retailciooutlook

Bluefin: A Unique P2PE Solution for Retail Payment Security

CIO VendorRuston Miles, Chief Strategy Officer
Retail businesses have always been vulnerable to cyber-attacks. And with the proliferation of technology, the challenges faced by retailers have only multiplied. To protect their data, enterprises are implementing firewalls and Trojan detection systems. However, today’s hackers are far more astute and sophisticated, finding new ways to penetrate networks.

Bluefin, an Atlanta-based payment security solutions provider, employs a different approach to secure payment technology for retailers, enterprises, and small to medium-sized businesses worldwide by creating the first PCI-validated Point-to-Point Encryption (P2PE) solution that devalues the data. The omnichannel solution provides a holistic approach to data security that supports mobile, call center, secure e-commerce technologies, kiosks, and other unattended environments. “Even if a hacker gains access to a system, the data they get a hold of will be useless,” begins Ruston Miles, Chief Strategy Officer, Bluefin.

The P2PE solution enables secure payment processing through Bluefin’s PayConex® Platform and Decryptx solution. PayConex is Bluefin’s state-of-the-art payment gateway offering payment processing products, while Decryptx® is its Decryption-as-a-Service (DaaS) solution. The encryption keys are initially injected into the retailer’s device at one of Bluefin’s key injection facilities under strict processes and the devices are then shipped securely to the merchant. Bluefin’s P2PE Manager® then enables merchants to deploy the device, track its shipping, and download the reports for PCI compliance. P2PE Manager is Bluefin’s patented online management system that manages the back-office processes, the chain of custody, and device tracking. The decryption process is then carried out in Bluefin’s hardware environment to prevent the clear-text cardholder data from reaching the merchant’s systems, where it could be accessible if a data breach occurs.

Bluefin’s P2PE Manager enables merchants to deploy devices, track shipping, and download custodial and asset tracking information for PCI Compliance reporting

The uniqueness of Bluefin’s payment security solution is its ability to provide users the flexibility to move from partner to partner, processor to processor, or payment gateway to payment gateway, without having to change the encryption keys. This is possible because of Decryptx, which enables partners to integrate Bluefin’s solution into their platform or gateway and offer PCI P2PE directly to their clients, with no change in payment processing flow or integrations. “It is this uniqueness of our service delivery model that separates us from every other P2PE provider,” says Miles. A payment service provider can either build their own P2PE infrastructure within their payment system, which will be a time-consuming and cost-intensive process, or integrate their payment system with Bluefin’s decryption-as-a-service API.

Validating the benefits of Bluefin’s P2PE solution, Miles narrates an instance of how the solution helped address the security challenges of University of California’s (San Diego Extension) student payments. By employing Bluefin’s PCI-validated P2PE solution, UCSD drove their PCI assessment down to 35-questions from several hundred. The solution was also flexible enough to handle UCSD’s transactions related to ticketing, donations, and healthcare. “Having a single security solution helped the client manage payment processing across all their providers, reduce the complexity, time, cost, and effort taken for the same, and improved their security and compliance as well,” adds Miles.

Besides retail, Bluefin also provides a full suite of PCI-validated P2PE payment solutions for education, healthcare, foodservice, and other small and medium-sized businesses. Bluefin continues to focus on working with payment gateways and software platforms to connect to its key management and P2PE program management processes. This will expand their network and provide more options and greater flexibility for merchants. They are also implementing international deployment and maintenance processes for geographically distributed merchants and retailers to make their P2PE more manageable. “Furthermore, we have expanded our key injection facilities geographically across Europe,” concludes Miles.