BrightLine Approved to Provide PCI Point-to-Point Encryption (P2PE) Assessment Services for Third Party Solution Providers

BrightLine Adds P2PE to Its Suite of Compliance Services


TAMPA, FL--(Marketwired - May 21, 2015) - BrightLine CPAs & Associates, Inc., a leading provider of compliance services, is now a Point to Point Encryption (P2PE) QSA company. The new service builds upon BrightLine's deep security expertise making it the only firm in the world that can offer a comprehensive suite of PCI assessments, SOC 2, FedRAMP, and ISO 27001.

The PCI P2PE standard allows solution providers to offer merchants a secure payment acceptance channel. The P2PE solutions utilize secure and validated cryptographic hardware devices along with rigorous security practices to encrypt data from the point of interaction (POI), usually a card swipe or read, until the data reaches the its secure decryption environment. As these solutions have the potential to keep unencrypted credit card numbers out of merchant and service provider environment, it may allow for reducing scope to the physical and operational security controls of those encryption devices.

A PCI P2PE assessment includes a thorough assessment of the device management practices for the POIs and other cryptographic devices, the use of hardware security modules (HSMs) for key management and decryption, and the security controls for key management, key injection, and security operations for the decryption environment. A validated solution demonstrates to merchants that the solution provider has implemented effective controls and that the merchant may reduce their scope with confidence in the defenses to prevent device tampering or substitution or attacks against the Solution Provider itself. The PCI Security Standards Council (SSC) only recognizes validated P2PE solutions for scope reduction.

"PCI P2PE represents the most stringent set of controls while offering the potential for significant scope reduction for merchants," said Jacob Ansari, BrightLine's PA-DSS and P2PE practice lead. "BrightLine is pleased to be able to complement our existing PCI DSS, PA-DSS, and other security and compliance offerings with P2PE validation."

Inquiries for P2PE services can be made with BrightLine at 1-866-254-0000, PCI@BrightLine.com, or by submitting a request for a professional consultation at www.BrightLine.com/P2PE.

ABOUT BRIGHTLINE
BrightLine CPAs & Associates, Inc. is a global provider of assurance and compliance services. As the only company in the world fully accredited to provide a suite of services that includes SSAE 16 (SOC 1) examinations, SOC 2 examinations, PCI DSS / PA-DSS compliance validation, ISO 27001 certification, FedRAMP Assessments, network and application penetration testing services, and now P2PE assessments. BrightLine offers clients the unique opportunity to achieve multiple compliance objectives through a single third party assessor. For further information, please visit www.BrightLine.com.

Contact Information:

CONTACT
Avani Desai
Executive Vice President
pr@brightline.com
866.254.0000 ext. 140