Bluefin, the leading provider of secure, integrated, cloud-based payment solutions for Independent Software Vendors (ISVs) and SaaS providers, announced today that its PayConex P2PE solution has been validated by a P2PE assessor approved by the PCI Security Standards Council, as having met the rigorous controls defined in the PCI SSC P2PE Standard for the protection of payment card data. The P2PE Standard specifies the requirements necessary for merchants to reduce the scope of their cardholder data environment (CDE) through use of a P2PE solution.
Bluefin is one of three companies worldwide to achieve this validation. See Bluefin’s listing on the PCI SSC website.
Point-to-Point Encryption (P2PE) technology can help merchants simplify their PCI DSS compliance programs by removing clear-text cardholder data from a merchant’s environment and reducing the scope of PCI DSS requirements. The PCI Security Standards Council’s P2PE program provides a method for vendors to validate their P2PE solutions and applications, and for merchants to reduce the scope of their cardholder data environment by implementing validated P2PE solutions.
By providing a PCI SSC Validated P2PE Solution, Bluefin helps secure the payment ecosystem for merchants that utilize P2PE solutions to support their PCI DSS compliance.
PayConex P2PE encrypts credit and debit card data in a secure point of entry device before it is transmitted into a merchant’s point-of-sale (POS), virtual terminal or payment application. Encrypting cardholder data within the device ensures that clear-text cardholder data does not reach the merchant’s POS systems and networks where it could be exposed to malware.
“The building blocks of a strong security program are people, processes and technology. The PCI Standards help businesses address these core components to protect their payment card data,” said Bob Russo, general manager, PCI Security Standards Council. “By validating its P2PE Solution, Bluefin is demonstrating its commitment to supporting merchants’ PCI DSS compliance efforts through secure deployment of point-to-point encryption technology.”
“When the Council announced the P2PE standards in 2011, we recognized the importance of P2PE as a major step forward in protecting cardholder data and merchants from breach as part of a comprehensive payment security program including EMV and tokenization,” said Ruston Miles, Founder & Chief of Production Innovation at Bluefin. “We see P2PE as an elegant and powerful solution for encrypting cardholder data so that it can securely flow through an organization, and we are very pleased to be the first North American company to receive PCI validation for our P2PE Solution.”