U.S. and international payment gateways, processors and software providers have partnered with Bluefin to provide the company’s PCI P2PE solution through their own platforms
December 13, 2017 – Atlanta, GA – Bluefin, the leader in payment security, announced today the expansion of its highly scalable Decryptx® PCI-Validated P2PE Network to more than 50 payment gateways, processors and software platforms from across the globe – with an expected 60 partners to be enabled on Bluefin’s P2PE platform by the end of 2017.
Bluefin introduced Decryptx in November 2014 – just eight months after the company became the first North American provider to receive PCI validation for their P2PE solution. At that time, Bluefin was one of only four companies globally to have received validation.
“It was actually a conversation with a major petroleum provider that brought about the idea for Decryptx,” said Ruston Miles, Bluefin’s Chief Strategy Officer. “The company wanted our PCI-validated P2PE solution but they didn’t want to leave their payment processor to get it. So we thought to ourselves, how could we decouple P2PE from payment processing and only provide the P2PE piece to these companies?”
That’s when Bluefin developed Decryptx, also known as the company’s Decryption as a Service (DaaS) platform. The goal of Decryptx is to enable Bluefin’s PCI-validated P2PE solution through partner payment gateways, processors and software providers.
Bluefin’s platform secures credit, debit and other card transactions by encrypting all data within a PCI-approved point of entry device, preventing clear-text cardholder data from being available in the device or the merchant’s system where it could be exposed to malware. Data decryption is only done offsite in a Bluefin hardware security module (HSM).
Through Decryptx, the only part of the transaction that Bluefin requires is the encrypted data and other P2PE payload data elements, which contains the swiped, keyed or EMV card data encrypted within the PCI-validated P2PE device. Bluefin decrypts the data and then sends the decrypted payload back to the processor or gateway for authorization.
Currently, Bluefin has 18 PTS mobile, countertop, unattended and call center devices (payment terminals) that are validated for use with the company’s P2PE solution. Bluefin expects to add 2 more devices by year-end.
“Decryptx provides any processor, gateway or integrated software provider, globally, the ability to extend the security, cost benefits and reduced PCI scope of Bluefin’s PCI-validated P2PE solution directly to their clients – with no change in the processor relationship and no change in how merchants accept payments today,” said Miles. “These Connected Partners come to Bluefin for three reasons: 1) Increased margins, 2) Move market-share and 3) Reduce merchant attrition.”
To date, Bluefin is the only company providing a DaaS P2PE service on such a large scale and with the company’s patented P2PE Manager®, which tracks, catalogs and reports on all of a merchant’s P2PE devices, locations and users.
“We proved the value of the Decryptx platform with our first partners – who were security trailblazers in recognizing the importance of PCI P2PE to their clients. Starting in mid-2016, interest in joining our Decryptx network grew significantly” said Greg Cornwell, Head of Global Sales, Bluefin. “50 of some of the largest gateway and processing companies are Decryptx partners, and we look forward to adding another 10 by the end of this year.”
Bluefin was issued its first Decryptx patent in June 2016 and currently holds six issued US. Patents, one issued Japanese patent and one allowed Japanese patent, with additional patents pending nationally and internationally.