GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

The POS of tomorrow

News

Sen. Durbin, bankers criticize Fed rule

PCI to train, certify software integrators

Visa discusses DOJ probe, explains FANF, raises 'no signature' limit

Features

Microfinace News

Patti Murphy
InsideMicrofinance.com

Top 10 best practices for fighting credit card theft and fraud

Aaron Bills
3Delta Systems Inc.

Research Rundown

Isis moves closer to launch

ISOMetrics:
The future of POS technology

Selling Prepaid

Prepaid in brief

Banks seek relevance with prepaid

Customer support's centrality to open transit payments

Views

ACH and the POS: Not necessarily made for each other

Patti Murphy
ProScribes Inc.

Payments ripening on the vine

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
The hard, but valuable lessons of failure

Jeff Fortney
Clearent LLC

Paving the way to fraud deterrence

Nicholas Cucci
Network Merchants Inc.

Five tips for choosing the best POS system

David Robertson
Harbortouch

Company Profile

ExecuTech Lease Group

The Small Business Authority

New Products

A future-proof POS terminal

L5300
Equinox Payments LLC

A secure platform for restaurants

SmartLink for Restaurants
Heartland Payment Systems Inc.

Inspiration

Be grateful for no

Departments

10 Years ago in The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

May 28, 2012  •  Issue 12:05:02

previous next

PCI to train, certify software integrators

Studies show improperly installed payment application software is the culprit behind most of the breaches and data theft among retailers in low-end merchant card categories. The payments industry's security standards watchdog, the PCI Security Standards Council (PCI SSC), said May 9, 2012, it is responding to this epidemic of data theft by offering training and certification to payment software integrators and resellers.

PCI SSC General Manager Bob Russo said that after the first training and certification process is complete, the council will publish a list of Payment Card Industry (PCI) Data Security Standard (DSS) certified integrators and resellers on its website.

The heart of the problem "It's not the applications that are causing the problem," Russo said in an interview to promote The PCI Qualified Integrator and Reseller (QIR) program. "It's the way applications are installed that causes the problem."

Russo cited a report from the data security and compliance management company Trustwave Inc. stating that 76 percent of all data breaches Trustwave investigated in 2011 were caused by the people responsible for supporting POS systems.

"We've often seen cases where people install a system using the password that came with the software," Russo said. "This program is an attempt to make sure we are training the people who are doing the installing of these software packages."

Details of the program are evolving. The online classes will begin in late summer 2012. "The pricing for the training is not yet determined," Russo said. "We want to reach as many people as we can. We want to make this program attractive to people who want to be certified."

The recommended solution

The training is in response to a PCI SSC task force recommendation that the council provide "more guidance and best practices for integrators and resellers" along with a published list of PCI certified integrators and resellers around the world.

"The majority of breaches have moved to the Level 3 and Level 4 merchant," Russo said. "This task force was made up of the people feeling the pain and dealing with all aspects of these breaches." The task force consisted of merchants, acquirers, payment software vendors and representatives from the card companies.

Russo estimated the online class will take "probably 6 to 8 hours" to complete. It will be followed by a certification test. "If you were to take the course and the certification test it would probably take a day or two," Russo said. "It depends on how quickly you go through the materials. This is not rocket science here. This is security 101."

Additional materials on the program will be available in June or July 2012. PCI webinars promoting the training are planned for July. "We will launch the training in the end of July or the beginning of August," Russo said. "We plan to list the QIR's by late summer."

Russo said the council is not requiring that integrators and resellers be certified, but he believes integrators and resellers eventually may become "conspicuous by their absence" on the PCI list of certified installers.

For more information on the training, please go to www.pcisecuritystandards.org/training/index.php".

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.