Bluefin and CDE Partner to Provide Secure Payment Services to Essential Businesses Despite COVID-19 Restrictions
Staff Report From Metro Atlanta CEO
Wednesday, May 6th, 2020
Bluefin, the leading provider of payment security technologies including PCI-validated Point-to-Point Encryption (P2PE) solutions for retail, hospitality, healthcare, and higher education, and CDE Services, Inc., a PCI-validated P2PE provider of point-of-sale payment equipment and support services, partner to ensure business continuity of a large, California-based healthcare organization during COVID-19.
Bluefin was the first North American company to receive PCI validation for a P2PE solution, providing P2PE as both an integrated option with the company’s PayConex gateway and a stand-alone solution for other payment gateways, processors and software vendors to offer on their own platforms through Decryptx®. Bluefin chose CDE to serve as one of the company’s primary key injection facilities (KIFs).
Leveraging this existing partnership, the two companies worked together to fulfill a large healthcare organization’s order for more than 800 P2PE payment terminals and PIN pads within an expedited timeframe of two weeks during late February and early March, while complying with changing COVID-19 restrictions. The companies have released a joint case study detailing this execution.
“It was one of those circumstances where both Bluefin and CDE knew that we had to double-down our resources for this important customer,” said Eldred F. Garcia, VP of Security Solutions, PCIP, Bluefin. The two companies worked together to process the orders and then configure, ship and deliver the devices in seven days for the first set of orders and in less than two weeks for the second set of orders. “While Bluefin prides itself on providing top-notch service to all of our customers, it was crucial to work with an audited encryption service organization such as CDE that could perform at an even higher level during the most critical and sensitive times.”
Part of ensuring the business continuity on both Bluefin and CDE’s side were the companies’ agility in both the physical office and remote work environments.
“As an essential business CDE provides payment activation and processing support to critical businesses ranging from local food providers to regional healthcare facilities. CDE has been fully operational throughout the coronavirus disease pandemic,” said Joe Cohane, CEO of CDE. “By adapting quickly to changing requirements and situations, we were able to deliver nearly 7000 payment devices in the month of March during the COVID-19 pandemic despite the shelter-in-place.”
In response to the COVID-19 shelter-in-place order from Georgia Gov. Brian Kemp, CDE immediately transitioned 70% of its workforce to remote workplaces, implemented split shifts for the operations team, limited people on the production floor to 10 or less at one time, and expanded deep cleaning and disinfection services. As a precaution, two alternate deployment teams were created to support production should one of the existing teams become impacted.
P2PE is an encryption standard established by the Payment Card Industry (PCI) Security Standards Council (SSC). It requires that payment card data be encrypted immediately upon use with an organization’s point-of-sale (POS) terminal and cannot be decrypted until securely transported to and processed by the validated P2PE solution provider. A validated solution encompasses a combination of secure devices, applications, and certified KIFs that have undergone assessment and audit by a P2PE Qualified Security Assessor (QSA) for validation and listing on the PCI website under Approved P2PE Solutions.
By deploying PCI-validated P2PE in the healthcare environment, organizations realize significant PCI compliance cost savings, increase operational efficiencies, and reduce the exposure/compromise of patient cardholder data.
“It is crucial that healthcare systems deploy the latest security technologies to protect their patient and payment data, while also being vigilant about hackers attempting to gain access into their systems, since breaches and attacks have ramped up with the coronavirus,” said Garcia. “At the same time, it is equally important that third-party vendors servicing health organizations ensure that their supply chain and delivery times are flawless.”