The PCI Security Standards Council (SSC) has released a case study focused on PCI-Validated Point-to-Point Encryption (P2PE) in the Latin America and Caribbean (LAC) region.
The case study features Bluefin as the first provider of PCI P2PE in LAC; PriceSmart Membership Shopping, the largest operator of membership warehouse clubs in Central America and the Caribbean; and First Atlantic Commerce (FAC), PriceSmart’s merchant processor. PriceSmart accesses Bluefin’s P2PE solution directly through the FAC platform through Bluefin’s Decryptx Decryption as a Service (DaaS) product.
PriceSmart serves over one million cardholders at 39 warehouse clubs located in 12 countries, including the U.S. PriceSmart selected Bluefin’s P2PE solution to support membership fee processing for their cardholders, securing their contact center transactions and helping to protect their brand from a costly card data breach.
The case study discusses how PriceSmart implemented PCI-validated P2PE to safeguard customer payment data from cybercriminals, and provides perspective from both the merchant and the P2PE provider – showcasing how PriceSmart’s operations worked prior to implementing Bluefin’s P2PE and discussing results after implementation. The case study asked several questions, including:
What does P2PE accomplish for PriceSmart?
“Previous to adopting Bluefin’s P2PE solution, our call center operations were entering credit card information through computer keyboards and not through a dedicated payment keypad…” PriceSmart
Was the cost of compliance a factor in your decision?
“PriceSmart had a number of different call centers that needed to be PCI DSS compliant. One of the factors that they considered in evaluating a PCI P2PE solution was the upfront investment of the P2PE solution versus the ongoing maintenance and technologies that would be required to remain in compliance without this solution….” Bluefin
Regarding your deployment of P2PE, can you describe the level of effort and the impact to your operations?
“With all of the connectivity between Bluefin and PriceSmart’s gateway, First Atlantic Commerce (FAC), already in place, the final steps of ordering and installation of devices and go-live process was a seamless, rapid process – providing an opportunity for additional growth….” PriceSmart
What would you say to other companies in LAC that might be thinking of implementing a PCI P2PE solution?
As the payment industry identifies new and growing vulnerabilities with the protection of cardholder data (CHD), PriceSmart “would definitely recommend a PCI P2PE solution to companies looking for a secure and innovative payment solution that allows them to minimize the effort needed to demonstrate PCI DSS compliance”… Bluefin and PriceSmart
The time for PCI P2PE is now
Bluefin recognizes that the timing of PriceSmart’s PCI P2PE implementation comes at a critical point organizations Latin America and the Caribbean.
“According to the Identity Theft Resource Center (ITRC), 2017 U.S. data breaches are projected to increase by 37% from 2016. Latin America and the Caribbean (LAC) region is just as vulnerable to data breaches, but these countries lack the same security resources available to those in North America. We are very excited to bring the first PCI P2PE solution to LAC, as companies such as PriceSmart realize the importance of this technology in protecting cardholder payments. We anticipate that demand for PCI P2PE will only increase in LAC as hackers broaden their scope to target this region,” stated Eldred F. Garcia, VP Security Solutions, Head of Latin America and Caribbean Region, Bluefin.
Read the entire case study, or learn more about Bluefin’s PCI P2PE here.