If you look at the myriad of ways you can pay today, it is hard to believe that just 20 years ago, electronic payment processing (i.e., not cash!) was actually a new concept. Fast forward to today’s digital world and you can see the dramatic transformation of payments, with a staggering number of options for paying both online and offline – from credit cards, to mobile wallets, to NFC.
With practically every merchant now accepting electronic payments, hacking into merchants’ systems for credit card data has become a lucrative black market business, equivalent to the modern-day “bank robbery.” Large-scale data breaches made a grand entrance into the mainstream back in 2013, where household name retailers – think Target, Michael’s, Neiman Marcus, Sally’s – were breached, sending shock waves through the industry with the underlying question being: who’s next? Since then, not a week goes by without a reported data breach, which now has proven to reach across all industries.
The Privacy Rights Clearinghouse has maintained a database of breaches from 2005 to the present, breaking down each by industry and how the breach occurred. The data shows powerful evidence that breaches continue to grow, doubling in 2015 from the previous year – with external hacking accounting for 99% of the reported data breaches in 2015.
Bluefin’s Foresight in Product and People
The need for cybersecurity was writing on the wall for Bluefin. In 2011, we began exploring the potential of PCI-validation for our Point to Point Encryption (P2PE) solution to secure payment card data – and in March 2014, we became the first company in North America to receive this validation. PCI-validated P2PE is vital to card data protection for any business processing payments, as it encrypts card data at the point of entry, preventing clear-text cardholder data from being present in a network where it could be accessible in the event of a data breach, and decrypts the data outside of the merchant’s environment.
We saw the need for cybersecurity solutions back before breaches were mainstream news – and we are proud to say we were one of the first companies to shift our focus from just payment processing to payment security technologies including P2PE and tokenization.
Our deeper involvement in payment security has also led to the expansion of our own team, bringing on board industry experts that will help lead our company’s domestic and international growth.
On April 5th, we announced that Tom Staudt, former CEO of GlobalCollect, joined Bluefin as Chairman of the Board. Tom brings over 25 years of executive and Board experience within the payments sector and has a proven track record of leading global companies to operational and financial success.
Along with Tom, Huib Dekker joined Bluefin’s executive management team as CFO in December. Dekker previously served as CFO for GlobalCollect and was integral in their strategic exit process in their sale to Ingenico in 2014. Guido Schulz, former EVP and Chief Strategy Officer of AFEX, came on board with Bluefin in October as our Chief Commercial Officer, leading all commercial and strategic operations in Sales, Marketing, and Business Development. And finally, Angela Pierce, Bluefin’s SVP of Relationship Management, rounds out the seasoned team of payment veterans that have recently joined Bluefin, with years of expertise in Integrated Partner Management with companies including Vantiv, Century Payments, and Sterling Payment Technologies.
And to support our growth and expansion into Europe, we opened our first international office Q3 2015 in Waterford, Ireland, a 24 x 7 Network Operating Center (NOC) for monitoring our security and payment processing platforms.
Timing is Everything
“Performance is important in this fast-paced world, and electronic POS solution providers need to maximize security for payment card transactions without slowing transaction times. Their solutions need to encrypt cardholder data from the precise moment of acceptance on through to the point of processing, where transactions can be decrypted and sent to the payment networks. By deploying point-to-point encryption (P2PE), intermediate systems that sit between the POI (point of interaction — the point of swipe) device and the point of decryption at the processor are removed from the scope of most PCI-DSS compliance requirements, since the sensitive data passing through them is encrypted.”
With continued awareness and education, we are now seeing P2PE evolve from concept into common practice, protecting industries like healthcare, universities, retail and even SMBs that have suffered far too long from data breach attacks.
We expect that within the next 10 years, PCI-validated P2PE will be as ubiquitous as EMV. Why PCI-validated P2PE, though? Because companies don’t want to leave security up to chance anymore. Solutions validated by the PCI SSC have been vetted by the Council – the gold standard. And of course, you save money on PCI assessments and reduced scope – check out our case study from last week where UCSD Extension immediately saved $60,000 off the top by implementing our solution on just 20 work-stations.
But it won’t stop with P2PE. New methods of payments will be introduced, which will dictate the need for new security technology. And new uses for the security technologies that are innovated to address breaches and hacks will emerge – for example, we see P2PE being applied to the encryption of regular data and not just payment data in the future.
It’s an interesting time to be in payments – catch our Chief Innovation Officer, Ruston Miles, discussing his view on payment security in Ingenico’s Payment Predictions video.