Data Theft is Rampant

In 2014, alone, there were 783 recorded data breaches involving more than 80 million consumer records*. Large and small corporations, alike, fell victim to fraudsters who infiltrated merchant systems and stole clear-text cardholder data.

*Information compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies. Learn more about ITRC.

U.S. Data BreachesInformation compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies.

in 2015 through May 6th

783

U.S. Data BreachesInformation compiled from the Identity Theft Resource Center (ITRC) Breach List. The ITRC Breach List is a compilation of data breaches confirmed by various media sources and/or notification lists from state governmental agencies.

in 2014

  • Secure Cardholder Data

  • Reduce PCI Scope

  • Protect your Brand

Bluefin’s PCI-validated P2PE solutions encrypt cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done off-site in an approved Bluefin Hardware Security Module (HSM). Our solution prevents clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach.

Why PCI-Validated P2PE

There are many solution providers on the market with end-to-end encryption products, but only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions. Why does PCI validation matter?

Device Security

PCI P2PE certified devices are more secure and are designed to detect tampering. If malicious activity is detected, the device is automatically deactivated, preventing a breach at the point of entry (also called point-of-interaction, or POI) device.

Chain of Custody

PCI P2PE includes a built-in “chain of custody” process for managing PCI P2PE certified devices. The Bluefin solution includes access to our proprietary P2PE Manager where you can automatically track and report on all POI devices for PCI compliance review.

Strict Controls

All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF) and decryption only occurs in the Bluefin hardware environment (HSM).

Reduced PCI Assessment

Merchants that implement Bluefin’s PCI-validated P2PE solution throughout their POS environment are eligible for the 35-question SAQ P2PE-HW – a significant reduction from the 355-question SAQ D.

We Make PCI Compliance Simple

with our P2PE Manager

As part of Bluefin’s PCI-validated P2PE solution package, we provide our clients access to our 100% online management system. Our proprietary, patent-pending P2PE Manager simplifies chain of custody management and documentation, while expediting laborious tasks such as annual audits.

View More

P2PE Solutions Suite


Learn more about our P2PE products

Did you Know?

On April 1, 2015, Visa expanded its Technology Innovation Program (TIP) to merchants that adopt a PCI-validated P2PE solution in their retail environment.

“Qualifying solutions are those that are included on PCI SSC’s list of Validated Point-to-Point Encryption Solutions or independently validated by a PCI SSC Qualified Security Assessor point-to-point encryption company.”

Visa Secure Acceptance Incentive Program

In an attempt to encourage Level 3 and 4 merchants to comply with PCI requirements and product acquirers to mandate and monitor for compliance, Visa implemented the Safe Incentive Program in July 2014, which incents merchants to implement security controls, including PCI-validated P2PE solutions.

Learn More