Bluefin's Decryption Management Component has received PCI’s first P2PE Version 3 validation.
Bluefin’s listing allows PCI-validated Service Providers such as payment gateways, processors and SaaS/ISV platforms that are interested in achieving their own Validated PCI/P2PE Service Provider listing to utilize Bluefin’s P2PE Cloud HSM to handle all of the device validation and decryption of the P2PE payloads. The Component Listing also allows merchants pursuing a P2PE Merchant Managed Solution (MMS) to utilize Bluefin’s Cloud HSM component for decryption within their solution.
There are currently four primary paths for payment gateways, processors, and ISV’s to offer a PCI-validated P2PE solution to their customers:
- Build and audit their own P2PE solution.
- Build and audit Domain 3 (Solution Management) and partner with various Component Providers (such as Bluefin P2PE Cloud HSM and Bluefin P2PE Manager® validated components) for the complete P2PE solution. Domain 3 encompasses the overall management of the P2PE solution by the solution provider, including third-party relationships, incident response, and the P2PE Instruction Manual (PIM).
- Integrate to Bluefin’s Decryptx® stand-alone P2PE solution to enable merchants to use PCI-validated P2PE without having to re-integrate to a new payment gateway/service provider.
- Integrate to any one of the 130+ payment gateway and service providers that have connected to Bluefin’s Decryptx platform.
Bluefin provides PCI-validated P2PE solutions for card present, mobile and unattended environments, both as a stand-alone solution through Decryptx and through the company’s payment gateway, PayConex. Bluefin offers the largest selection of certified P2PE devices from Ingenico, Verifone, ID Tech, PAX and more, as well as 13 key injection facilities (KIFs) and remote key injection. Learn more about Bluefin’s P2PE solutions.