Verifone and Bluefin announced a partnership to provide Bluefin’s PCI-validated Point-to-Point Encryption (P2PE) security solution to merchants using either Verifone’s POINT or Retail Transaction Switch (RTS) solutions. Through this partnership, merchants can reduce not only the cost and effort they incur when trying to comply with PCI PA DSS requirements, but also mitigate the risk associated with face-to-face payments.
The Verifone Validated P2PE solution, which can now be viewed on the PCI P2PE Solution website, is an incremental offering within Verifone’s industry-leading payment security product line. This Validated P2PE solution is designed to meet the needs of merchants of all sizes and offers multiple configurations and processing options.
“Merchants around the globe are looking to fully certified PCI P2PE solutions for protection from threats to consumer and card data,” said John M. Perry, CEO, Bluefin. “In partnership with Verifone, we are delighted to protect retailers and merchants with the best-in-breed security solution that offers PCI DSS scope relief and secures cardholder data.”
To be certified as a PCI-validated P2PE solution requires that the payment solution adopts specific physical, logical and operational security controls. The implementation of these controls is ultimately reviewed by a special P2PE Qualified Security Assessor (QSA) and then again by PCI prior to a solution being deemed “Validated P2PE Certified.” The purpose of this process is to ensure that an encrypting payment solution has been implemented in a way which truly reduces risk.
“We are a client-first company, and with this new partnership we give merchants greater peace of mind, freeing them to focus on running their business and serving their customers,” said Joe Mach, president of North America for Verifone. “Our mission is to bring simplicity to doing business today by looking for new ways to ease the points of friction in payments and commerce.”
The combination of Verifone’s industry leading payment devices and solutions, and Bluefin’s decryption and operational capabilities result in a true enterprise-class solution. It secures credit and debit card transactions by encrypting all data within a PCI-approved point of entry device. This prevents clear-text cardholder data from being available within the device, or in the merchant’s system where exposure to malware is possible. Data decryption always occurs offsite in a Bluefin hardware security module (HSM), ensuring the highest level of security.
For merchants, the benefits of the Bluefin / Verifone P2PE solution include reducing PCI scope from 329 to a 33 question P2PE self-assessment questionnaire (SAQ), managing chain of custody using the Bluefin P2PE Manager® online device management system, and integration with Verifone’s market-leading line of payment solutions.