Tim Barnett, CIO
“The current market for retail POS is accompanied by a huge demand for omni-channel payments and a significant rise in data breaches. As omni-channel payments create more touch points for sale, they also cause potential security gaps for hackers,” apprises Tim Barnett, CIO, Bluefin Payment Systems. Adding further credence to Barnett’s observation is a recent report from the ‘Identity Theft Resource Center’ that states data breaches have reached 708 as of September 27, compromising almost 29 million records. “It is incredibly difficult for retailers to secure every part of their system. But it can be addressed with a strategy we call ‘devaluing the data’”, explains Barnett.
Bluefin Payment Systems’ PCI-validated Point-to-Point Encryption (P2PE) solution is an example of a technology that devalues payment data. The Atlanta Georgia-based firm’s P2PE solution prevents clear-text cardholder data from being present in a merchant/enterprise’s system or network where it could be accessible during data breach. In addition, the solution combines a PCI-validated, secure point-of-interaction (POI) device (payment terminal), applications, and processes that encrypt data from the POI until the data reaches the solution provider’s secure hardware decryption environment. Another unique feature of the P2PE solution is the 35-question PCI Self-Assessment Questionnaire (SAQ) P2PE-HW that happens to be a drastic reduction from the 332-question SAQ D.
Additionally, Bluefin offers a 100 percent online management system, the P2PE Manager, which administers merchants’ P2PE activities to help ensure compliance and enable them to attain the full benefits of PCI P2PE scope reduction. Further, the P2PE Manager simplifies chain of custody management and documentation, while expediting laborious tasks such as annual audits.
We see ourselves as a leading FinTech provider and a driving force for the adoption of PCI-validated P2PE
The firm has also received two patents on its P2PE technology, including ‘Systems and Methods for Creating Fingerprints of Encryption Devices’ and ‘Systems and Methods for Decryption as a Service.’ Bluefin has five additional patents pending related to device encryption and management.
“In addition to our flagship P2PE solution, we offer Decryptx, which enables processors, gateways, and acquirers to code to our API, thus enabling our PCI-validated P2PE solution on the partner’s platform,” says Barnett. “Decryptx also creates another level of loyalty or stickiness with our partners’ merchants by providing them the value-add features of a PCI-validated P2PE product, which stands out as a market differentiator for new businesses.”
Additionally, the company’s mobile solution, QuickSwipe, enables merchants to have a complete mobile point of sale system and process payments through mobile devices backed by the security of P2PE. Bluefin designs solutions to help merchants carry out processing of their mobile payments in the way they want.
An example of the benefits that a PCI-validated P2PE solution provides can be seen with the University of California San Diego (UCSD) Extension. UCSD approached Bluefin to address the security of their student payments and to remain PCI compliant while expanding their systems.
By adopting Bluefin’s PCI-validated P2PE solution, UCSD Extension was able to drive their PCI assessment down to 35-questions from several hundred questions. Also, the solution was flexible enough to handle the client’s mixed processing environment of face-to-face and call center transactions.
The customer success stories can be attributed to the company’s client-centric policy. “We see ourselves as a leading FinTech provider and a driving force for the adoption of PCI-validated P2PE,” concludes Barnett.