PCI Security Standards Council®

Qualified Integrators & Resellers (QIR)™ Qualification

The Qualified Integrators & Resellers course provides an opportunity for eligible professionals of qualifying organizations to receive training and qualification on the secure installation of Payment Application Data Security Standard (PA-DSS)-validated payment applications into merchant environments in a manner that facilitates PCI Data Security Standard compliance.

Download a Case Study
Apply Now

Numerous breach investigations have shown that incorrect installation and/or maintenance of payment applications creates opportunities for merchant networks to be compromised. Integrators and resellers play a key role in the payments ecosystem, as merchants depend on these service providers to install, configure, and/or maintain their validated applications. This program outlines guiding principles and procedures for the secure installation and maintenance of validated payment applications in a manner that supports PCI DSS compliance.

Right for you if…

You’re an integrator or reseller that sells, installs, and/or services PA-DSS validated payment applications on behalf of software vendors or others. The course will also benefit payment application software developers. Typical job titles include: Software Integrator, Reseller, Implementer, Installer, Technician, Developer, or Engineer.

Help protect your merchants from POS attacks!

Do you have what it takes to be a QIR?

Course Details

Qualified Integrators and Resellers (QIRs) serve an important role in the payments and information technology value chain by supporting their clients’ ability to achieve and maintain PCI DSS compliance.

QIR customers are able to obtain a higher level of assurance that their payment applications are installed, configured and supported by knowledgeable professionals that are both well-versed in vendor installation guidance and are PCI SSC qualified.

Benefits
  • Receive specialized training on guidelines for implementing and maintaining PA-DSS validated payment applications
  • Achieve three-year renewable industry-recognized qualification
  • Be listed in merchants’ go-to global directory of qualified providers on the PCI SSC website
  • Stand apart from other service providers – being a QIR provides a competitive advantage (Payment brands may require merchants to use a trained QIR)
Request More Information
Course Description

Qualified Integrator and Reseller (QIR) training is a two-part program. Candidates start with a prerequisite course and exam: QIR Security Fundamentals. Once candidates have successfully completed "Fundamentals", they progress to an in-depth QIR qualification course and exam. These eLearning courses are self-paced; the total time commitment for both parts is estimated at nine (9) hours.

Part 1 – QIR Security Fundamentals

QIR Security Fundamentals assures that all candidates approach the full QIR qualification course with essential baseline knowledge. This prerequisite course covers:

  • Understanding the PCI Landscape
  • Introduction to Information Security
  • Cardholder Data Discovery and Scoping
  • Payment Technologies and Skimming Prevention

Candidates must pass the QIR Security Fundamentals online exam within three attempts in order to proceed to the QIR qualification course.

Part 2 – QIR Qualification

Candidates who successfully complete the prerequisite course may move on to the QIR qualification course, which builds on the knowledge gained in QIR Security Fundamentals and delves into best practices for performing a secure installation:

  • Overview of PCI DSS
  • Overview of PA-DSS applications, requirements, and the PA-DSS Implementation Guide
  • Understanding payment industry transactional processes, terminology, players, and provider relationships
  • Understanding payment card brand compliance programs
  • Preparing for and performing a Qualified Installation
  • QIR quality assurance expectations

How to Prepare

Candidates should familiarize themselves with background information regarding the PCI Standards and supporting documents. These materials are available for access and download in the PCI Document Library on the PCI SSC website. Please read and understand the following documents before taking the QIR course.

Request More Information
Training and Exam

QIR Security Fundamentals

The online prerequisite course concludes with a 30 question multiple-choice exam. Once the candidate has completed the QIR Security Fundamentals training and exam, the candidate’s Primary Contact will be notified of either a passing or failing grade. If the candidate fails the exam, they will be allowed two further attempts to pass the exam without being charged an additional fee.

Once the candidate passes the prerequisite exam, the candidate will receive access to the online QIR qualification course.

QIR Qualification Course

This self-paced eLearning course offers:

  • Flexible scheduling 24/7/365
  • Access from home or office
  • Reduced travel costs and time away from work

Within a few days of receiving access to the QIR qualification course, candidates will receive a separate email containing an authorization number and instructions on how to schedule their exam at a local Pearson VUE Testing Center.

Candidates will have a total of 90 days to complete the course (both parts) and final exam.

Once a company has at least one certified QIR professional, the company and qualified employees will be listed on the PCI website as a go-to resource for merchants.

Taking the exam

Upon completion of the QIR qualification curriculum, each candidate will take the qualification exam at one of over 4,000 Pearson VUE Testing Centers (PVTC) worldwide. Candidates will receive an authorization code to be redeemed in Pearson VUE’s online registration system, allowing them to select the location and time where they will take the exam. This provides individuals in any country an opportunity to train for and take the exam at their convenience and at a location close to home or work.

Candidates who fail this exam may pay $150 and retake the exam at a Pearson VUE Testing Center. Candidates must register within 30 days of an exam failure in order to be eligible for a retake exam. Once payment has been received, the candidate will have 30 days to review the training material and take the exam.

Candidates may retake the exam twice. If a candidate fails their 2nd retake exam, they must re-enroll in the full course that includes QIR Fundamentals.

Request More Information View List of Testing Centers
Registration

Refer to the QIR Qualification Requirements to determine your eligibility and confirm that both you and your organization have the necessary background, skills, and prerequisites to apply for this program.

Requirements for companies

Must be a direct provider of a PA-DSS validated application or an independent third-party licensed or authorized by the PA-DSS validated application vendor to resell or integrate the payment application.

Must maintain at least one qualified employee in the program in order to be listed as a Qualified Integrator & Reseller company on the PCI website.

Requirements for individuals:

Work experience in payment applications, system hardening, or network security and demonstrated work experience related to payment industry.

Candidates should have experience installing and configuring applications – preferably payment applications – equal to at least one year or three separate engagements.

*Please refer to Appendix B of the QIR Qualification Requirements for a complete list of company and individual requirements.

Enrollment

QIR training candidates must be sponsored by their employer.

If your company is already a QIR sponsor, please coordinate with your Primary Contact to submit a training request through the PCI portal.

If your company is not already a QIR sponsor, please refer to the QIR Qualification Requirements for a complete program description and requirements, and to confirm that both you and your organization are well suited for the program. Then follow the steps below:

  1. Submit QIR registration form
  2. Complete company application (Primary Contact will gain access to the online application on the PCI SSC secure portal only after the QIR registration form has been approved).
  3. Enroll professionals in QIR training (Primary Contact will have the ability to enroll professionals in QIR training through the portal only after the QIR Company application has been approved).
  4. Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of QIR training request approval).

The fees for the training will be based on whether or not your company is a PCI Council Participating Organization. Learn more about becoming a Participating Organization.

Apply Now

Request More Information
Requalification

In order to maintain the high standards set for this qualification, all QIR employees must re-qualify every three years in order to continue to maintain their status as a Qualified Integrator or Reseller for their company and be listed on the PCI website. Please note that requalification training will be held in an eLearning format.

Requalification is based on payment of appropriate fees, successful completion of requalification training course and exam, and feedback from the QIR customers, from PCI SSC, and from payment brand participants.

To maintain active qualification status, QIRs must:

  • Abide by the PCI Council’s Code of Professional Responsibility
  • Complete requalification training and pass the examination every three years
  • Pay the required requalification fee
  • Have a minimum of 10 Continuing Professional Education (CPE) hours per year and 30 CPE hours over a rolling three year period
  • Refer to the Maintenance Guide for further information on activities that qualify

All training inquiries and requests must be submitted through the QIR sponsor company's primary contact. Primary Contacts will submit training requests via the QIR Portal. PCI SSC requires all QIR trainees to be full-time employees of the company that sponsors their QIR training.

Request More Information

Download Case Studies

View Amano McGann Case Study
View Reliant Case Study