Bluefin Payment Systems, a provider of PCI validated P2PE payment technologies for enterprises, financial institutions and SMBs, and leading enterprise mobility device provider Infinite Peripherals, Inc. (IPC), now offer the first North American-based PCI validated Point-to-Point Encryption (P2PE) mobile payment solution to significantly enhance payment data security with the PayConex solution using IPC's Prima M mobile reader.
“At a time when data breaches are becoming more frequent, IPC is proud to be selected by Bluefin to equip customers with mobile technology that maximizes payment security,” said Andrew Graham, president and co-founder of IPC. “Meeting the strict requirements of PCI to achieve P2PE certification is a testament to our commitment to unsurpassed quality and security.”
Secure Data Encryption from the Point of Entry
With Bluefin’s PCI-validated PayConex solution, customers are assured that cardholder data is encrypted all the way from the entry point at a merchant’s POS system to a point of secure decryption outside of the merchant’s environment, such as at the payment processor. P2PE indicates that cardholder data does not reach the merchant’s system or network as clear-text, where it could be accessible to fraudulent attacks, thereby addressing the risk of unauthorized interception that can happen with cardholder data during transmission from a POS device to a payment processor.
Compatible with the iPod touch®, iPhone®, iPad® and Android devices, IPC’s Prima M audio jack reader incorporates a three-track magnetic stripe reader (MSR) and has earned Secure Reading and Exchange of Data (SRED) certification from PCI-PTS. This certification indicates that the device encrypts account numbers immediately upon entry and all the way to the gateway.
The Prima M utilizes the NIST (National Institute for Standards and Technology) validated encryption algorithm Triple DES, in conjunction with the DUKPT (derived unique key per transaction) key management scheme. The data encryption key is injected into each encrypted MSR at a key injection facility.
Prevention of Cardholder Data Loss
On the Prima M, if physical tampering is detected, or the battery voltage drops too low, as in the case o/p>
Prevention of Cardholder Data Loss
On the Prima M, if physical tampering is detected, or the battery voltage drops too low, as in the case of electrical tampering, a tamper switch is triggered that sends a command to the MSR to erase data encryption keys and render the MSR non-functional. Tamper resistance against physical and electrical attacks greatly boost the security of the Prima M.
Bluefin’s PayConex P2PE solution, which interfaces with the company’s QuickSwipe Mobile Point of Sale (mPOS) system, thereby prevents cardholder data loss in the event of a breach. It also can reduce merchant and issuer liability and helps companies reduce their PCI compliance scope to three questions in the SAQ P2PE-HW, ultimately saving time and money in terms of compliance with the PCI Data Security Standards (PCI-DSS).
“The perception of insecurity and PCI compliance issues with mobile apps are major concerns for many merchants considering mPOS, and IPC and Bluefin have created an industry-first, PCI-validated P2PE mobile solution that merchants and mPOS developers can confidently implement to address PCI compliance while protecting their brands and their customers’ data,” said Ruston Miles, founder and chief innovation officer of Bluefin.
mPOS continues to grow exponentially, and is estimated to increase fivefold and reach 51 million devices globally in 2019, or 46 percent of the overall POS market, according to ABI Research.