Working to safeguard customer payment data from cyber criminals

Let’s hear from the merchant and the P2PE solution provider.

What does P2PE accomplish for PriceSmart?

PriceSmart: Previous to adopting Bluefin’s P2PE solution, our call center operations were entering credit card information through computer keyboards and not through a dedicated payment keypad. Bluefin’s P2PE solution gave our operators a secure, easy-to-use payment keypad to safely enter customer card data. We are now are capable of capturing renewal
payments from five different countries in a single location without having to worry about security issues.

Bluefin: PriceSmart implemented keypads at each contact center desk. As part of Bluefin’s P2PE solution, these keypads encrypt the card number as it is entered into the workstation. This process devalues the payment data rendering it useless to hackers in the event of a breach.

Was the cost of compliance a factor in your decision?

PriceSmart: There are always costs in establishing a new call center – including resources and manpower to ensure that the call center complies with all PCI DSS requirements. Implementing a PCI-listed P2PE solution enabled us to lower costs in establishing and maintaining our call center operations since adopting the solution reduced applicable PCI DSS requirements for that environment – thus also reducing the amount of time, resources and technology it would typically take to ensure compliance. PCI P2PE renders our payment card data unreadable and thereby reduces our data breach risk while allowing the compliance cost savings to be used to further expand operations.

Bluefin: PriceSmart had a number of different call centers that needed to be PCI DSS compliant. One of the factors that they considered in evaluating a PCI P2PE solution was the upfront investment of the P2PE solution versus the ongoing maintenance and technologies that would be required to remain in compliance without this solution. PriceSmart performed an ROI (Return on Investment) on the PCI P2PE solution and found that even though there was an upfront investment for the solution, the cost savings from validating to fewer PCI DSS requirements provided a clear monetary benefit.

Regarding your deployment of P2PE, can you describe the level of effort and the impact to your operations?

PriceSmart: The level of effort associated with deploying a PCI P2PE solution was minimal. All the connectivity between Bluefin and First Atlantic Commerce’s (FAC) Payment Gateway was already existing, so there were no resources that were needed to adopt this solution. The ordering and installation of the devices was accomplished very rapidly while the go-live process was nearly instantaneous. We are completely satisfied with the outcome of Bluefin’s PCI P2PE payment solution. It has helped us enlarge our presence in markets where we weren’t able to offer non-traditional payment solutions. We have expanded our income collection channels, providing our members with even better service.

Bluefin: PriceSmart took advantage of devices and integrations that were plug-andplay, which simplified their go-live greatly. They followed Bluefin’s PIM (P2PE Instruction Manual) which laid out proper installation, configuration, and operation of the P2PE devices.

Why did you choose Bluefin’s P2PE solution?

PriceSmart: Bluefin is PCI P2PE leader. Being the first in LAC by way of a key partnership with FAC made the decision process straight forward. Bluefin’s P2PE solution was recommended by our payment gateway, FAC, as the optimal solution for the specific needs we had with this project.

What would you say to other companies in LAC that might be thinking of implementing a PCI P2PE solution?

PriceSmart: As the payment industry identifies new and growing vulnerabilities with the protection of cardholder data (CHD), I would definitely recommend a PCI P2PE solution to companies looking for a secure and innovative payment solution that allows them to minimize the effort needed to demonstrate PCI DSS compliance. For PriceSmart, this P2PE solution has reduced the risk associated with data breaches by devaluing the CHD in our environment, reduced the overall cost of accepting electronic payments and simplified our PCI DSS compliance program.

Bluefin: PCI P2PE solutions are available in the Latin America and Caribbean (LAC) region today. If you’ve already looked into them in the past, please take another look since P2PE 2.0 has made the technology much more accessible.

The Merchant
PriceSmart

PriceSmart, Inc. (NASDAQ: PSMT) is the largest operator of membership warehouse clubs in Central America and the Caribbean, and has recently entered the South American region with clubs in Colombia. PriceSmart serves over one million cardholders at 39 owned and operated warehouse clubs in 12 countries and one U.S. territory.

THE P2PE SOLUTION

Founded in 2007, Bluefin provides secure payment technologies to 18,500 businesses worldwide. Bluefin built the first PCI Point-to-Point Encryption (P2PE) solution to be listed by PCI SSC in North America, and is the first to bring its PCI P2PE solution to the Latin America & Caribbean (LAC) region via First Atlantic Commerce (FAC), an international payment gateway based in LAC.

THE OBJECTIVE

PriceSmart selected Bluefin‘s PCI-listed P2PE solution to support membership fee processing for its over one million cardholders. PriceSmart’s contact center agents use a P2PE keypad to enter cardholder data which reduces the number of applicable PCI DSS requirements for their cardholder data environment (CDE), secures their contact center transactions and helps protect their brand from a costly card data breach.

Secure Transaction Flow
Lorely Marte, Global Director – Member Services, PriceSmart

“Our company has several call centers and each one must be PCI DSS compliant. When our processor, First Atlantic Commerce (FAC), partnered with Bluefin, they introduced us to their PCI-listed P2PE solution and we immediately knew it was the right fit for us. Not only does the solution provide the highest level of payment security and protect our cardholders, but it also reduces our applicable PCI DSS requirements and has already provided us cost savings. Using a PCI-listed P2PE solution is an essential tool for our company.”

Lorely Marte, Global Director – Member Services, PriceSmart

Eldred F. Garcia

“According to the Identity Theft Resource Center (ITRC), 2017 U.S. data breaches are projected to increase by 37% from 2016. Latin America and the Caribbean (LAC) region is just as vulnerable to data breaches, but these countries lack the same security resources available to those in North America. We are very excited to bring the first PCI P2PE solution to LAC, as companies such as PriceSmart realize the importance of this technology in protecting cardholder payments. We anticipate that demand for PCI P2PE will only increase in LAC as hackers broaden their scope to target this region.”

Eldred F. Garcia, VP Security Solutions, Head of Latin America and Caribbean Region, Bluefin Payment Systems

Contact us to Learn More about Bluefin’s PCI P2PE Solution