Ho un programma certificato PA-DSS. Devo essere certificato QIR per rimanere compatibile con PA-DSS?
Dalla documentazione PA-DSS :
Integrators and Resellers
Application vendors may engage integrators and resellers to sell, install, and/or maintain payment applications on their behalf. Integrator/resellers have a role to play in ensuring the secure installation and operation of payment applications, as they often provide onsite services to the vendor’s customers and assist with the installation of validated PA-DSS payment applications. Incorrect configuration, maintenance or support of an application may lead to the introduction of security vulnerabilities into the customer’s cardholder data environment, which could then be exploited by attackers. Application vendors should educate their customers, integrators, and resellers on how to install and configure the payment applications in a PCI DSS compliant manner.
PCI Qualified Integrators and Resellers (QIRs) are trained by the Council in PCI DSS and PA-DSS in order to securely implement payment applications. For more information on the PCI QIR program, please see www.pcisecuritystandards.org.
C'è anche la documentazione QIR che dice:
The goal of the QIR Program is to educate, qualify and train organizations involved in the implementation, configuration and/or support of a PA-DSS validated payment application on behalf of a merchant or service provider.
In altre parole, assomiglia QIR è solo un corso di formazione per garantire che tu stia utilizzando la tua soluzione in modo appropriato e per certificare che sei addestrato agli standard PCI Council. Tuttavia, ciò non influisce sulla validità della certificazione del programma.
Leggi altre domande sui tag compliance payment-gateway