Springbrook Software, the leading provider of Cloud ERP Solutions for local government, is pleased to announce that it is extending the security of their software suite with Bluefin Payment Systems’ PayConex P2PE solution.
On March 18th, 2014, Bluefin became the first, and to date the only, North American company to receive Payment Card Industry (PCI) Council validation for a point-to-point encryption (P2PE) solution.
Bluefin’s PayConex P2PE encrypts credit and debit card data in a secure point of entry device before it is transmitted into a merchant’s point-of-sale (POS), virtual terminal or payment application. Encrypting cardholder data within the device ensures that clear-text cardholder data does not reach the merchant’s POS systems and networks where it could be exposed to malware.
“Springbrook has enjoyed an outstanding partnership with Bluefin Payment Systems for several years. One of the primary reasons that we partnered with Bluefin – and have fully integrated their PayConex payment platform into our software system – is their laser-focus on security,” said Springbrook CEO Steve Rementeria.
“So when Bluefin told us they were not only developing a P2PE solution but were planning to be the first company in the U.S. to get PCI validation, we were truly excited. A PCI-validated P2PE solution provides our clients enormous benefits, from the protection of cardholder data if there was ever a data breach, to complete encryption at the device so that no sensitive data is available, to reduced PCI scope,” added Mr. Rementeria.
Bluefin specializes in integrated cloud-based payment and security solutions for independent software vendors (ISVs) and SaaS providers. Client payments made through Springbrook’s software are powered by Bluefin’s PayConex payment platform, which includes security features such as tokenization and transparent redirect. Springbrook plans to roll out the P2PE solution to clients starting in Q2.
“The beauty of our P2PE solution compared to other ‘security’ solutions is that we address the main point of entry of cardholder data – the device itself – and encryption in a hardware security module rather than a software solution,” said John M. Perry, CEO of Bluefin. “In 2011, when PCI introduced the P2PE standards, we decided Bluefin’s top priority was to build a validated P2PE solution to secure and isolate unencrypted cardholder data at the device level. You don’t have to look any further than the data breaches in 2013 and this year to really see that need. PayConex P2PE addresses every vertical Springbrook serves, from utilities, to local government offices, to districts.”
Bluefin’s PayConex P2PE has been fully vetted by the PCI Council as meeting the rigorous controls the Council has defined in their P2PE Standard for the protection of payment card data, as well as meeting the requirements necessary to reduce the scope of a merchant’s cardholder data environment (CDE) through use of a P2PE solution.
“Bluefin Payment Systems is a first-mover in security. While other companies talk about point-to-point encryption solutions, Bluefin is the first in the U.S. to actually take the step to get PCI validation,” said Mr. Rementeria. “Without validation, there is no compliance scope reduction; this is a huge stamp of approval for us and for our clients.”