With mobile-based and Web-based payments on the rise, the PCI Security Standards Council (PCI SSC) is reaching out to systems integrators and resellers with a training program for secure installation and maintenance of validated Payment Application Data Security Standard (PA-DSS) applications into customer environments to support Payment Card Industry Data Security Standard (PCI DSS) compliance.

The PCI Qualified Integrators and Resellers (QIR) program will be rolled out over the coming months, with training set to begin in late summer, the organization said.

PCI, an open industry standards body providing management of PA-DSS, PCI DSS and PIN Transaction Security (PTS) requirements, will provide integrators and resellers that sell, install and/or service payment applications on behalf of software vendors or others specialized training and certification on the secure installation and maintenance of validated payment applications.

Protecting cardholder data and the cardholder data environment is of increasing importance for small to medium-size businesses (SMBs) as customers look to the Web and mobile devices to make purchases. Maintaining that security is critical for these businesses, where a data breach can have catastrophic effects.

A recent report by Trustwave found that 76 percent of the breaches investigated in 2011 were a result of security vulnerabilities introduced by a third party responsible  for  system  support, development  and/or maintenance  of  business environments. Errors introduced by third parties during the implementation, configuration and support of PA-DSS systems was identified as a major risk to small businesses.

VARs can take this training opportunity to bolster their security credentials and meld that expertise with add-on services designed to keep mobile payment systems secure, while bringing their customers fully into the age of mobile payments—a (digital) cash cow for everyone.