Point-To-Point

Securely Accept Payments in your call center

A PCI-validated P2PE solution includes a combination of secure devices, applications, and processes that encrypt data from the POI— for example, at the point of swipe or dip in the terminal—until the data reaches the solution provider’s secure decryption environment. If malicious activity is detected, the device is disabled, preventing a breach at the point of entry or POI device.

WE OFFER Seamless connectivity Greater agility Cost efficiencies Increased productivity Centralized access …in 5 continents

  • PCI-Validated P2PE

    Secure encryption of payment card data.

    A PCI-validated P2PE solution includes a combination of secure devices, applications, and processes that encrypt data from the POI.

  • Device Security

    Designed to detect tampering.

    PCI P2PE-certified devices are designed to detect tampering. If malicious activity is detected, the device is automatically deactivated, preventing a breach at the point of entry or POI device.

  • Strict Controls

    Automatically track and report.

    PCI P2PE has a built-in chain-of-custody process for managing PCIP2PE-certified devices. The CyberSource Call Center solution with Bluefin P2PE includes access to the P2PE Manager in which you can automatically track and report on all POI devices for PCI compliance review.

  • Chain of Custody

    Strict controls to protect encryption keys.

    All PCI-validated P2PE solution providers must abide by strict controls to protect encryption keys. Device key injection is done directly at a certified Key Injection Facility (KIF), and decryption occurs only in the Bluefin HSM.

This solution encrypts cardholder data at the point of interaction (POI) using a PCI-approved P2PE device.

CyberSource Call Center Solution with Bluefin Point-to-Point Encryption

In many businesses, sensitive payment data is still exchanged in the open within the call center. Even security-conscious companies find adequately securing their call center environments challenging, often because the centers are geographically dispersed and the requisite technology solutions are expensive and complex to deploy. As a result, these centers and environments are in Payment Card Industry Data Security Standard (PCI DSS) scope and remain vulnerable to hackers and malware attacks.

CyberSource and Bluefin have partnered to introduce a validated PCI Point-to-Point Encryption (P2PE) standard-based solution1 for securing call center operations. This solution encrypts cardholder data at the point of interaction (POI) using a PCI-approved P2PE device. Transactions are processed by the CyberSource platform, and decryption is performed off-site in an approved Bluefin Hardware Security Module (HSM). By deploying this solution, you can remove clear-text cardholder data within your call center and reduce the payment security risk posed by hackers and malware. Protecting your systems against such potential threats helps you safeguard your brand reputation in the event of a breach.

Key Features

  • PCI-validated P2PE
  • ID Tech SREDKey keypad and swipe device enabling agents to enter card data
  • The Bluefin P2PE Manager for managing users, deploying and terminating devices, tracking device shipping, viewing transactional history, and downloading reports

Key Benefits

  • Improved payment security: Protecting the call center with a validated PCI P2PE solution removes clear-text cardholder data within the call center and helps lessen the risk posed by hackers and malware
  • Reduced PCI DSS scope: You may be able to significantly reduce your PCI scope when you implement this solution—check with your Qualified Security Assessor (QSA) for advice