The PCI Security Standards Council (PCI SSC) has announced new changes to the PCI Qualified Integrators and Resellers (QIR) Programme designed to increase the number of QIRs and equip them to help merchants reduce risk by mitigating the leading causes of payment data breaches.
The PCI SSC QIR programme offers specialised data security training and certification to individuals that install, configure and/or support payment systems.
PCI SSC chief operating officer Mauro Lance said in a statement: “Based on industry feedback and data breach reports, we are evolving the QIR programme to make it more accessible to integrators and resellers," as part of its bid to increase the number of trained integrators and resellers available to merchants who are trained in dealing with the most common breaches,.
This will include how to address insecure remote access, weak password practices and outdated and unpatched software during payment system installation.
The three most common causes of data breaches reported by PCI SSC are:
· Insecure Remote Access No 1 point of entry for attacks against brick and mortar merchants is insecure remote access
· Weak or Default Passwords 81 percent of hacking-related breaches leverages either stolen and/or weak passwords
· Unpatched or Outdated Software Just 10 vulnerabilities accounted for 85 percent of successful exploitations in 2015Additional changes are designed to make it easier for smaller integrators and resellers to become QIRs.