Digital Transactions Authoritative, insightful and timely information for payments professionals
Bluefin Payment Systems LLC expects its deal with processor Moneris Solutions Corp. will significantly streamline Canadian merchants’ payment card security through what the parties say is an enhanced point-to-point encryption solution.
Under the terms of the deal, announced last week, Moneris will include point-to-point encryption (P2PE) capabilities in Bluefin’s PCI solution, enabling Moneris to focus on secure transaction processing using its listed PCI P2PE (point-to-point encryption) components, while leveraging Bluefin’s PCI P2PE solution provider management. “PCI” is a reference to the Payment Card Industry data-security standard.
Bluefin will oversee the P2PE Instruction Manual, manage the building and deployment of P2PE devices, work with P2PE-qualified security assessors on changes, and ensure merchant implementations comply with PCI P2PE. As a result, Canadian merchants with have a single point of contact through Moneris when implementing its point-to-point encryption solution. This, the two companies say, will reduce merchants’ PCI compliance requirements.
By converting card data into an unreadable form, point-to-point encryption aims at protecting the sensitive data from the time a transaction is initiated at the point of sale until it is processed.
Bluefin says its PCI P2PE solution reduces merchants’ PCI DSS compliance requirements by as much as 70% and reduces PCI-DSS scope at the point-of-sale environment by up to 90%.
“With Moneris having PCI P2PE-validated components and leveraging Bluefin as the overall PCI P2PE solution provider, Moneris is able to maintain its relationships with its merchants and remain in control of all transaction-related data,” Brent Johnson, chief information security officer at Bluefin, says by email. “This partnership allows Moneris to focus on processing secure PCI P2PE transactions, without having to worry about the additional overhead of PCI P2PE solution provider requirements.”
Bluefin’s P2PE Manager is an online portal for device chain of custody that enables Moneris and its merchants to inventory and maintain the status of deployed PCI P2PE devices. It also enables merchants to comply with PCI-DSS domain 9 device inventory and attestation requirements when using a PCI P2PE solution, the company adds.
“This partnership provides merchants a single point of contact for PCI P2PE implementation [and] allows Moneris to remain in control of secure transaction processing, all while taking advantage of Bluefin’s expertise in PCI P2PE solution provider controls/requirements,” Johnson says.
A provider of encryption and tokenization technology for payments, Bluefin services 35,000 enterprise and software clients in 60 countries, as well as 300 technology partners globally. The company is also a Participating Organization of the PCI Security Standards Council.
