Bluefin Payment Systems, a leading provider of PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, restaurants, healthcare, and education, and Merchant Link announced Tuesday the availability of Bluefin’s P2PE solution on the Merchant Link platform.
Merchant Link specializes in gateway and data security solutions for over 400,000 hotel, restaurant, and retail locations, enabling more than 6 billion transactions annually. With Bluefin’s Decryptx Decryption as a Service (DaaS) product, Merchant Link can now provide PCI-validated P2PE through their current TransactionLink integrations—requiring no change to a merchant’s transactional flow or processing relationship.
“PCI-validated P2PE is a premier security solution. Not only does it encrypt card data at the point of entry at the terminal, but because the solution has been validated by the PCI Security Standards Council (SSC), it offers our clients significant cost and efficiency savings from reduced PCI scope—which you just can’t get with a non-validated solution,” says Scott Carcillo, CIO, Merchant Link.
“Prior to Bluefin’s Decryptx product, the only way for a merchant to get PCI-validated P2PE was to switch their payment processing to the handful of gateways that offered it. You could not decouple payment processing and PCI-validated P2PE before Decryptx. Now our TransactionLink clients can get Bluefin’s solution with absolutely no change to how they process transactions through Merchant Link today. It is a huge value add,” adds Carcillo.
Bluefin’s PCI-validated P2PE solution secures card transactions by encrypting all data within a PCI-approved point of entry swipe or keypad device, preventing clear-text cardholder data from being available in the device or the merchant’s system where it could be exposed to malware. Data decryption is only done offsite in a Bluefin hardware security module (HSM).
The University of California San Diego (UCSD) Starbucks campus location was the first client to take advantage of the combined Merchant Link/Bluefin solution using the PCI P2PE approved Ingenico iSC 250 terminal, with both PCI-validated P2PE and EMV. Bluefin and Merchant Link will be releasing a case study on the implementation in September.
“A survey released by KPMG on August 23rd found that 20 percent of consumers would not continue shopping at a retailer that suffered a data breach, no matter what they do to remediate the situation. This goes to show that prevention is much more important than reaction,” says Greg Cornwell, senior vice president, Security Solutions, Bluefin. “Merchant Link counts some of the largest retailers, hospitality providers and restaurants as clients. While P2PE cannot prevent a hacker from breaking into a network or point of sale system, it can ensure that clear-text cardholder data is not available for the hacker to steal. By providing PCI-validated P2PE on their platform as a security option, Merchant Link is ensuring that it is offering clients the gold standard of payment encryption to protect their reputation and customer base.”