|[March 18, 2014]
Bluefin Payment Systems Receives PCI Validation for PayConexTM Point-to-Point Encryption (P2PE) Solution
ATLANTA --(Business Wire)--
Bluefin Payment Systems, the leading provider of integrated, cloud-based
payment and security technology, announced today that its Point-to-Point
Encryption (P2PE) Solution, PayConexTM P2PE, has received
Payment Card Industry (PCI (News - Alert)) validation. Bluefin is the first and, to
date, the only U.S.-based company to attain PCI
validation for a P2PE Solution; two European companies have also
In 2011, the PCI Security Standards Council (SSC) published its P2PE
Standard - a comprehensive set of standards focused on providing the
requisite security requirements necessary to support the deployment of
secure, hardware-based P2PE solutions.
By attaining PCI validation, PayConex P2PE has been fully vetted by the
PCI SSC as meeting the rigorous controls the Council has defined in
their P2PE Standard for the protection of payment card data in order to
reduce the scope of a merchant's cardholder data environment (CDE)
through use of a validated P2PE solution.
"When the PCI SSC introduced standards for P2PE, we recognized the
importance of what the Council was trying to accomplish, which was to
ensure the strong encryption, management, and oversight of the devices
with decryption of data performed within the hardware itself," said John
M. Perry, CEO of Bluefin. "We don't have to look any further than the
retail breaches in 2013 and 2014 to illustrate the need to eliminate the
risk of unencrypted cardholder data exposure. Bluefin is very pleased to
be the first U.S.-based company to achieve this esteemed validation with
PayConex P2PE encypts credit and debit card data in a secure point of
entry device before it is transmitted into a merchant's point-of-sale
(POS), virtual terminal or payment application. Encrypting cardholder
data within the device ensures that clear-text cardholder data does not
reach the merchant's POS systems and networks where it could be exposed
to malware. While it is impossible to eliminate the possibility of a
data breach occurring, it is now possible to protect cardholder data
integrity in the event of a breach through PayConex P2PE.
"The most alarming facet of the recent breaches is that clear-text
cardholder data is accessible to fraudsters for retrieval at some point
in the merchant's system," said Ruston Miles, Founder & Chief of Product
Innovation, Bluefin. "The value of a PCI-validated P2PE solution is to
ensure that clear-text cardholder data is never exposed in a merchant's
environment, whether in the device or in the POS system."
According to the 2013 Cost of Data Breach Study, sponsored by
Symantec and conducted by the Ponemon Institute (News - Alert), the average per capita
cost of a data breach in the U.S. is $188 per record. While very large
merchants who experience a data breach receive generous attention in the
press, the reality is that 55% of small businesses in the U.S. have
admitted to a data breach, and 53% of those businesses have had multiple
breaches as reported by the Ponemon Institute on behalf of the Hartford
Steam Boiler Inspection and Insurance Company (HSB).
"For any business, no matter the size, a breach resulting in the theft
of unencrypted cardholder data is financially staggering and erodes
consumer confidence," said Miles. "Many companies will not survive a
breach because they cannot sustain the financial loss, while others may
stay afloat but the blemish of such a breach is enduring and
significantly diminishes their brand."
Bluefin works directly with Independent Software Vendors (ISVs) and SaaS (News - Alert)
providers to integrate the company's proprietary PayConex platform into
software systems, enabling a differentiated, all in one payment and
"We serve many verticals that have highly sensitive information in their
systems, and they are demanding greater payments security," said Perry.
"PayConex P2PE not only provides robust cardholder data security, but
does so without requiring any fundamental change to how they process
payments today. There is a significant demand from our current partners,
and the market, for this product."
Listen to the PYMNTS.com
podcast featuring John Perry and Ruston Miles, or download Bluefin's PayConex
P2PE white paper for more information.
About Bluefin Payment Systems
Bluefin Payment Systems is the leading provider of secure, integrated,
cloud-based payment technology for Independent Software Vendors (ISVs)
and SaaS providers. Bluefin's innovative and proprietary PayConex
platform powers feature-rich integrated payments and security solutions
including PayConex P2PE, QuickSwipe Mobile, tokenization, and
international payments. Bluefin is headquartered in Atlanta, with
offices in New York, Chicago and Tulsa.
[ InfoTech Spotlight's Homepage ]