This article appeared in the Friday edition of The Green Sheet.
Atlanta-based Bluefin, a global provider of payment security technologies, disclosed Aug. 14, 2019, that it received a U.S. patent for its virtual fingerprinting decryption method. The solution authenticates encrypted devices based on unique attributes, or “fingerprints.” This added intelligence is more secure than relying on serial numbers alone, Bluefin representatives stated.
U.S. Patent No. 10,382,405 for Managing Payload Decryption Via Fingerprints, expands on a 2018 patent issued for Bluefin’s proprietary fingerprinting and point-to-point encryption (P2PE). To date, the company has received 17 U.S., Japanese and European patents and has 18 pending patents in its pipeline, according to Ruston Miles, chief strategy officer at Bluefin.
“Encryption is part of a chain of protection called P2PE that is now widely adopted,” Miles said. “Certified P2PE requires decryption solutions to inspect each transaction to determine whether it is coming from a trusted device. Bluefin’s device fingerprinting patents play a vital role in this chain of protection.”
Set an industry standard
Miles additionally noted that Bluefin’s continuously updated platforms are designed to complement EMV and tokenization technologies. A participating organization of the PCI Security Standards Council, the company and has offices in New York, Chicago, Tulsa, Okla., and Waterford, Ireland, and has 13 key injection facilities worldwide, with another scheduled to open in the fourth quarter of 2019.
Bluefin’s 110 partners in 30 countries serve an array of industries, including retail, hospitality, healthcare and higher education. It supports remote key injection and 80 POS device models from all major manufacturers, Miles stated.
In June 2019, Bluefin published a white paper titled The Value of Point-to-Point Encryption in Point-of-Interaction (POI) Environments. Report author Ciske van Oosten, senior manager, global intelligence at Verizon Enterprise Solutions, described how PCI P2PE protects payments. Noting that malicious hackers continue to adversely impact every industry, van Oosten observed that P2PE is not a new technology but can prevent malware from extracting cardholder data.
“The P2PE concept has been around in different forms for over 20 years with varying names, terms, approaches and security practices associated with it,” he wrote. “The main objective achieved by a P2PE solution is that it devalues sensitive data by securely encrypting it before it enters the POS environment.”
Simplify device management
Miles pointed out that Bluefin technology platforms can also help service providers and enterprises manage large device populations. For example, they can use Bluefin’s P2PE Manager to store digital fingerprints to ensure device authenticity, prevent malicious attacks and react quickly to anomalous behavior. Malfunctioning and compromised devices can be immediately suspended as operators research, troubleshoot and resolve issues, he stated.
Bluefin’s technology suite is designed to help independent software partners with specific industry expertise protect their merchants’ cardholder data environments. Complex environments, such as sports stadiums, hospitals and universities, typically prefer to deal with one vendor, Miles noted.
“POS malware is the hacker-preferred attack vector in more than 90 percent of card data breaches which have been vexing merchants globally since 2013,” Miles said. “The payments industry has been urging merchants to encrypt card data in the device immediately at the point of entry.”