Welcome to the Help Center - Guides to support and troubleshoot your Verifone devices
Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Bluefin Encryption

PCI-DSS 4.0 has introduced many new requirements which can be reduced if payment devices have implemented Point-to-Point Encryption (P2PE).

Revision History

Date

Description

9/15/2025

Initial Documentation Release.

1/08/2026

Fixed review comments

Overview

Feature Description

PCI-DSS 4.0 has introduced many new requirements which can be reduced if payment devices have implemented Point-to-Point Encryption (P2PE). Bluefin has teamed up with Heartland to provide P2PE on Heartland Value Added Payment System (VAPS) and Network Services (NWS) platforms.

For Verifone Release 56.03, Verifone has implemented the P2PE solution using Bluefin for Phillips 66. For this release the encryption is only implemented for indoor PIN pads.

This solution requires the installation of Feature Enablement Token (FET) package, Bluefin key (DATA DUKPT / P2PE) and associated configuration files on the PIN pad. This installation is in addition to the usual 3DES DUKPT debit keys that are used for debit PIN encryption. Sites should get in touch with P66 to install the required packages on the PIN pad.

If any indoor PIN pad is enabled for ADE encryption (the encryption Bluefin uses), then all the active PIN pads at that site must also be using the ADE encryption. Mixed implementation are not allowed where some PIN Pads are encrypted and some are not.

Requirements

Supported Hardware Configurations

  • Verifone Commander with C18

PIN pad

  • P400

  • M400

Software Requirements

  • Verifone Commander Release 56.03 and above

  • EVPAY 2.08.00 R09 kernel 703

EPS and PIN pad Configuration

EPS

There is no configuration required. After the 56.03 software is installed, EPS automatically detects whether any PIN pad is P2PE enabled. On detecting that any PIN pad is P2PE enabled EPS considers that P2PE is active at the site. After P2PE is active at a site, EPS will not allow any network transactions from a POS that is associated with a non P2PE PIN pad.

PIN Pad

  1. Installing 56.03 will automatically get all the PIN pads at the site upgraded to EVPAY 2.08.00 R09.

To enable P2PE functionality on the PIN pad below two steps are required. These are only required to be done for the initial setup. After a PIN pad is P2PE enabled, it cannot be revered back to non-P2PE mode.

  1. Install FET package to enable P2PE (e.g: ADE-FE-VOS-PROD-WAW-Token.tgz).

  2. Install Bluefin production ADE keys for encryption (e.g: BMX_1-25-0011-5598.tgz).

Steps 2 and 3 can be done remotely from VHQ or manually at a site by VASC using USB pen drive. P66 is responsible for installing the packages on the PIN pad.

The cashier should log off and log in to the POS after P2PE is enabled on the PIN pad.

The FET and ADE packages names are for reference only, the actual package names might be different.

PreviousAuxiliary Forecourt Point of SaleNextCar Wash Pay Point

Last updated