PCI validated P2PE
Security has always been a concern in credit card payments, and Worldnet Payments solutions are all PCI compliant and provide a high level of security for our customers.
For customer in industries and verticals which require the very highest level of security for POS credit card payments, , we also offer Validated P2PE through our partner Bluefin.
What is Validated P2PE?
It is important to understand that there are many solution providers on the market with end-to-end encryption and non-validated P2PE products, but only those P2PE solutions listed on the PCI SSC website have been audited and approved by the Council as validated solutions. Why does PCI validation matter?
|
|
PCI P2PE certified devices are more secure and are designed to detect tampering. If malicious activity is detected, the device is automatically deactivated, preventing a breach at the point of entry (also called point-of-interaction, or POI) device. | All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF) and decryption only occurs in the Bluefin hardware environment (HSM). |
|
|
PCI-validated P2PE includes a built-in “chain of custody” process for managing PCI P2PE certified devices. The Bluefin solution includes access to our online P2PE Manager where you can track and report on all POI devices for PCI attestation and compliance. | Merchants that implement Bluefin’s PCI-validated P2PE solution throughout their POS environment are eligible for the 33-question SAQ P2PE-HW – a significant reduction from the 329-question SAQ D. |
Decryptx: PCI-Validated P2PE by Bluefin |
Bluefin’s PCI-validated P2PE solutions encrypt cardholder data at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done off-site in an approved Bluefin Hardware Security Module (HSM). Bluefin's solutions prevents clear-text cardholder data from being present in a merchant or enterprise’s system or network where it could be accessible in the event of a data breach.
Decryptix Flow
|
About Bluefin |
Bluefin were the first North American provider of a PCI-validated Point-to-Point Encryption (P2PE) solution in March 2014, introducing Decryptx®, the industry’s only P2PE Decryption as a Service (DaaS), in October 2014. Bluefin are headquartered in Atlanta, with offices in Tulsa, Chicago, New York and Waterford, Ireland.
For latest supported devices, please visit: Supported P2PE Devices on the Bluefin website.
If you would like to learn more commercial or technical details of Validated P2PE, please provide us your details on our contact page, and our team will get in touch with you.