StorefrontBacktalk

This is page 2 of:

Yes, Virginia, We Really Do Need A QIR Program

May 16th, 2012

Russo was being a bit more diplomatic about the need for more training than I might have been (which is probably why he has his job and I have mine). You can’t argue with the numbers. It should be obvious that any industry associated with three-quarters of reported security breaches in a year needs to do something differently than whatever it is doing today. That is not to say existing training programs should be dismissed, but clearly they are not very effective—at least by themselves. Whatever is available today is not working, and it is the retailer who pays the price. That’s why the Council is launching—and retailers should be happy about and I am a fan of—the QIR program.

By now, I hope that everybody understands the need for a QIR program.

A couple of comments and E-mails asked about the next logical question: How much will QIR training cost? One person added: Is the PCI Council doing this just to raise money? Russo responded: “The pricing for QIR training is not yet finalized. The purpose of the program, though, is not aimed at raising dollars. You are asking the wrong question. We need to find a way to solve some of the problems we see. This [QIR training] is sorely needed, as evidenced by the data breach statistics. Acquirers, the card brands, everybody understands this is an area that really needs to be addressed. We are looking at ways to solve some of the problems facing retailers. Our objective is to make the training as accessible as possible so everybody who installs a PA-DSS application knows how to do it correctly. We want to open the class to the largest number of people as we can.”

The final question I asked Russo was: What will the training look like? He told me the details are still being worked out. But it will be an online course, so nobody should have to travel. It will last approximately one day, and it will include a test. The training should be available by this summer, with the first QIRs listed on the Council’s Web site shortly thereafter. Plans for annual retraining and revalidation (similar to what QSAs go through) are still being developed.

The Council is counting on the members of the QIR task force to help spread the word. It also launched a QIR landing page on its Web site. Russo plans to host a Webinar on the QIR Program for resellers and integrators in July. In the meantime, resellers, system integrators and any retailers (or QSAs) who are interested should point their browsers to that page and monitor developments directly.

In case it is not obvious yet, I continue to be a fan of the QIR program for one simple reason: It should benefit retailers, particularly small and midsize retailers who lack the technical expertise to install and maintain complex payment applications.

If you are a retailer, what do you think? I’d particularly like to hear your perspective on this program. Either leave a comment (and thanks to those of you who take the time to do so) or E-mail me.

Posted in E-Commerce, In-Store, IT Strategy/Industry, Mobile/Wireless/Contactless, Payment Systems, Security/Fraud

One Comment | Read Yes, Virginia, We Really Do Need A QIR Program

Michael Says:
May 17th, 2012 at 11:16 am
We are a Fortune 500 retailer. Our leadership applauds this new program. It’s a good thing.

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Kindle Convenience - StorefrontBacktalk is now available natively on the Kindle so you can read us on the place without a connection.

Read StorefrontBacktalk's Retailing Column every month at Retail-Week.com. Please click here for an archive of those columns.

Read StorefrontBacktalk's Retail Realities Column every week at CBSNews.com. Please click here for an archive of those columns.