Data security requirements for new small merchants

  • Team Omega
  • December 4, 2015

According to recent forensic investigations, small merchants remain targets of hackers who are attempting to compromise payment data. As part of an effort to secure the payment system and mitigate the risk of small merchant compromises, Visa is establishing requirements for U.S. and Canada acquirers to ensure that their small merchants take steps to secure their point-of-sale (POS) environment.

Merchants Must Use Qualified Integrators and Reseller (QIR) Professionals
Effective 31 March 2016, acquirers must require all newly boarded Level 4 merchants to use only Payment Card Industry (PCI)-certified QIR professionals from the QIR Companies list at the PCI Security Standards Council (PCI SSC) website for POS application and terminal installation and integration.

Effective 31 January 2017, acquirers must also ensure that all existing Level 4 merchants use PCI-certified QIR professionals from the QIR Companies list for servicing POS applications and terminals.

Level 4 merchants include owner-operated locations of franchise or corporate organizations. Franchisors or corporate organizations must continue to validate as a merchant or service provider based on their designation and/or level.

Reach out to Omega ATC for securing your network and card data environment; and for all data security needs to stay compliant. Phone 636-557-7777 or email

For more information read security bulletin from Visa.

This was first published by Visa in October 2015.