On Tuesday (Mar. 7), Bluefin Payment Systems announced its new partnership with international online payments and fraud and data management solutions provider First Atlantic Commerce (FAC). Through the partnership, Bluefin’s PCI-validated point-to-point encryption (P2PE) solution will be used to help expand the data security for companies utilizing FAC’s payment gateway. These companies will also have access to Bluefin’s Decryptx PCI-validated P2PE solution, enabling merchants and acquiring banks in multiple jurisdictions across Europe, Mauritius and the Latin American Caribbean (LAC) region to get the security and scope reduction of PCI-validated P2PE.
PYMNTS caught up with Ruston Miles, Chief Innovation Officer of Bluefin Payment Systems, to learn more about the partnership announcement and why P2PE is such an integral security component for devaluing data in the fight against malware.
Here is an excerpt of the conversation.
PYMNTS: Why is this partnership so significant?
RM: FAC is the first payment processor to provide a PCI-validated P2PE solution to the LAC market through Bluefin’s decryption-as-a-service model, Decryptx. Decryptx is our standalone, PCI-validated P2PE offering that enables any processor or gateway globally to connect with our solution via an API and provide it direct through their platform. FAC can now provide a PCI-validated P2PE solution to all of the markets that they serve, including LAC, the European Union and Mauritius.
PYMNTS: How will the partnership help to expand data security in the market? What will it mean for the payments industry as a whole?
RM: FAC is a Level 1 PCI-certified payment gateway and registered ISO in the LAC region, and the partnership enables them to offer PCI-validated P2PE directly to their clients in that region — where this solution was not available before. PCI-validated P2PE is an integral component of payment security because it encrypts cardholder data immediately upon swipe or dip in a PCI-approved P2PE terminal, and hardware decryption is done outside of the merchant environment — preventing clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach.
This partnership marks the growth of PCI-validated P2PE solutions globally, solidifying this technology’s importance in the payments industry. Now that the EMV liability shift deadline has come and gone, and data breaches keep happening and credit card information keeps getting stolen from point-of-sale (POS) systems, companies understand that EMV does not encrypt card data — it only authenticates the credit card. And in order to devalue their card data in the POS and make it useless to hackers, all merchants worldwide need technologies such as PCI-validated P2PE.
PYMNTS: Why was it important for Bluefin to make its solutions available to merchants and acquiring banks in the LAC region? Is this an entirely new market for Bluefin?
RM: The LAC market experiences the same data breach risks as the U.S., but unlike the U.S., where you have many validated P2PE providers, they don’t have the PCI-validated P2PE tools within their region to mitigate their risks. So it was important for us to bring this solution to that market through FAC. Further, this solution is available through FAC’s virtual terminal product, which allows call centers, of which there are many in Latin America, to take payments securely in a card-not-present environment. And as eCommerce grows and there is more need for mail/telephone order transactions, the need for tools like PCI-validated P2PE to protect account data will increase.
PYMNTS: What’s next for Bluefin? Any more updates or news that can be shared?
RM: We will issue several more P2PE partner announcements in the next few months. Also, we invite anyone who wants to learn more about PCI-validated P2PE, including available solutions, how it is implemented and the return on investment to register for our webinar on Wednesday, Apr. 12 at 1 p.m. ET — PCI Validated P2PE – 3 Years in North America, What Has Changed?