Bluefin Payment Systems is making point-to-point encryption available to large merchants that use Heartland Payment Systems as a processor, a key move as U.S businesses grapple with the migration to chip cards.
Through the partnership, Heartland will provide clients with web-delivered encryption through Bluefin's application interface. Bluefin will handle decryption of the card data in its hardware security module environment, while Heartland continues to process the transactions.
Businesses can use a combination of Bluefin's Decryptx and the Heartland platform to obtain Payment Card Industry-validated P2P encryption without changing the relationship with their merchant acquirer, Bluefin said in a Feb. 17 press release.
Decryptx encrypts all data within a PCI-approved point of entry swipe or keypad device, preventing clear-text cardholder data from being available in the device or the merchant's system where it could be exposed to malware, Atlanta, Ga.-based Bluefin said.
Security experts consider P2P encryption services a vital complement to the introduction of EMV chip cards in the U.S. payments market.
Encryption secures data as it flows through a network, while EMV creates a unique cryptogram for each transaction that will not allow data swiping at the point of sale or through stolen cards, which is common with easy-to-duplicate mag-stripe technology.
Cyberattacks will never go away," John M. Perry, CEO of Bluefin, stated in the release.
"Stolen credit card data is too valuable to a fraudster, whether used at the point of sale or in the e-commerce environment."
A holistic security approach to payments which includes PCI-validated P2PE must be adopted to render card data useless, Perry added.