PCI-Validated Point-to-Point Encryption | P2PE
Devalue the Data™
Features of Our P2PE Solutions
Largest Selection of Validated Devices
Available Globally Through Processor and Gateways
100% Online Device Management System
Mobile, Countertop, Kiosk and Call Center
Why PCI-Validated P2PE?
There are many solution providers on the market with end-to-end encryption and non-validated P2PE products, but only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions. Why does PCI validation matter?
Device Security
PCI P2PE certified devices are more secure and are designed to detect tampering. If malicious activity is detected, the device is automatically deactivated, preventing a breach at the point of entry (also called point-of-interaction, or POI) device.
Chain of Custody
PCI-validated P2PE includes a built-in “chain of custody” process for managing PCI P2PE certified devices. The Bluefin solution includes access to our online P2PE Manager where you can track and report on all POI devices for PCI attestation and compliance.
Strict Controls
All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF) and decryption only occurs in the Bluefin hardware environment (HSM).
Reduced PCI Assessment
Merchants that implement Bluefin’s PCI-validated P2PE solution throughout their POS environment are eligible for the 33-question SAQ P2PE-HW – a significant reduction from the 329-question SAQ D.
Resources
PCI-validated Point to Point Encryption (P2PE)
P2PE FAQ’S
