Page 42 - GS180202
P. 42
NewProduct
comprising payment acquirers and gateways, offer the
service. Bluefin has received six U.S. patents on its Decryptx
and P2PE Manager products, with additional patents
pending in the United States., Europe and Japan.
BridgePay Network Solutions LLC, a payment transaction
gateway based in Altamonte Springs, Fla., added Decryptx
Company: Bluefin Payment Systems LLC to its suite of turnkey payment applications, enabling the
Product: P2PE technology suite company to provide PCI-validated P2PE to its partners and
Website: www.bluefin.com independent software vendors (ISVs).
Contact: p2pe@bluefin.com
"From a BridgePay perspective, many of our customers and
prospects asked us what we were doing about a PCI P2PE
PCI-validated P2PE solution," said Rick Taylor, President and Chief Executive
Officer at BridgePay. "We investigated the audit process
for every merchant and the chain of custody requirements and quickly decided
that Bluefin was a quick, reliable, and affordable alternative
to doing it all ourselves. Bluefin's Decryptx service enables
environment BridgePay to provide our ISVs our best in class payment
gateway with Bluefin as a gold standard of PCI validated
P2PE."
tlanta-based Bluefin Payment Systems LLC, P2PE Manager
a payment security company with addition- Bluefin's P2PE Manager, a cloud-based device management
al offices in New York, Chicago, Tulsa and platform, is designed to assist merchants with all aspects of
A Waterford, Ireland, enhanced its point-to-point device management. The online system provides merchants
encryption (P2PE) technology suite, with updated versions with tools to manage a range of P2PE activities, achieve
of P2PE Manager and Decryptx P2PE.
and maintain PCI compliance and derive the benefits of
PCI-validated P2PE scope reduction. Clients can use P2PE
The patent protected, Payment Card Industry (PCI) Data Manager to monitor the POS device lifecycles, from key
Security Standard (DSS)-validated solutions are compatible injection and deployment to device state and attestation
with online, in-store, mobile and self-service payments management, including decryption transaction histories.
applications and environments. When implemented with
EMV (Europay, Mastercard and Visa) and tokenized PCI P2PE certified devices provide additional benefits to
payment transactions, their added security layers protect end-users and service providers, described by Bluefin as
merchants and consumers from payment card data follows:
breaches, company representatives stated.
• Tamper-resistance: PCI P2PE certified devices are
Bluefin noted that in 2014, it became the first North designed to detect tampering and will automatically
American P2PE solution provider to achieve PCI validation, deactivate when malicious activity is detected.
and since then, a growing number of partner organizations • Chain of custody: PCI-validated P2PE devices employ
have implemented the company's P2PE technology suite a "chain of custody" process to manage device lifecy-
to manage large device populations. Ruston Miles, Chief cles. The Bluefin online P2PE Manager enables users
Strategy Officer, Executive Vice President and founder of to track devices for PCI attestation and compliance.
Bluefin, said the purpose-built system can manage asset
tracking, chain of custody and other device requirements • Strict controls: PCI-validated P2PE solution providers
typically related to large POS deployments and roll outs. are required to implement strict controls to protect en-
cryption keys. Device key injection is done directly at
"We built a system to manage complexity and simplify a certified key injection facility, and decryption only
the process, enabling merchants to get P2PE through their occurs in the Bluefin hardware security module.
existing software providers and roll out and manage these • Reduced PCI assessment: Merchants that implement
programs with greater ease," he stated. "We're the only Bluefin's PCI-validated P2PE solution are eligible for a
provider that offers P2PE as a service. In every other case it 33-question self-assessment questionnaire, SAQ P2PE-
has been part of the payment process." HW, a significantly reduced version of the standard
329-question SAQ.
Decryptx P2PE: Decryption-as-a-service
Bluefin's processor-agnostic subscription model Decryptx "In Europe, P2PE is required by Visa for mobile POS," Miles
P2PE, enables processors, acquirers and gateways to provide said. "And now that EMV is in the rearview mirror in the
PCI-validated P2PE directly to merchants through their United States, we're seeing increased demand for P2PE
own platforms, Miles noted. Sixty partner organizations, solutions."
42
42
