Bluefin announced today that it will introduce a PCI-validated Point-to-Point Encryption (P2PE) solution validated through qualified P2PE assessor, 403 Labs, LLC, in the 4th quarter of 2013. The PCI P2PE Standard requires a PCI-approved point-of-interaction device (POI) and HSM (hardware security module) key management; software solutions are not currently eligible for P2PE validation. To date, no U.S.-based company has attained Council validation for a hardware-based P2PE process.
“As a long-standing participating organization of the PCI Security Standards Council, we recognized the need to bring our partners and merchants a highly secure and approved PCI solution that would help minimize their scope,” stated Bluefin Chief Executive Officer, John M. Perry.
Bluefin’s solution not only embraces the PCI P2PE Standard, but also addresses chain of custody and merchant reporting requirements. “Our goal is to make our P2PE products as turnkey as possible for our clients,” Perry said.
“Bluefin has been a longtime partner and client of 403 Labs,” stated D.J. Vogel, Principal of 403 Labs. “We’re excited for the opportunity to continue our relationship with them and assess one of the first-to-market hardware-based P2PE solutions.”
According to Javelin Strategy & Research, credit card fraud is up 87% since 2010, resulting in a loss of $6 billion. P2PE is designed to protect credit and debit card data at the point that the card is swiped or typed before it is transmitted through the point of sale (POS) system to the payment provider. The goal of P2PE is to not only reduce the potential for malicious hacking and fraud, but also to reduce or eliminate PCI DSS scope for merchants.
“Protection of the card data that flows through our merchants is of the utmost importance,” said Bluefin client Rick Stollmeyer, CEO of MINDBODY, the largest cloud-based software provider in the health, wellness and beauty industries. “We are excited about Bluefin’s announcement. Their solution for PCI P2PE will bring payment processing capabilities to a new level for software and SaaS-based providers of services to small businesses.”
Bluefin’s P2PE technology can be implemented in retail POS systems, in call centers, and in mobile devices.
“Data breaches and cyber fraud are a huge problem for merchants and service providers. The time, talent, and technology costs associated with attaining and maintaining security and PCI compliance can be burdensome and, in some cases, prohibitive,” stated Bluefin SVP and Chief of Product Innovation, Ruston Miles. “By implementing a validated P2PE solution that uses a small device to encrypt the card at the point-of-entry, before the data enters the POS environment, merchants and service providers can drastically drive down the cost of compliance.”
Bluefin’s P2PE solution will interface with the company’s PayConex platform, which provides security features such as tokenization, end-to-end encryption (E2EE) and transparent redirection. Bluefin was named as the 6th fastest growing private company by Inc. Magazine in 2012 and is a leader in secure payment solutions for integrated software vendors (ISVs), SaaS providers and major merchants.