledge training does not offer certification. Only those who have taken and passed the exam become Qualified PIN Assessors (QPAs).
Requalification Process
In order to maintain the high standards set for this qualification, all QPAs must requalify every year to continue to maintain their status and be listed on the PCI website. Requalification requirements help ensure that QPAs remain current with technical and industry changes and demonstrate professionalism. To maintain active qualification status, QPAs must abide by the PCI SSC Code of Professional Responsibility.
Requalification specifics:
- Approved assessors are allowed to register for requalification training as early as 90 days prior to their expiration date. Once registered, they will receive immediate access to the eLearning training.
- Registration must be submitted no later than the candidate’s expiration date.
- Exam access is given no earlier than four (4) weeks prior to expiration date AND invoice is paid.
- An Assessor who is not registered for requalification training before midnight Eastern Time on their qualification expiration date, or who does not achieve a passing score on the exam by the end of their qualification period, will be required to re-enroll as a new candidate.
Requalification exam:
- Non-proctored remote exam
- 35 multiple choice questions with a 75-minute time limit.
- 75% or higher to pass the exam; the only information that can be released concerning exams is the grade.
- If you fail the exam, please have the primary contact email registration@pcisecuritystandards.org for the next steps.