PCI Validated P2PE – 3 Years in North America, What Has Changed?

In 2016, there were 1,093 data breaches according to the Identity Theft Resource Center – a 40% increase over the 2015 data breach number of 781. While the types of data breaches now vary – from ransomware, to phishing emails, to insider attacks – malware continues to be a major culprit, with the AT&T Market Pulse: The Global State of Cybersecurity survey finding that 90% of U.S. organizations experienced at least one malware-related incident over the previous 12 months, with 58% acknowledging occasional or frequent malware threats.

Malware was the culprit in the multi-million-dollar Home Depot, Target, Wendy’s and PF Chang’s breaches. While hackers got into the POS systems through a faulty firewall or third-party vendor, once in they were able to install malware that located unencrypted credit card information — which was then sent to remote servers, packaged and resold on the black market.

There are two security paths that businesses can take in the fight against malware: Defend the Fort or Devalue the Data. With the Defend the Fort approach, merchants build stronger, higher and more expensive walls of security around their systems and data. With the Devalue the Data approach, merchants employ security technology to devalue the cardholder data before it reaches their point-of-sale systems, rendering the data useless to hackers if it is exposed.

PCI-validated Point-to-Point Encryption (P2PE) is an integral security component in devaluing data, since it encrypts credit card information at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done in hardware and outside of the merchant environment.

Bluefin Payment Systems introduced the first PCI-validated Point-to-Point Encryption (P2PE) Solution in North America in March 2014 and was one of only 4 solutions worldwide. Since 2014, more than 26 solution providers have been validated, including acquirers and gateways in both the U.S. and overseas.

This webinar will provide an update on PCI-validated P2PE solutions available today and additional enhancements that have been introduced, including Remote Key Injection (RKI) and the ability for large merchants to “build” their own validated solution. Specifically the webinar will explore:

  • The State of Payment Security
  • Malware and its Role in Data Breaches
  • The Introduction of PCI-Validated P2PE in 2011
  • PCI-validated VS. Non-validated Solutions: What’s the Difference?
  • Types of Available PCI P2PE Solutions – Processor, Stand-Alone and Integrated
  • The Ability for Merchants to “Build” their Own P2PE Solution and the Introduction of Remote Key Injection (RKI)
  • PCI P2PE Scope Reduction and Assessments
  • PCI P2PE Return on Investment

Date & Time: Wednesday, April 12th – kicking off at 1 p.m. EST

Host: Karen Webster

Panelist: Ruston Miles, Chief Innovation Officer, Bluefin Payment Systems

To sign up for PCI Validated P2PE – 3 Years in North America, What Has Changed?, fill out the form below:

First Name*:
Last Name*:



Five days of intimate interviews and streaming TV shows ‘starring’ the smartest people in payments.
The economy is slowly reopening on a changed world where “business unusual” is now just “business.” Tune in as PYMNTS CEO Karen Webster and special guests from across the payments universe ditch “digital optional” and bring on the digital-first engagements buyers and sellers really want. Join experts in a series of live conversations rethinking business models, customer experiences, payments choice, verticals…everything.

Click to comment