You may have already used Bluefin's P2PE Manager - at least, someone at your organization has used it, to set Bluefin up in the first place - but it has another purpose.
PCI compliance requires you to audit your P2PE card readers annually. You'll inspect each device for any evidence of tampering, and record your attestation inside Bluefin's P2PE Manager. Ready? Let's get started!
You'll receive an email from Bluefin inviting you to set up your account in P2PE Manager. Follow the login link and use the ID / password from the emails to log in.
The email looks like this:
From: [email protected]
Subject: Welcome to Bluefin's P2PE Manager!
If you don't have an email inviting you to log in, check with your colleagues. Someone at your organization - probably the same person that set Bluefin up in the first place - should have a login for P2PE Manager. After all, someone had to use P2PE Manager for you to start accepting payments via Bluefin.
If no one at your organization has a login, scroll up to the top of this article, click the red "Submit a Support Request" button, and let us know. Here's some text you can copy for your support request:
"
Hi,
I need to audit my Bluefin card reader, but no one at my organization seems to have a login for Bluefin's P2PE manager. Can you help us get the login we need?
Thanks for your help!
"
How to audit your card readers with Bluefin's P2PE Manager
Never attempt to dismantle your P2PE card reader device, as this can set off the anti-tampering technology in your card reader. Attempts to take apart or alter your card reader in any way can result in its inability to process transactions.
Here's a direct link to the portal: https://bluefin.p2pemanager.com/login
If you're the designated custodian of the P2PE card readers you're inspecting, you should already have a login. If you don't, check your email for a message from Bluefin Merchant Support - the email contains your login link.
Each Bluefin-compatible device is a bit different, and P2PE Manager provides specific manuals to guide you through the attestation process.
2.1. Click Documentation
2.2. Find your device and click download
Take a look at the device you're inspecting today, and figure out what model it is. You'll find the model's manual in the list.
You're most likely looking for one or several of the following manuals:
- IDtech SREDkey
- Card reader plugged in to your computer via USB
- PAX S300
- EMV-supported card reader connected to your office network via ethernet cable
- PAX D210
- EMV-supported card reader connected to your office network via WiFi
2.3. In the manual, find the instructions for inspecting your device
It'll likely look something like this:
3. Now that you've got the instructions, click Attestations
4. Check the checkbox next to the device and click "Create Attestation"
Although this screenshot doesn't show it, when you need to audit a device, it will be listed on this page. Once you click the checkbox next to the device, you'll be able to click "Create Attestation".
5. Inspect the device as per the instructions you downloaded
You'll be looking for any damage or evidence of tampering.
6. When you're done, fill out the form and click Save
7. Set a reminder for the next audit date!
Bluefin will email you when your next audit is coming up, but we recommend setting up a task in PatronManager, or a calendar reminder, to make sure you complete your next attestation on time.
P2PE Manager FAQs
You should receive an email from Bluefin when the time is coming up to audit your device. However, it's not a bad idea to check, and have the date on your calendar.
1.2. Click the Attestations tab
1.3. On the left, click Future Attestations
1.4. And there you have it! A list of all upcoming audit dates
You sure can! Most people will find it convenient to set all of their devices to be audited on the same date, or on a date they do similar administrative work.
2.2. Now click Devices
2.3. Click the edit icon next to the device for which you want to change the audit date
2.4. Click the calendar icon next to "Audit Next Date"
2.5. Update the audit date, close, and then click save at the bottom of the page
In short, because one of the questions on your annual PCI compliance self-questionnaire asks, "Have you ensured your card reader devices have not been tampered with within the last year?", and you want your answer to be "Yes".
For the curious, here's a bit more detail: the key to the PCI compliance provided via using Bluefin lies with their P2PE card readers. If you set up Bluefin for your organization, you know how seriously Bluefin takes the security of those card readers; each device is shipped in a tamper-proof sealed package to ensure card data security:
If the card readers Bluefin sends you have been tampered with en route, you'll know
As you might imagine, if Bluefin is going through great lengths to ensure the devices were not tampered with while en route to you, they'll also want to periodically ensure the devices haven't been tampered with at your box office. That's where this audit comes in.
Here's Bluefin's full user guide for P2PE manager. In this article, we touch mostly on auditing your devices, but this manual includes much more information. In it, you can read how to receive new P2PE card readers, as well as how to designate specific custodians and administrators for each device.
Want to bookmark this page?
Here's a direct link: http://bit.ly/2MCP9sk