With our announcement today, Bluefin has become the first and, to date, the only U.S.-based company to receive PCI validation for a P2PE Solution. “So what does this all mean? Read on to find out or listen to the PYMNTS.com podcast featuring John Perry and Ruston Miles.
By attaining PCI validation, PayConex P2PE has been fully vetted by the PCI SSC as meeting the rigorous controls the Council has defined in their P2PE Standard for the protection of payment card data in order to reduce the scope of a merchant’s cardholder data environment (CDE) through use of a validated P2PE solution.
“When the PCI SSC introduced standards for P2PE, we recognized the importance of what the Council was trying to accomplish, which was to ensure the strong encryption, management, and oversight of the devices with decryption of data performed within the hardware itself,” said John M. Perry, CEO of Bluefin. “We don’t have to look any further than the retail breaches in 2013 and 2014 to illustrate the need to eliminate the risk of unencrypted cardholder data exposure. Bluefin is very pleased to be the first U.S.-based company to achieve this esteemed validation with PayConex P2PE.”
PayConex P2PE encrypts credit and debit card data in a secure point of entry device before it is transmitted into a merchant’s point-of-sale (POS), virtual terminal or payment application. Encrypting cardholder data within the device ensures that clear-text cardholder data does not reach the merchant’s POS systems and networks where it could be exposed to malware. While it is impossible to eliminate the possibility of a data breach occurring, it is now possible to protect cardholder data integrity in the event of a breach through PayConex P2PE.
“The most alarming facet of the recent breaches is that clear-text cardholder data is accessible to fraudsters for retrieval at some point in the merchant’s system,” said Ruston Miles, Founder & Chief of Product Innovation, Bluefin. “The value of a PCI-validated P2PE solution is to ensure that clear-text cardholder data is never exposed in a merchant’s environment, whether in the device or in the POS system.”
According to the 2013 Cost of Data Breach Study, sponsored by Symantec and conducted by the Ponemon Institute, the average per capita cost of a data breach in the U.S. is $188 per record. While very large merchants who experience a data breach receive generous attention in the press, the reality is that 55% of small businesses in the U.S. have admitted to a data breach, and 53% of those businesses have had multiple breaches as reported by the Ponemon Institute on behalf of the Hartford Steam Boiler Inspection and Insurance Company (HSB).
“For any business, no matter the size, a breach resulting in the theft of unencrypted cardholder data is financially staggering and erodes consumer confidence,” said Miles. “Many companies will not survive a breach because they cannot sustain the financial loss, while others may stay afloat but the blemish of such a breach is enduring and significantly diminishes their brand .”
“We serve many verticals that have highly sensitive information in their systems, and they are demanding greater payments security,” said Perry. “PayConex P2PE not only provides robust cardholder data security, but does so without requiring any fundamental change to how they process payments today. There is a significant demand from our current partners, and the market, for this product.”
Listen to the PYMNTS.com podcast featuring John Perry and Ruston Miles.
