V3.0 includes greater flexibility for solution providers and more PCI P2PE solutions available to companies in the U.S. and globally
January 6, 2021 – Atlanta, GA – Payment security and encryption leader Bluefin today announced the company’s certification to the Payment Card Industry (PCI) DSS’s point-to-point encryption (P2PE) v3.0 Standard.
PCI-validated P2PE is the gold standard in payment encryption, ensuring that payment data is immediately encrypted upon tap, dip, swipe or key entry in a P2PE certified payment terminal. P2PE benefits include a significantly reduced yearly PCI assessment, saving companies time, money and overhead, while ensuring that if a system is breached, hackers find no clear-text payment data entered through the point-of-sale (POS).
Bluefin is the leading provider of PCI-validated P2PE solutions, serving over 34 countries globally. Companies can choose from omni-channel PCI-validated P2PE products offered through Bluefin or through the company’s vast network of more than 135 processor, payment gateway and ISV partners, including Verifone, Cybersource, Epic, NCR and more. Partners directly connect to Bluefin via the company’s Decryptx® offering, which enables any platform to provide P2PE directly to their clients as their own solution.
Bluefin also offers more than 100 P2PE payment devices and applications, 14 Key Injection Facilities (KIFs) and is the only provider of a 100% online P2PE chain of custody solution, the P2PE Manager®, which enables device and user tracking, a record of encryptions, and comprehensive reporting for yearly attestations.
The P2PE v3.0 Standard and Program have been streamlined to facilitate a greater degree of flexibility for industry stakeholders as well as to improve the assessment process. Changes include added flexibility, allowing for more component providers to validate against the Standard, providing merchants greater choice in their P2PE solutions. PCI also simplified the change management process for keeping P2PE listings updated and introduced an “Expired” listing which will show P2PE Solutions, Components and Applications for which the validation has expired.
“We are the leader in providing the largest array of both stand-alone and integrated PCI-validated P2PE solutions and as such, it was important for Bluefin to immediately work toward, and achieve, v3.0 certification,” said Brent Johnson, Bluefin’s CISO. “Having this certification ensures that Bluefin’s P2PE offerings remain secure and evolve with payment industry requirements, enabling our clients to utilize Bluefin’s P2PE solution and components for several years to come.”
While companies can continue to use v2.0 solutions, P2PE v3.0 will become mandatory for new assessments and reassessments after June 2021.
Companies can learn more about PCI-validated P2PE on Bluefin’s website, including FAQ’s on P2PE, and Bluefin’s Decryptx partners, P2PE certified devices, and KIFs.