PCI Security Standards Council®

Qualified Integrators & Resellers (QIR)™ Qualification

Numerous breach investigations have shown that incorrect installation and/or maintenance of payment applications creates opportunities for merchant networks to be compromised. Integrators and resellers play a key role in the payments ecosystem, as merchants depend on these service providers to install, configure, and/or maintain their validated applications.

The Qualified Integrators & Resellers course provides training and qualification on the secure installation of payment applications into merchant environments in a manner that facilitates PCI Data Security Standard compliance.


  • Receive specialized training on guidelines for implementing and maintaining payment applications
  • Achieve three-year renewable industry-recognized qualification
  • Be listed in merchants’ go-to global directory of qualified providers on the PCI SSC website
  • Stand apart from other service providers – being a QIR provides a competitive advantage (Payment brands may require merchants to use a trained QIR)

Registration Process

To participate in the QIR Program the interested organization must first become a QIR Company; then, the individual employees of the organization must receive training on how to securely configure, install and maintain payment applications on behalf of their merchant clients. When these steps are successfully completed, acceptance into the QIR program will be confirmed and the company will be listed on the PCI SSC website. Re-qualification of employees is required every three years.

Step 1 - Review

QIR training candidates must be sponsored by their employer.

If your company is already a QIR sponsor, please coordinate with your Primary Contact to submit a training request through the PCI portal.

If your company is not already a QIR sponsor, please refer to the QIR Qualification Requirements for a complete description of the program and its requirements, and to confirm that both you and your organization are well suited for the program.

  • Requirements for companies

    Must be a direct provider of a PA-DSS validated application or an independent third-party licensed or authorized by the PA-DSS validated application vendor to resell or integrate the payment application.

    Must maintain at least one qualified employee in the program in order to be listed as a Qualified Integrator & Reseller company on the PCI website.
  • Requirements for individuals

    Work experience in payment applications, system hardening, or network security and demonstrated work experience related to payment industry.

    Candidates should have experience installing and configuring applications – preferably payment applications – equal to at least one year or three separate engagements.
*Please refer to the QIR Qualification Requirements for a complete list of company and individual requirements.

Step 2 - Apply (Company Application)

Note: If your company has already applied, please coordinate with your primary contact to submit a Professional Application and register for training.

  • Submit QIR registration form.
    • Assign a primary contact
  • Once we receive your registration, we will supply you with log-in credentials to complete your online application.
    • Access QIR online application through PCI SSC’s secure portal: https://programs.pcissc.org
    • Complete QIR Company application
      (Primary Contact will gain access to the online application on the PCI SSC secure portal only after the QIR registration form has been approved).
      • List regional markets served
      • List languages supported
      • Provide Articles of Incorporation – or similar formation document
    • Enroll professionals in QIR training
      (Primary Contact will have the ability to enroll professionals in QIR training through the portal only after the QIR Company application has been approved).
      • Legal name
      • Resume
  • Submit payment
    Invoice will be emailed to Primary Contact within 3 business days of QIR training request approval.

    The fees for the training will be based on whether or not your company is a PCI Council Participating Organization. 

Step 3 - Train

Upon receipt of payment, you will:

  • Receive an email with credentials to access the prerequisite QIR Security Fundamentals eLearning course.
  • Once you successfully complete the prerequisite curriculum, you will receive an email to access the main QIR training
  • You will also receive a separate email containing an authorization number and instructions on how to schedule your exam at a local Pearson VUE Testing Center.

You will have a total of 90 days (from the day you receive your link to QIR Security Fundamentals) to complete the course (both parts) and exam.

  • Part one is an online prerequisite course (QIR Security Fundamentals) and 30 question exam. Allow approximately three (3) hours.
  • The QIR Qualification course takes approximately five (5) hours to complete.
  • 90 minutes is allocated to take the 60 question final exam at a Pearson VUE Testing Center.

Go at your own pace – start and stop as your schedule permits.

Typical time required to complete the entire QIR curriculum is nine (9) hours.

Step 4 - Enrollment

Pass/Fail results are provided immediately following the conclusion of the exam.

Passing candidates will receive a Certificate of Qualification via email and will be added to the Council's website listing of Qualified Integrators and Resellers.

Requalification is required every three years to maintain listing on the website.

Course Details

Qualified Integrators and Resellers (QIRs) serve an important role in the payments and information technology value chain by supporting their clients’ ability to achieve and maintain PCI DSS compliance.

A QIR’s merchant customers are able to obtain a higher level of assurance that their payment applications are installed, configured and supported by knowledgeable professionals that are both well-versed in vendor installation guidance and are PCI SSC qualified.


Qualified Integrator and Reseller (QIR) training is a two-part program. Candidates start with a prerequisite course and exam: QIR Security Fundamentals. Once candidates have successfully completed "Fundamentals," they progress to an in-depth QIR qualification course and exam. These eLearning courses are self-paced; the total time commitment for both parts is estimated at nine (9) hours.

Part 1 – QIR Security Fundamentals

QIR Security Fundamentals assures that all candidates approach the full QIR qualification course with essential baseline knowledge. This prerequisite course covers:

  • Understanding the PCI Landscape
  • Introduction to Information Security
  • Cardholder Data Discovery and Scoping
  • Payment Technologies and Skimming Prevention

Candidates must pass the QIR Security Fundamentals online exam within three attempts in order to proceed to the QIR qualification course.

Part 2 – QIR Qualification

Candidates who successfully complete the prerequisite course may move on to the QIR qualification course, which builds on the knowledge gained in QIR Security Fundamentals and delves into best practices for performing a secure installation:

  • Overview of PCI DSS
  • Overview of PA-DSS applications, requirements, and the PA-DSS Implementation Guide
  • Understanding payment industry transactional processes, terminology, players, and provider relationships
  • Understanding payment card brand compliance programs
  • Preparing for and performing a Qualified Installation
  • QIR quality assurance expectations
Training Process

This self-paced eLearning course offers:

  • Flexible scheduling 24/7/365
  • Access from home or office
  • Reduced travel costs and time away from work
QIR Security Fundamentals

The self-paced, online prerequisite course takes approximately three hours and concludes with a 30 question multiple-choice exam. Once the candidate has completed the QIR Security Fundamentals training and exam, the candidate’s Primary Contact will be notified of either a passing or failing grade. If the candidate fails the exam, they will be allowed two more attempts to pass the exam without being charged an additional fee.

Once the candidate passes the prerequisite exam, the candidate will receive access to the online QIR qualification course.

QIR Qualification Course

Within a few days of receiving access to the QIR qualification course, candidates will receive a separate email containing an authorization number and instructions on how to schedule their exam at a local Pearson VUE Testing Center.

Candidates will have a total of 90 days to complete the course (both parts) and final exam.

Once a company has at least one certified QIR professional, the company and qualified employees will be listed on the PCI website as a go-to resource for merchants.

How To Prepare

Candidates should familiarize themselves with background information regarding the PCI Standards and supporting documents. These materials are available for access and download in the PCI Document Library on the PCI SSC website. Please read and understand the following documents before taking the QIR course.

QIR Program Guide

QIR Qualification Requirements

QIR Implementation Statement

QIR Implementation Instructions

PCI Glossary

PCI Data Security Standard (PCI DSS)

Payment Application-Data Security Standard (PA-DSS)


The qualification exam is administered at a Pearson VUE Test Center. You will have 90 minutes to complete 60 multiple-choice questions. No electronic devices may be used during the closed-book exam.

Upon completion of the QIR qualification curriculum, each candidate will take the final qualification exam at one of over 4,000 Pearson VUE Testing Centers (PVTC) worldwide. Candidates will receive an authorization code to be redeemed in Pearson VUE’s online registration system, allowing them to select the location and time where they will take the exam. This provides individuals in any country an opportunity to train for and take the exam at their convenience and at a location close to home or work.

Candidates who fail this exam may pay $150 and retake the exam at a Pearson VUE Testing Center. Candidates must register within 30 days of an exam failure in order to be eligible for a retake exam. Once payment has been received, the candidate will have 30 days to review the training material and take the exam.

Candidates may retake the exam twice. If a candidate fails their 2nd retake exam, they must re-enroll in the full course that includes QIR Security Fundamentals.

Find a Test Center

Prices – PCI eLearning

Fee Category
Participating Organization
Non-Participating Organization
Fee Category QIR eLearning Training and Exam
Includes access to two- part course and ability to take the final qualification exam once. Also includes first three years of qualification, account maintenance and listing.
Participating Organization: $250 USD
Non-Participating Organization**: $395 USD
Fee Category QIR Requalification Fee
Assessed after the first three year period and every three years thereafter (includes training and exam)
Participating Organization: $175 USD
Non-Participating Organization**: $350 USD
Fee Category QIR Final Exam Retake Fee
Participating Organization: $150 USD
Non-Participating Organization**: $150 USD
Please note: Unless otherwise specified, all fees are in US Dollars. All course fees are NON-TRANSFERABLE and NON-REFUNDABLE. Payment is required prior to beginning the course. Course conducted in English. Examination delivered in English.

Requalification Requirements

In order to maintain the high standards set for this qualification, all QIR employees must re-qualify every three years in order to continue to maintain their status as a Qualified Integrator or Reseller for their company and be listed on the PCI website. Please note that requalification training will be held in an eLearning format.

Requalififcation is based on payment of appropriate fees, and successful completion of requalifiaction course and exam.

To maintain active qualification status, QIRs must:

  • Abide by the PCI Council’s Code of Professional Responsibility
  • Have a minimum of 10 Continuing Professional Education (CPE) hours per year and 30 CPE hours over a rolling three year period
    • Refer to the CPE Maintenance Guide 
    • Training provided by PCI SSC will count towards the annual CPE hours
  • Complete requalification training and pass the examination every three years

Requalification Process

The Council emails courtesy reminders 90 days in advance of your qualification expiry date. To complete the requalification process, the required CPE hours and a requalification registration must be submitted prior to the expiry date and a passing score must be achieved on the exam no later than 14 days after the expiry date. See our Requalification Policy for details.

  • For your convenience, CPE hours can be tracked and stored in the PCI portal at any time
  • Once the required number of CPE hours has been recorded, submit your registration
  • An invoice will be emailed within 3 business days
  • You will receive an email containing instructions and credentials to complete your requalification within 2 business days of payment processing
  • Once you successfully pass the exam, a new certificate will be emailed and you’ll be listed on the PCI website as a Qualified Integrator and Reseller for another three years

Right for you?

You’re an integrator or reseller that sells, installs, and/or services PA-DSS validated payment applications on behalf of software vendors or others.

The course will also benefit payment application software developers.

Typical job titles include:
  • Software Integrator
  • Reseller
  • Implementer
  • Installer
  • Technician
  • Developer
  • Engineer

Download Case Studies

View Amano McGann Case Study
View Reliant Case Study