Bluefin Encryption Solution Becomes First in U.S. Certified by PCI-SSC
March 20, 2014
Merchants looking for a way to reduce their PCI scope now have a PCI-validated way to do so using point-to-point encryption (P2PE). Atlanta-based Bluefin Payment Systems this week announced its P2PE solution has become the first in the U.S. to receive approval by the PCI Security Standards Council for the protection of payment-card data. According to the PCI-SSC Website, Bluefin is one of three companies in the world to have attained such approval (UK-based payment companies European Payment Services and The Logic Group are the others).
Bluefin’s PayConex P2PE encrypts payment-card data before it is transmitted into a merchant’s POS terminal. The company said this ensures sensitive data never reaches the merchant’s POS system or network, where it could be compromised by malware of the type that infected POS systems at Target.
“The most alarming facet of the recent breaches is that clear-text cardholder data is accessible to fraudsters for retrieval at some point in the merchant’s system,” said Ruston Miles, founder and chief of Product Innovation at Bluefin. “The value of a PCI-validated P2PE solution is to ensure that clear-text cardholder data is never exposed in a merchant’s environment, whether in the device or in the POS system.”