Data Theft is Rampant

In 2016, there were 1,093 recorded data breaches involving more than 35 million consumer records*. Large and small corporations fell victim to fraudsters who infiltrated point of sale (POS) systems and stole clear-text cardholder data.

*Information compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies. Learn more about ITRC.

1,093

U.S. Data BreachesInformation compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies.

in 2016
36,601,939 records exposed

  • Secure Cardholder Data

  • Reduce PCI Scope

  • Protect your Brand

Bluefin’s PCI-validated P2PE solutions encrypt cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done off-site in an approved Bluefin Hardware Security Module (HSM). Our solution prevents clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach.  Bluefin has been issued four patents on its P2PE Decryption as a Service (DaaS) and P2PE Manager products, with additional patents pending related to device encryption and management.

Omni-Channel P2PE Product Suite

Retail POS Payment Solution

Retail POS

Call Center POS Payment Solution

Call Center

Kiosk Payment Solution

Kiosk/Unattended

Mobile Payment Solution

Mobile

Why PCI-Validated P2PE

There are many solution providers on the market with end-to-end encryption and non-validated P2PE products, but only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions. Why does PCI validation matter?

Device Security

PCI P2PE certified devices are more secure and are designed to detect tampering. If malicious activity is detected, the device is automatically deactivated, preventing a breach at the point of entry (also called point-of-interaction, or POI) device.

Chain of Custody

PCI-validated P2PE includes a built-in “chain of custody” process for managing PCI P2PE certified devices. The Bluefin solution includes access to our patented P2PE Manager where you can automatically track and report on all POI devices for PCI compliance review.

Strict Controls

All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF) and decryption only occurs in the Bluefin hardware environment (HSM).

Reduced PCI Assessment

Merchants that implement Bluefin’s PCI-validated P2PE solution throughout their POS environment are eligible for the 33-question SAQ P2PE-HW – a significant reduction from the 329-question SAQ D.

We Make PCI Compliance Simple with our P2PE Manager

As part of Bluefin’s PCI-validated P2PE solution package, we provide our clients access to our 100% online management system. Our patented P2PE Manager simplifies chain of custody management and documentation, while expediting laborious tasks such as annual audits.

View More

P2PE Solutions Suite

Learn more about our P2PE products

P2PE for Merchants

Through Bluefin

Decryptx P2PE

For Partner Integration

P2PE for Merchants

Through Processors/Gateways

Did you Know?

On April 1, 2015, Visa expanded its Technology Innovation Program (TIP) to merchants that adopt a PCI-validated P2PE solution in their retail environment.

“Qualifying solutions are those that are included on PCI SSC’s list of Validated Point-to-Point Encryption Solutions or independently validated by a PCI SSC Qualified Security Assessor point-to-point encryption company.”

Read the Announcement

Visa Secure Acceptance Incentive Program

In an attempt to encourage Level 3 and 4 merchants to comply with PCI requirements and product acquirers to mandate and monitor for compliance, Visa implemented the Safe Incentive Program in July 2014, which incents merchants to implement security controls, including PCI-validated P2PE solutions.

Learn More