Working to safeguard customer payment data from cyber criminals
Let’s hear from the merchant and the P2PE solution provider.
What does P2PE accomplish for PriceSmart?
PriceSmart: Previous to adopting Bluefin’s P2PE solution, our call center operations were entering credit card information through computer keyboards and not through a dedicated payment keypad. Bluefin’s P2PE solution gave our operators a secure, easy-to-use payment keypad to safely enter customer card data. We are now are capable of capturing renewal
payments from five different countries in a single location without having to worry about security issues.
Bluefin: PriceSmart implemented keypads at each contact center desk. As part of Bluefin’s P2PE solution, these keypads encrypt the card number as it is entered into the workstation. This process devalues the payment data rendering it useless to hackers in the event of a breach.
Was the cost of compliance a factor in your decision?
PriceSmart: There are always costs in establishing a new call center – including resources and manpower to ensure that the call center complies with all PCI DSS requirements. Implementing a PCI-listed P2PE solution enabled us to lower costs in establishing and maintaining our call center operations since adopting the solution reduced applicable PCI DSS requirements for that environment – thus also reducing the amount of time, resources and technology it would typically take to ensure compliance. PCI P2PE renders our payment card data unreadable and thereby reduces our data breach risk while allowing the compliance cost savings to be used to further expand operations.
Bluefin: PriceSmart had a number of different call centers that needed to be PCI DSS compliant. One of the factors that they considered in evaluating a PCI P2PE solution was the upfront investment of the P2PE solution versus the ongoing maintenance and technologies that would be required to remain in compliance without this solution. PriceSmart performed an ROI (Return on Investment) on the PCI P2PE solution and found that even though there was an upfront investment for the solution, the cost savings from validating to fewer PCI DSS requirements provided a clear monetary benefit.
Regarding your deployment of P2PE, can you describe the level of effort and the impact to your operations?
PriceSmart: The level of effort associated with deploying a PCI P2PE solution was minimal. All the connectivity between Bluefin and First Atlantic Commerce’s (FAC) Payment Gateway was already existing, so there were no resources that were needed to adopt this solution. The ordering and installation of the devices was accomplished very rapidly while the go-live process was nearly instantaneous. We are completely satisfied with the outcome of Bluefin’s PCI P2PE payment solution. It has helped us enlarge our presence in markets where we weren’t able to offer non-traditional payment solutions. We have expanded our income collection channels, providing our members with even better service.
Bluefin: PriceSmart took advantage of devices and integrations that were plug-andplay, which simplified their go-live greatly. They followed Bluefin’s PIM (P2PE Instruction Manual) which laid out proper installation, configuration, and operation of the P2PE devices.
Why did you choose Bluefin’s P2PE solution?
PriceSmart: Bluefin is PCI P2PE leader. Being the first in LAC by way of a key partnership with FAC made the decision process straight forward. Bluefin’s P2PE solution was recommended by our payment gateway, FAC, as the optimal solution for the specific needs we had with this project.
What would you say to other companies in LAC that might be thinking of implementing a PCI P2PE solution?
PriceSmart: As the payment industry identifies new and growing vulnerabilities with the protection of cardholder data (CHD), I would definitely recommend a PCI P2PE solution to companies looking for a secure and innovative payment solution that allows them to minimize the effort needed to demonstrate PCI DSS compliance. For PriceSmart, this P2PE solution has reduced the risk associated with data breaches by devaluing the CHD in our environment, reduced the overall cost of accepting electronic payments and simplified our PCI DSS compliance program.
Bluefin: PCI P2PE solutions are available in the Latin America and Caribbean (LAC) region today. If you’ve already looked into them in the past, please take another look since P2PE 2.0 has made the technology much more accessible.