The 2017 PCI North America Community Meeting kicks off next Tuesday in Orlando, providing a unique opportunity for PCI industry colleagues to meet face-to-face with their Participating Organization peers – sharing views, providing feedback, and discussing new technologies and systems for securing payment data.
The conference provides an agenda packed full of discovery, updates and insights from regional community figures, merchants and members of the Council. On Wednesday at 1:35 pm – 2:05 pm, the conference will feature Proliferation of Point-to-Point Encryption, an industry panel session which shares case studies for validating and implementing a PCI-validated P2PE solution with merchants, gateway and solutions providers.
Moderated by Dan Fritsche, Vice President, Solution Architecture, Coalfire, the panel will feature Ruston Miles, PCIP, CPP, Chief Strategy & Innovation Officer for Bluefin, and Bill Bolton, Vice President of Information Technology, The Honey Baked Ham Company, discussing the real-world deployment of PCI-validated P2PE. The panel brings together the Merchant, the P2PE Solution Provider, and the P2PE Assessor all on one stage to discuss a variety of topics:
- Use Case of a listed P2PE partnership
- Best Practices for P2PE
- What is fueling the growth of listed solutions and why should merchants adopt them?
- How does P2PE help a merchant to protect their environment?
- What is the fine balance between operations, security, and compliance?
- How can we leverage third party solution providers to protect merchant’s environment?
The Rise in Data Breaches and P2PE
Hacking has proven to be profitable for cyber thieves, and the average cost of a data breach is now $4M, up 29% since 2013. Hacking attempts have also increased, with 975 breaches reported in 2017, up from a total of 781 in 2015. While there are no signs of data breaches stopping, the PCI SSC states that PCI-validated P2PE can prevent hackers from obtaining valuable card data in the case of malware attempts.
This may be why we have seen the number of PCI-validated P2PE solutions grow 700% in the last 4 years. The demand is there, and PCI-validated P2PE providers can offer merchants benefits such as scope reduction (up to 90% for many merchants) and a major return on investment.
Panelist – Bluefin
Only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions. As the first North American provider of a PCI-validated P2PE solution, Bluefin offers an omni-channel P2PE product suite, including retail POS, call center, kiosk/unattended, and mobile P2PE solutions.
Bluefin takes a “devalue the data” approach to security, encrypting cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device, preventing clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach – rendering the data useless to fraudsters.
Panelist – Honey Baked Ham
The Honey Baked Ham Company, a nationwide food merchant with hundreds of company-owned retail stores and franchises, implemented Bluefin’s P2PE solution in 2015 to protect their customers and their corporate brand from card data theft that is so frequently caused by malware data breaches at the Point of Sale (POS). Additionally, Honey Baked Ham looked to Bluefin to navigate the evolving world of PCI compliance and enable their PCI-validated P2PE payment solution across their stores in a simplified and cost effective way.
The timing of their P2PE implementation came at a critical point when the vulnerabilities of retail POS systems were exposed through several high-profile data breaches. Data breaches at large retail merchants – Target, Michaels, Home Depot – were becoming the norm, and in a large percentage of breach cases, malware was the culprit, infiltrating the retail system and stealing clear-text cardholder data to be later sold on the black market.
Moderator – Coalfire
Coalfire – a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities – helps organizations comply with security mandates while building the IT infrastructure and security systems that protect businesses from security breaches and data theft.
In their recent white paper, Point-to-Point Encryption Opportunities And Challenges For Solution Providers, Coalfire describes how a the P2PE program creates opportunities across the payments ecosystem, supporting business justification for the investment in the capital resources, prioritization, and security processes required to implement a P2PE solution. These topics, and more, will be discussed during next week’s P2PE panel.
View the full agenda for the North America Community Meeting.