Conseil des normes de sécurité PCI

Qualified PIN Assessor (QPA) Qualification

The Qualified PIN Assessor course provides instruction on how to perform assessments of entities in accordance with the PCI PIN Security Requirements and Testing Procedures (PCI PIN Standard). This training will provide you with an understanding of the requirements for the secure management, processing, and transmission of personal identification numbers (PINs) during payment card transaction processing at ATMs and attended and unattended point-of-sale (POS) terminals. Upon completion of the course, you’ll be able to conduct PCI PIN Assessments, validate and attest to an entity’s PCI PIN Security Standard compliance status, and prepare appropriate compliance reports (such as PIN Reports on Compliance, or PIN ROCs) required by payment card brands and acquiring banks.

Registration Process

In order to attend Qualified PIN Assessor training for certification, you must be a full-time employee of an active QPA Company. Please see the Qualification Requirements for Qualified PIN Assessors for more details.

Step 1 - Review

Refer to the QPA Qualification Requirements for complete program description and requirements and to confirm that you are well suited for the program.

Then complete the QPA registration form online (see step 2).

Step 2 - Apply

Complete the online application form through PCI SSC’s secure portal. Application requirements include:

  • Submit QPA registration form
  • Complete company application (Primary Contact will gain access to the online application only after the QPA registration form has been approved by PCI SSC).
  • Enroll professionals in QPA training (Primary Contact will have the ability to enroll professionals in QPA training through the portal only after the QPA Company application has been approved).
  • Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of QPA training request approval). For more information about the training fees, please see the QPA Training Pricing page.

Step 3 - Train

Upon receipt of payment the primary contact will receive the location details for the instructor-led class.

Step 4 - Enrollment

Once the application has been approved by the PCI Security Standards Council, and its designated QPA employees have attended and passed the QPA training, the QPA Company will receive confirmation of acceptance into the program, and the QPA employees will each receive a Certificate of Qualification. The QPA employees will be added to the Council's database of certified QPA personnel, and the company may now perform its own security audits until the time comes to complete the annual Requalification training to maintain the certification.

Informational training does not offer certification. Only those who have taken and passed the exam become Qualified PIN Assessors (QPAs).

Course Details

Benefits
  • Support your organization’s or client’s ongoing security and compliance efforts through your knowledge of the PCI PIN Standard
  • Gain recognition of your professional achievement with this industry credential
  • Expand your knowledge in securing payments with in depth PIN security training
  • Listing in a searchable directory on the PCI website
  • Earn Continuing Professional Education (CPE) credits
Overview

The PCI PIN Standard provides a set of security requirements as well as assessment procedures for performing PCI PIN Assessments. The training program is comprised of a two-day instructor-led course and exam.

PIN Training offers the following options:

  • Certification Training: This option is for those who are employed with a QPA Company and wish to become certified as a Qualified PIN Assessor. The candidate must take the 2-day class and pass the exam in order to receive certification and be enrolled as a Qualified PIN Assessor (QPA).
  • Informational Training: This option is for those who wish to attend for informational purposes only. No certification will be provided with informational training.

The PIN Assessor training covers the PCI PIN Security Requirements and Testing Procedures (PCI PIN Standard). Candidates will learn how to:

  • Validate and confirm PIN Environment scope as defined by the assessed entity
  • Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed
  • Be on-site at assessed entity during the PCI PIN Assessment
  • Evaluate compensating controls as applicable
  • Apply independent judgement about whether the assessed entity meets the PCI PIN Security Standard
  • Effectively use the PCI PIN ROC Reporting Template to produce PIN Reports on Compliance (PIN ROCs)
  • Validate and attest to an entity’s PCI PIN Security Standard compliance status
  • Conduct follow-up assessments as needed
  • Learn how to complete the PIN ROC and PIN AOC documentation required for submission of completed assessments
How to Prepare

Prior to taking the QPA training and exam, candidates should familiarize themselves with information regarding the PIN Standard, the QPA program and supporting documents. These materials may be found in the Document Library.

Class Schedule
Upcoming Courses

Instructor-led classes are available in locations worldwide. Attend instructor led training (ILT) for either PIN certification or informational purposes.

2019 Classes for New Qualified PIN Assessors

Date/Time
Location
Certification Training
Informational Training
Date/Time: 14-15 Sept
09:00-17:30
Location: Vancouver, CA*
Participating
Organization:
$2,750 USD
Non
Participating
Organization:
$2,000 USD
Date/Time: 17-18 Oct
09:00-17:30
Location: Dublin, IE*
Participating
Organization:
$2,750 USD
Non
Participating
Organization:
$2,000 USD
Date/Time: 18-19 Nov
09:00-17:30
Location: Melbourne, AU*
Participating
Organization:
$2,750 USD
Non
Participating
Organization:
$2,000 USD
Please note: All fees are NON-REFUNDABLE and NON-TRANSFERABLE. The training and exam will be delivered in English.

* price does not include any applicable VAT/HST/GST which will appear on your invoice.

Prices

Fee Category
Fee
Fee Category QPA Company Fee
Fee: $7,500 USD
Fee Category Certification ILT 2-days
Fee: $2,750 USD
Fee Category Informational ILT 2-days
Fee: $2,000 USD
Fee Category Requalification
Fee: $1,650 USD
Please note: Unless otherwise specified, all fees are in US Dollars. All course fees are NON-TRANSFERABLE and NON-REFUNDABLE.

Requalification Requirements

In order to maintain the high standards set for this qualification, all QPAs must requalify every year to continue to maintain their status and be listed on the PCI website. QPAs must attend Instructor led training to requalify every other year.

Requalification requirements help ensure that QPAs remain current with technical and industry changes and demonstrate professionalism. To maintain active qualification status, QPAs must:

  • Abide by the PCI SSC Code of Professional Responsibility
  • Meet the Continuing Professional Education (CPE) requirement of 20 CPE credits per year and a minimum of 120 CPE credits over a rolling three-year period
  • Download the current version of the CPE Maintenance Guide
  • Training provided by PCI SSC will count towards the annual CPE hours

Requalification Process

The Council emails courtesy reminders 90 days in advance of your qualification expiry date. To complete the requalification process, the required CPE hours and a requalification registration must be submitted prior to the expiry date and a passing score must be achieved on the exam no later than 14 days after the expiry date.

  • For your convenience, CPE hours can be tracked and stored in the PCI portal at any time
  • Once the required number of CPE hours has been recorded, select a requalification option and submit your registration
  • An invoice will be emailed within 2-3 business days
  • You will receive an email containing instructions and credentials to complete the requalification exam within 2 business days of payment processing
  • Once you successfully pass the exam, a new certificate will be emailed, and you’ll be listed on the PCI website as a QPA for another year

Right for you?

If you have at least three years of experience in cryptography and/or key management including these areas, consider the QPA qualification.
  • Cryptography and/or Key Management
  • Cryptographic experience in the Payment Industry
  • Network Security, Systems Security
  • IT auditing or security assessments
  • Physical security techniques for high-security areas
  • POI key-injection systems and techniques

Download Case Studies

View Bit9 Case Study
View Excentus Case Study

Our website uses both essential and non-essential cookies to analyze use of our products and services. This agreement applies to non-essential cookies only. By accepting, you are agreeing to third parties receiving information about your usage and activities. If you choose to decline this agreement, we will continue to use essential cookies for the operation of the website. View Policy

Powered By OneLink