The new listing enables PCI-validated P2PE payment gateways, processors and ISV’s to utilize Bluefin’s patented device management platform in their own solutions
February 19, 2019 – Atlanta, GA – Bluefin, the leading provider of payment security technologies and PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, transportation, hospitality, healthcare, and higher education, has received a P2PE Component certification for the Encryption Management Services listing from the PCI Security Standards Council (SSC) for its patented P2PE Manager®.
PCI’s P2PE 2.0 Standard provides both solution providers and merchants the option to build and manage their own secure P2PE solutions by putting together components from other validated vendors. Companies can choose vendors that have been approved and listed as Decryption Management Services, Encryption Management Services, Key Injection Facilities, or Certification/Registration Authorities to create their own custom P2PE solution.
“By componentizing the P2PE Standard under version 2.0, PCI made P2PE more accessible to merchants and service providers that want to build a certified P2PE solution that leverages their own capabilities while outsourcing certain components,” said Ruston Miles, Bluefin’s chief strategy officer. “For example, a payment processor may wish to certify their existing decryption and key injection environments, but outsource device listing, device management and chain of custody tracking. P2PE Manager’s component listing makes that possible.”
Bluefin’s patented P2PE Manager is a 100% online device management solution for P2PE device tracking, chain of custody and secure endpoint management. The P2PE Manager enables Bluefin’s merchants and partners to administer all P2PE activities, ensuring compliance to the PCI P2PE requirements.
Additionally, the listing now provides the ability for any P2PE solution to easily add the 50+ devices that Bluefin supports. For each device, Bluefin manages the P2PE approved builds, vulnerability assessments, whitelisting, critical patch/vulnerability monitoring and application/whitelist signing – which is all tracked through the P2PE Manager Platform.
“After years of effort, many processors and large merchants have recently certified their P2PE Solutions and found out that certification is the starting line, not the finish line,” said Mr. Miles. “These newly minted solutions typically bring a single device model through the solution certification process, and these companies have realized that it could take years to add the dozens of manufacturers and models to their solutions that their merchants demand. This negatively impacts sales, service and operations. P2PE Manager’s certified Encryption Management Services component is the perfect solve for these processors and large merchants.”
Michelle Paul, managing director of PatronManager, Bluefin’s P2PE partner and an innovative software solution serving the ticketing, fundraising and marketing businesses of non-profit cultural organizations, said of the announcement, “In a few short years, P2PE has grown from demand by early adopters and moved into the mainstream. Bluefin is the clear leader in this payment security transformation and PatronManager’s customers rely on Bluefin’s P2PE Manager to manage their PCI P2PE programs. In today’s world, P2PE security should be a given.”
In addition to their Encryption Management Services component listing, Bluefin also received their Decryption Management Services component listing in March 2017 for the company’s Decryption as a Service (DaaS) component. With this component, PCI-validated P2PE service providers and merchants can utilize Bluefin’s DaaS service to handle all of the device validation and decryption of the P2PE payloads.
“Bluefin now has 100 connected P2PE partners serving clients in 30 countries,” said John M. Perry, Bluefin’s CEO. “This component listing will allow Bluefin to extend our partner network to even more companies, whether a big-box retailer seeking to create their own proprietary P2PE solution, or a large payment processor that may have a validated solution but wants to provide the convenience and efficiency of the P2PE Manager to their clients. We are very excited to offer these options to the market.”