Decryptx® is Bluefin’s PCI-validated P2PE solution which enables processors, payment gateways and software platforms to universally connect to Bluefin and offer our P2PE solution directly to their client.
To date we are the only validated solution provider that offers Decryption as a Service (DaaS) decoupled from payment processing.
Our white label solution affords you the ability to offer security and scope reduction of PCI-validated P2P2 encryption to your clients, while still giving you the freedom to maintain your brand.
There are certain requirements that must be met before you can use the Decryptx platform and its APIs. In addition, there are various security configurations that are enforced, which are presented below.
A Partner must be approved by Bluefin to use Decryptx.
An appropriate PCI PED/PTS-compliant injected payment terminal is required.
Applications that integrate with our Decryptx APIs must be capable of TLS1.2 (HTTPS) communications and must store access credentials securely.
The software application, any service provider or host that is transmitting, storing, or processing cardholder data, and the merchant must be in compliance with the appropriate PCI SSC (Payment Card Industry Security Standards Council) security initiative, PCI-DSS (Data Security Standard) for merchants and service providers, or PA-DSS (Payment Application) for software vendors. PCI compliance for the application and merchant are the responsibility of the merchant and its application partners. For customers who want to ensure their PCI compliance, Bluefin provides an array of compliance services as part of their added service lines. Please contact your sales representative for more information.
For PCI compliance and security reasons, merchants should not store cardholder data for any reason. Bluefin offers tokenization as part of the P2PE decryption process or as a stand-alone service providing the option to have decrypted data tokenized.
Updated 7 months ago