Bluefin becomes the first company in the world to receive component validation for decryption and key management under PCI’s new version 3.0
May 7, 2020 – Atlanta, GA – Bluefin, the leading provider of payment security technologies including PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, hospitality, healthcare, and higher education, has announced that their Decryption Management Component has received PCI’s first P2PE Version 3 validation.
Bluefin’s listing allows PCI-validated Service Providers such as payment gateways, processors and SaaS/ISV platforms that are interested in achieving their own Validated PCI/P2PE Service Provider listing to utilize Bluefin’s P2PE Cloud HSM to handle all of the device validation and decryption of the P2PE payloads. The Component Listing also allows merchants pursuing a P2PE Merchant Managed Solution (MMS) to utilize Bluefin’s Cloud HSM component for decryption within their solution.
“Bluefin is the first company to certify to PCI’s P2PE version 3.0 standard, meeting all new and revised decryption and key management controls for P2PE environments,” said Brent Johnson, CISO, Bluefin. “We are very excited to lead the way in this new version.”
There are currently four primary paths for payment gateways, processors, and ISV’s to offer a PCI-validated P2PE solution to their customers:
- Build and audit their own P2PE solution.
- Build and audit Domain 3 (Solution Management) and partner with various Component Providers (such as Bluefin P2PE Cloud HSM and Bluefin P2PE Manager® validated components) for the complete P2PE solution. Domain 3 encompasses the overall management of the P2PE solution by the solution provider, including third-party relationships, incident response, and the P2PE Instruction Manual (PIM).
- Integrate to Bluefin’s Decryptx® stand-alone P2PE solution to enable merchants to use PCI-validated P2PE without having to re-integrate to a new payment gateway/service provider.
- Integrate to any one of the 130+ payment gateway and service providers that have connected to Bluefin’s Decryptx platform.
Decryptx offers a complete P2PE Solution as a Service, including the company’s patented P2PE Manager, key injection, P2PE devices, and off-site decryption – all in a package that does not require Bluefin’s partners to be separately audited, while providing the benefits of PCI scope reduction to their merchants.
Bluefin provides PCI-validated P2PE solutions for card present, mobile and unattended environments, both as a stand-alone solution through Decryptx and through the company’s payment gateway, PayConex. Bluefin offers the largest selection of certified P2PE devices from Ingenico, Verifone, ID Tech, PAX and more, as well as 13 key injection facilities (KIFs) and remote key injection. Learn more about Bluefin’s P2PE solutions.