CHANNELS

Subscribe to the InfoTech eNewsletter

infoTECH News

TMCNet:  Bluefin Payment Systems Receives PCI Validation for PayConexTM Point-to-Point Encryption (P2PE) Solution

[March 18, 2014]

Bluefin Payment Systems Receives PCI Validation for PayConexTM Point-to-Point Encryption (P2PE) Solution

ATLANTA --(Business Wire)--

Bluefin Payment Systems, the leading provider of integrated, cloud-based payment and security technology, announced today that its Point-to-Point Encryption (P2PE) Solution, PayConexTM P2PE, has received Payment Card Industry (PCI (News - Alert)) validation. Bluefin is the first and, to date, the only U.S.-based company to attain PCI validation for a P2PE Solution; two European companies have also received validation.

In 2011, the PCI Security Standards Council (SSC) published its P2PE Standard - a comprehensive set of standards focused on providing the requisite security requirements necessary to support the deployment of secure, hardware-based P2PE solutions.

By attaining PCI validation, PayConex P2PE has been fully vetted by the PCI SSC as meeting the rigorous controls the Council has defined in their P2PE Standard for the protection of payment card data in order to reduce the scope of a merchant's cardholder data environment (CDE) through use of a validated P2PE solution.

"When the PCI SSC introduced standards for P2PE, we recognized the importance of what the Council was trying to accomplish, which was to ensure the strong encryption, management, and oversight of the devices with decryption of data performed within the hardware itself," said John M. Perry, CEO of Bluefin. "We don't have to look any further than the retail breaches in 2013 and 2014 to illustrate the need to eliminate the risk of unencrypted cardholder data exposure. Bluefin is very pleased to be the first U.S.-based company to achieve this esteemed validation with PayConex P2PE."

PayConex P2PE encypts credit and debit card data in a secure point of entry device before it is transmitted into a merchant's point-of-sale (POS), virtual terminal or payment application. Encrypting cardholder data within the device ensures that clear-text cardholder data does not reach the merchant's POS systems and networks where it could be exposed to malware. While it is impossible to eliminate the possibility of a data breach occurring, it is now possible to protect cardholder data integrity in the event of a breach through PayConex P2PE.

"The most alarming facet of the recent breaches is that clear-text cardholder data is accessible to fraudsters for retrieval at some point in the merchant's system," said Ruston Miles, Founder & Chief of Product Innovation, Bluefin. "The value of a PCI-validated P2PE solution is to ensure that clear-text cardholder data is never exposed in a merchant's environment, whether in the device or in the POS system."

According to the 2013 Cost of Data Breach Study, sponsored by Symantec and conducted by the Ponemon Institute (News - Alert), the average per capita cost of a data breach in the U.S. is $188 per record. While very large merchants who experience a data breach receive generous attention in the press, the reality is that 55% of small businesses in the U.S. have admitted to a data breach, and 53% of those businesses have had multiple breaches as reported by the Ponemon Institute on behalf of the Hartford Steam Boiler Inspection and Insurance Company (HSB).

"For any business, no matter the size, a breach resulting in the theft of unencrypted cardholder data is financially staggering and erodes consumer confidence," said Miles. "Many companies will not survive a breach because they cannot sustain the financial loss, while others may stay afloat but the blemish of such a breach is enduring and significantly diminishes their brand."

Bluefin works directly with Independent Software Vendors (ISVs) and SaaS (News - Alert) providers to integrate the company's proprietary PayConex platform into software systems, enabling a differentiated, all in one payment and security solution.

"We serve many verticals that have highly sensitive information in their systems, and they are demanding greater payments security," said Perry. "PayConex P2PE not only provides robust cardholder data security, but does so without requiring any fundamental change to how they process payments today. There is a significant demand from our current partners, and the market, for this product."

Listen to the PYMNTS.com podcast featuring John Perry and Ruston Miles, or download Bluefin's PayConex P2PE white paper for more information.

About Bluefin Payment Systems

Bluefin Payment Systems is the leading provider of secure, integrated, cloud-based payment technology for Independent Software Vendors (ISVs) and SaaS providers. Bluefin's innovative and proprietary PayConex platform powers feature-rich integrated payments and security solutions including PayConex P2PE, QuickSwipe Mobile, tokenization, and international payments. Bluefin is headquartered in Atlanta, with offices in New York, Chicago and Tulsa.


[ InfoTech Spotlight's Homepage ]


blog comments powered by Disqus

FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter