P2PE PCI Validation Gives Bluefin A Leg Up

Secure payment-technology provider Bluefin announced today it became the first company in the U.S. to receive PCI validation for a point-to-point encryption (P2PE) solution. While the PCI Security Standards Council, which provided the validation, has been around for some time, no other company has achieved this status because the bar has been set very high, according to a Bluefin top exec.

(jump to: 2:30) “It’s not just go in and buy a device off of the shelf that encrypts the data,” Ruston Miles, chief of product innovation, told Market Platform Dynamics CEO Karen Webster in an exclusive interview. “It has to do with an entire solution being audited and validated. Every piece – the injection facility, the front-end devices, the back-end decryption, the applications that go on the device.”

Bluefin had been working on the validation since the developmental stage in 2012, he added.

But on the cardholder-data protection front, there are several alternatives and approaches currently suggested, especially EMV. So why might a merchant particularly need P2PE?

It is widely known among payment security experts, said Miles, that each one of these approaches – like EMV, tokenization, and P2PE – does not solely provide a solution. They actually work together. EMV, for example, prevents a hacker from duplicating a card once a breach happens, but it does not prevent the breach from happening. Tokenization, also part of the security trifecta, requires information stored to be tokenized, but is not the single solution.

(jump to: 6:23) “The P2PE encrypts any card or payments device – no matter if it’s an EMV chip, a swipe card, a keyed-in card, a pay stub – right before the device goes into the point of sale,” said Miles. “But all three of these technologies need to be in place for the payments security 2.0 landscape that we’re all heading towards.”

On the whole, card-present merchants benefit from the P2PE solution, and some varieties of card-not-present merchants will benefit as well, said Bluefin CEO John Perry in the interview. For example, it is a good option for medical offices that need to meet certain requirements.

In regards to card chips, Miles later mentioned that there will be a natural progression in the EMV space. However, no matter how fast this is adopted, he said, it is important to look at the tunnel through which any of these devices flows to protect a merchant from a breach.

(jump to: 13:40) “What we need to focus on is the entire channel not focus on one specific card type, which is the chip,” said Miles. “That’s where point-to-point encryption can protect against hacks.”

To learn more about Bluefin and its point-to-point encryption solution, listen to the full podcast by clicking below.

CEO John Perry and Joy of Bluefin Payment Systems.John M. Perry, CEO, Bluefin Payment SystemsAs CEO of Bluefin Payment Systems, John leads all aspects of the company’s strategic planning, including spearheading key alliances and acquisitions. He is noted for creating a clear vision and recruiting exceptional teams to exceed launch and service targets, execute process re-design initiatives, and generate profitable new products.His past experience includes Chairman and CEO of Spectrum, an independent electronic bill-payments company; President and COO of NOVA Information Systems, a US Bancorp company and executive positions with First Data, Visa USA and Wells Fargo Bank.He holds a Bachelor of Science degree in engineering from the United States Military Academy at West Point and an Executive Masters in Management (MBA) from the Kellogg Graduate School of Management at Northwestern University.

Ruston Miles.bio picture.March 2014

Ruston Miles, SVP and Chief of Product Innovation, Bluefin Payment Systems

Ruston brings a combined 20 years of telecom and payment security experience to his role of Chief of Production Innovation where he serves as Bluefin’s security thought leader and technology evangelist.  Ruston founded Bluefin in 2002 and speaks at various conferences on payment security throughout the year.

Ruston is a PCI Professional (PCIP), Certified Payment Professional (CPP), Certified Internet Business Strategist (CIBS), and an active participant with the PCI Security Standards Council (SSC).  He holds a BS in Management Information Systems (MIS).