Bluefin Payment Systems, the leading provider of secure payment technology for enterprises, financial institutions, and small to medium-sized businesses, announced today the availability of their PCI-validated Point-to-Point Encryption (P2PE) Solution in a simple and effective Decryption as a Service (DaaS) environment.
PayConex P2PETM secures card transactions by encrypting all data within a PCI-approved point of entry swipe or keypad device, preventing clear-text cardholder data from being available in the device or the merchant’s system where it could be exposed to malware.
DecryptxTM extends the innovation and security of PayConex P2PE to a DaaS solution, making it available to all Tier 1 merchants, enterprises and small to medium-sized businesses, regardless of their current acquiring relationship.
“With Decryptx, the only part of the transaction that Bluefin requires is the P2PE payload, which contains the swiped or keyed card data encrypted within the PCI-validated device,” said Ruston Miles, Chief Innovation Officer, Bluefin. “Either the merchant or the processor can send Bluefin the payload, we decrypt it within our secure HSM environment, and send the PAN and track data back to the merchant or the processor over a secure encrypted connection.”
“In the traditional solution, the merchant would send the PAN and track data to the processor for issuer authorization, and in the DaaS solution, Bluefin sends it to the processor directly. There is absolutely no change in the acquiring relationship, and no need for Bluefin to integrate directly to the processor, giving all merchants and processors access to the security of PCI-validated P2PE,” added Miles.
To enable Decryptx, the merchant or the processor establishes a secure connection with Bluefin through the company’s API or other Bluefin approved connection protocols. Merchants must also implement Bluefin key-injected PCI-approved P2PE devices throughout their retail or call center environment, and as part of the standard PayConex P2PE process, all P2PE chain of custody and monitoring requirements still apply with Decryptx.
“Decryptx is an ideal solution for our Tier I merchants that want a PCI-validated P2PE solution but are not looking to sign with a new processor. Many merchants have been with their acquirer for years and it would require time, effort and resources to switch,” said Bluefin CEO John M. Perry.
In addition to preventing the loss of cardholder data in the event of a breach, PayConex P2PE also helps companies reduce their PCI compliance scope; the PCI-validated Point-to-Point Encryption Solution reduces a 288 step assessment to just 18 questions, said Miles. Bluefin is currently attending Money20/20 where Miles spoke on the November 2nd panel “Cybercrime, Data Theft and Fraud: Mitigating Risks.” Visit Bluefin at booth #42.