403 Labs Assesses First U.S.-Based P2PE Solution Accepted by the PCI SSC
PayConexTM P2PE Encryption Solution to Help Protect Credit Card Data, Reduce Malicious Hacking
NAPERVILLE, Ill. — March 19, 2014 — With guidance from 403 Labs, the security and compliance division of Sikich LLP, the first U.S.-based point-to-point encryption (P2PE) solution, PayConex P2PE, has been introduced by the firm’s client, Bluefin Payment Systems.
A P2PE solution encrypts credit card data from the point it is swiped into a system until the point it reaches the solution provider. Because of the level of security a P2PE solution provides, standards are rigorous and have been difficult to meet. Bluefin’s solution, which was assessed by 403 Labs, was recently accepted by the standards body for the payment card industry (PCI), the PCI Security Standards Council (PCI SSC).
“Bluefin recognized that its partners and merchants were interested in enhancing security while reducing compliance scope,” said D.J. Vogel, Partner, Security and Compliance Practice Leader at Sikich. “Their hard work and initiative paid off, allowing them to be the first-to-market solution in North America.”
The Nilson Report stated that global credit, debit and prepaid card fraud resulted in losses of $11.27 billion in 2012, an increase of more than 14 percent over the prior year. Therefore, solutions like Bluefin’s PayConex P2PE will become more critical, particularly for retailers. According to an official statement by Bluefin, PayConex P2PE will reduce the potential for malicious hacking and fraud, as well as reduce the PCI Data Security Standard (PCI DSS) compliance burden for merchants.
403 Labs worked closely with Bluefin’s team to provide consultation and guidance for building the solution infrastructure and operations necessary to complete the rigorous assessment process. The assessment conducted by 403 Labs involved in-depth testing and a thorough review of Bluefin’s hardware, software and encryption methods, as well as numerous associated practices and policies.
“Becoming the first North American PCI-validated solution P2PE was new ground for all of us,” said Ruston Miles, Chief of Product Innovation, Bluefin Payment Systems. “Without the guidance of 403 Labs on interpreting these standards, and its commitment to powering through the mountains of materials associated with the testing, achieving this goal would have been exponentially more difficult.”
In early 2014, Sikich significantly grew its information security practice after its merger with 403 Labs. Visit the Sikich website for more information about the information security services the firm offers.
###
Rebecca Miller
Internal Marketing
630.566.8482
rmiller@sikich.com
About Sikich
Sikich LLP, a leading accounting, advisory, investment banking, technology and managed services firm, has more than 600 employees throughout the country. Founded in 1982, Sikich now ranks as one of the country’s Top 35 Certified Public Accounting firms and is among the top 1% of all enterprise resource planning solution partners in the world. From corporations and non-profits to state and local governments, Sikich clients can use a broad spectrum of services and products that help them reach long-term, strategic goals.
403 Labs, the security and compliance division of Sikich, is a full-service information security and compliance consulting practice specializing in performing compliance audits, computer security assessments, penetration tests and computer forensic investigations. 403 Labs is an Approved Scanning Vendor (ASV), a Qualified Security Assessor (QSA), a Payment Application Qualified Security Assessor (PA-QSA), a QSA and PA-QSA for Point-to-Point Encryption (QSA (P2PE) and PA-QSA (P2PE)) and a PCI Forensic Investigator (PFI) certified to perform the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS).
Visit www.sikich.com to discover how you can elevate performance in your organization.
Securities are offered through Sikich Corporate Finance LLC, a registered broker dealer with the Securities Exchange Commission and a member of FINRA/SIPC.
Tags: