Ask most cybersecurity experts and they'll tell you hackers are no longer just interested in stealing your banking or payment information. The real money is personal information they can sell on the black market.
One Atlanta company has developed a unique way to stop hackers in their tracks. Bluefin, a point-to-point encryption firm, has evolved to offer vaultless tokenization, a method which securely stores sensitive data like social security numbers, passport numbers and other highly coveted information.
"This technology is trending primarily because all of the breaches happening at alarming rates...major portions are related to the fact that the data wasn't encrypted at the time when the malware or whatever the breach cause was," Ruston Miles, co-founder and CSO of Bluefin, told Atlanta Inno. "The data was clearly visible and so the bad guys were able to compromise it and sell it on the black market."
Bluefin, which describes its solution as "cybersecurity for payment processing," takes data from their clients' webpage, encrypts it and gives it back to the webpage using a combination of secure form elements and vaultless tokenization, Miles said.
"With that, we’re able to protect all of these merchants that are accepting card data over the web, whether it's through a chat box or a payment form, whatever it might be," he said. "They’re able to accept this data and encrypt it before it ever gets to them so that way they don’t have all the compliance headaches and hurdles, and they don’t have the complexity added to their innovation of trying to secure all of this data."
When the world of payments and credit cards wanted to implement EVP chips in all forms of plastic payment to avoid credit card theft, most companies weren't "minding the backdoor to help curb fraud," Miles said.
"The chip card is good for stopping counterfeit cards walking in the front door trying to buy something, but it's not the right tool to protect the back of house, the back of the office," he said. "That's what (we do) with our encryption."
Complex merchants, such as higher education and health care institutions, are some of the most at-risk for breaches and the best area for growth for Bluefin. Not only are these clients usually spread out geographically, but there are multiple areas of payment, such as tuition, ticketing, donations and more that need encryption, Miles said. There's more data, such as personal information and medical information, for hackers to mine from health care companies and higher education.
"We see a lot of demand for this coming from those sectors largely from the devastating effects of breaches and compromises," he said.
Bluefin has served companies in the health care, retail and hospitality industry. It started with a team of six and has since grown to 110 employees globally, expanding to offices in Tulsa, Chicago, Melville and Ireland. Partners who use Bluefin's P2PE include Verifone, NCR, Cybersource (Visa) and Merchant Link. The company has also handled case studies for clients such as Two Men & a Truck, University of California San Diego, Children's Healthcare of Atlanta and more. According to Crunchbase, Bluefin has raised $6 million in funding to date.
