Data Theft is Rampant

In 2015, alone, there were 781 recorded data breaches involving more than 169 million consumer records*. Large and small corporations, alike, fell victim to fraudsters who infiltrated merchant systems and stole clear-text cardholder data.

*Information compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies. Learn more about ITRC.

U.S. Data BreachesInformation compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies.

in 2016 through August 16th
21,075,138 records exposed

781

U.S. Data BreachesInformation compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies.

in 2015
169,068,506 records exposed

PCI Security 101: P2PE

Posted with permission from The PCI Security Standards Council

  • Secure Cardholder Data

  • Reduce PCI Scope

  • Protect your Brand

Bluefin’s PCI-validated P2PE solutions encrypt cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done off-site in an approved Bluefin Hardware Security Module (HSM). Our solution prevents clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach. In June 2016, Bluefin was issued its first patent on P2PE, Systems and Methods for Creating Fingerprints of Encryption Devices, with additional patents pending.

Why PCI-Validated P2PE

There are many solution providers on the market with end-to-end encryption products, but only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions. Why does PCI validation matter?

Device Security

PCI P2PE certified devices are more secure and are designed to detect tampering. If malicious activity is detected, the device is automatically deactivated, preventing a breach at the point of entry (also called point-of-interaction, or POI) device.

Chain of Custody

PCI P2PE includes a built-in “chain of custody” process for managing PCI P2PE certified devices. The Bluefin solution includes access to our proprietary P2PE Manager where you can automatically track and report on all POI devices for PCI compliance review.

Strict Controls

All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF) and decryption only occurs in the Bluefin hardware environment (HSM).

Reduced PCI Assessment

Merchants that implement Bluefin’s PCI-validated P2PE solution throughout their POS environment are eligible for the 35-question SAQ P2PE-HW – a significant reduction from the 332-question SAQ D.

We Make PCI Compliance Simple

with our P2PE Manager

As part of Bluefin’s PCI-validated P2PE solution package, we provide our clients access to our 100% online management system. Our proprietary, patent-pending P2PE Manager simplifies chain of custody management and documentation, while expediting laborious tasks such as annual audits.

View More

P2PE Resources

Coalfire P2PE White PaperQuickSwipe P2PE mPOS White PaperID Tech SREDKey Data SheetID Tech secuRED Data SheetIngenico iPP320, iPP350 Data Sheet
Nomad 2.0 Data SheetPAX S300 Data SheetPAX S500 Data SheetiSC Touch 250 Data Sheet

P2PE Solutions Suite

Learn more about our P2PE products

Enhanced Gateway

Decryptx

QuickSwipe Mobile

Did you Know?

On April 1, 2015, Visa expanded its Technology Innovation Program (TIP) to merchants that adopt a PCI-validated P2PE solution in their retail environment.

“Qualifying solutions are those that are included on PCI SSC’s list of Validated Point-to-Point Encryption Solutions or independently validated by a PCI SSC Qualified Security Assessor point-to-point encryption company.”

Read the Announcement

Visa Secure Acceptance Incentive Program

In an attempt to encourage Level 3 and 4 merchants to comply with PCI requirements and product acquirers to mandate and monitor for compliance, Visa implemented the Safe Incentive Program in July 2014, which incents merchants to implement security controls, including PCI-validated P2PE solutions.

Learn More