PCI Validated P2PE – 3 Years in North America, What Has Changed?

In 2016, there were 1,093 data breaches according to the Identity Theft Resource Center – a 40% increase over the 2015 data breach number of 781. While the types of data breaches now vary – from ransomware, to phishing emails, to insider attacks – malware continues to be a major culprit, with the AT&T Market Pulse: The Global State of Cybersecurity survey finding that 90% of U.S. organizations experienced at least one malware-related incident over the previous 12 months, with 58% acknowledging occasional or frequent malware threats.

Malware was the culprit in the multi-million-dollar Home Depot, Target, Wendy’s and PF Chang’s breaches. While hackers got into the POS systems through a faulty firewall or third-party vendor, once in they were able to install malware that located unencrypted credit card information — which was then sent to remote servers, packaged and resold on the black market.

There are two security paths that businesses can take in the fight against malware: Defend the Fort or Devalue the Data. With the Defend the Fort approach, merchants build stronger, higher and more expensive walls of security around their systems and data. With the Devalue the Data approach, merchants employ security technology to devalue the cardholder data before it reaches their point-of-sale systems, rendering the data useless to hackers if it is exposed.

PCI-validated Point-to-Point Encryption (P2PE) is an integral security component in devaluing data, since it encrypts credit card information at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done in hardware and outside of the merchant environment.

Bluefin Payment Systems introduced the first PCI-validated Point-to-Point Encryption (P2PE) Solution in North America in March 2014 and was one of only 4 solutions worldwide. Since 2014, more than 26 solution providers have been validated, including acquirers and gateways in both the U.S. and overseas.

This webinar will provide an update on PCI-validated P2PE solutions available today and additional enhancements that have been introduced, including Remote Key Injection (RKI) and the ability for large merchants to “build” their own validated solution. Specifically the webinar will explore:

  • The State of Payment Security
  • Malware and its Role in Data Breaches
  • The Introduction of PCI-Validated P2PE in 2011
  • PCI-validated VS. Non-validated Solutions: What’s the Difference?
  • Types of Available PCI P2PE Solutions – Processor, Stand-Alone and Integrated
  • The Ability for Merchants to “Build” their Own P2PE Solution and the Introduction of Remote Key Injection (RKI)
  • PCI P2PE Scope Reduction and Assessments
  • PCI P2PE Return on Investment

Date & Time: Wednesday, April 12th – kicking off at 1 p.m. EST

Host: Karen Webster

Panelist: Ruston Miles, Chief Innovation Officer, Bluefin Payment Systems

To sign up for PCI Validated P2PE – 3 Years in North America, What Has Changed?, fill out the form below:

First Name*:
Last Name*:


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The July 2019 Pay Advances: The Gig Economy’s New Normal, a PYMNTS and Mastercard collaboration, examines pay advances – full or partial payments received before an ad hoc job is completed – including how gig workers currently use them and their potential for future adoption.

Click to comment


To Top