The PCI SSC talked with Ruston Miles, Bluefin Chief Innovation Officer, on how PCI-validated Point-to-Point Encryption (P2PE) solutions help organizations address current payment security challenges
As part of the PCI Security Standards Council (SSC) Point-to-Point Encryption (P2PE) program, at the end of 2013, the PCI SSC announced the availability of the Validated P2PE solutions listing on the PCI SSC website.
In March 2014, Bluefin became just the third company in the world to receive PCI validation for a P2PE solution – and the only company, to date, in North America with a validated solution: https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_solutions.php
The PCI SSC sat down with Bluefin Chief Innovation Officer, Ruston Miles, for their bi-annual PCI Perspectives newsletter published last week to discuss the process for getting a P2PE solution validated by PCI, the benefits of PCI P2PE, and how PCI P2PE addresses the security issues retailers and processors face today. Here’s a snippet from the interview with Ruston:
“The reduction of cardholder data environment (CDE) scope and applicable controls by using a PCI P2PE Solution is the most significant way available for merchants to reduce overall PCI DSS compliance-related costs. Other end-to-end encryption options are available in the market, but only Council-listed P2PE Solutions are recognized as meeting the requirements necessary for reducing CDE scope. Use of a validated, Council listed P2PE Solution can limit the scope of the CDE, making many of the required controls not applicable, which in turn can reduce the ongoing cost of compliance, improving ROI.”
PCI Perspectives is the Council’s bi-annual newsletter for PCI Participating Organizations (POs). Participating Organizations are actively involved in PCI community meetings and advance review of drafts of standards and supporting materials. More than 600 organizations around the world are PCI PO’s. Companies can learn more about becoming a Participating Organization on the PCI website.
Stay tuned for Thursday when we kick off our Summer Security Series and delve into the discussion on the differences between PCI-validated P2PE solutions and non-validated P2PE solutions.