PCI Looking to Grow the Payments Security Ecosystem with New Certifications

There is a growing complexity in the payments security landscape. As the ecosystem evolves and more devices become connected, so too do the associated risks.

Speaking before the PCI Middle East and Africa Forum held in Cape Town this week, Mauro Lance, Chief Operating Officer at the PCI Security Standards Council acknowledged that the profile of South Africa is growing in the payments space, and this makes it a more attractive target for potential fraud and security breaches.

“We know that it is a challenge to fit a portfolio of security standards into a variety of different markets, with different levels of maturity, this is why it is essential to be able to tailor the solutions and create relationships locally, to better address the needs of the market” says Lance.

In order to help meet these needs PCI have developed a number of training and certification programs increase the pool of security professionals in the market.
One of these is the Qualified Integrators and Resellers (QIR) training program. As breaches are often caused by improper device installation at the Point of Sale, the QIR program has been created to give installers key knowledge around payments security, and a best practice checklist to ensure that POS devices are secured from the moment of installation.

For people who would like a more general introduction to payment security they have also developed the PCI Professional (PCIP) certification. PCIP is an entry level qualification that will give someone a better understanding of the payment card ecosystem as well as PCI requirements, including how and when to use Self-Assessment Questionnaires (SAQs). It also provides a solid foundation for future career progression to other PCI qualifications.

Finally, they have also announced plans to evolve their PCI Qualified Security Assessor (QSA) program and introduce a new Associate QSA certification.
It is hoped that the new certification will attract new cyber talent globally, and ensure the ongoing sustainability and quality of security in a rapidly evolving payment environment. The Associate QSA certification provides professionals with a path of entry to join the payments security industry and enables them to gain the experience necessary to qualify as a QSA.

A QSA Company is a data security firm certified by the PCI SSC to perform on-site assessments of a company’s PCI Data Security Standard (PCI DSS) compliance to ensure that robust policies and procedures are in place to safeguard payment data against cyberattacks. The QSA program therefore plays a critical role in the adoption of PCI Security Standards.

“The initiative is a product of extensive market research into what the industry needs from the QSA program for the future, and how PCI SSC can support these needs in a sustainable way,” said Lance. “Our goal is to create more opportunities for bringing in new cyber talent to the industry and for QSAs to aspire to higher skills.”