Bluefin’s PCI-validated P2PE solutions encrypt cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done off-site in an approved Bluefin Hardware Security Module (HSM). Our solution prevents clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach.
Retail POS
Call Center
Kiosk/Unattended
Mobile
Why PCI-Validated P2PE?
There are many solution providers on the market with end-to-end encryption and non-validated P2PE products, but only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions. Why does PCI validation matter?
Device Security
PCI P2PE certified devices are more secure and are designed to detect tampering. If malicious activity is detected, the device is automatically deactivated, preventing a breach at the point of entry (also called point-of-interaction, or POI) device.
Chain of Custody
PCI-validated P2PE includes a built-in “chain of custody” process for managing PCI P2PE certified devices. The Bluefin solution includes access to our online P2PE Manager where you can track and report on all POI devices for PCI attestation and compliance.
Strict Controls
All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF) and decryption only occurs in the Bluefin hardware environment (HSM).
Reduced PCI Assessment
Merchants that implement Bluefin’s PCI-validated P2PE solution throughout their POS environment are eligible for the 33-question SAQ P2PE-HW – a significant reduction from the 329-question SAQ D.
White Papers
Impact of PCI P2PE – Bluefin White Paper Authored by Coalfire Systems Inc.
Impact of PCI P2PE – Part 1: EMV, Tokenization and P2PE
Impact of PCI P2PE – Part 2: PCI-Validated vs. Non-Validated P2PE Solutions
