Press release

PAAY and Bluefin Join Forces to Dramatically Advance Remote Commerce Security

Sponsored by Businesswire

Bluefin, the leader in encryption and tokenization payment and data security, and PAAY, innovator in consumer authentication, announced today a new security solution set that eliminates the threat of hackers and online fraud, while providing regulatory compliance. The solution set combines 3DS, hardware-based encryption, and vaultless tokenization to provide merchants a liability shift, strong customer authentication, data confidentiality, and compliance with the General Data Protection Regulation (GDPR) and the Payment Services Directive 2 (PSD2).

This press release features multimedia. View the full release here:

“The combined Bluefin/PAAY solution set is as close as we can get to a silver bullet in payment security for Ecommerce transactions,” said Ruston Miles, founder, Bluefin. “PAAY provides strong authentication at the front door and Bluefin encrypts and tokenizes the data at the point of interaction on the web. Most online merchants rely solely on SSL/TLS to encrypt the data being sent from their websites. This leaves payment data vulnerable while inside the web page before it is transmitted. Hackers have exposed this vulnerability extensively over the years.”

Large-scale breaches have grown in intensity and frequency in 2020, with the number of breaches increasing 273% in the first quarter, compared to the same time last year. Hackers are taking advantage of the fact that more and more business – whether banking or E Commerce – is being conducted online. In addition to the growing threat of cyber security breaches, merchants are also faced with the imperil of chargeback fraud. Today, it is estimated that 86% of all chargebacks are probable cases of chargeback fraud and for every dollar of fraud committed, US retailers incur $3.13 of costs.

“You really have a perfect storm because of COVID-19,” said Miles. “Consumers were forced to turn online for delivery of dining and staples like groceries and household consumables at the beginning of the pandemic. Experts say much of this online shift will stick post-pandemic.”

There is no other solution set on the market today that offers merchants a simple and holistic approach to both friendly fraud and cyber security. The ease of implementation allows big-box retailers and SMB’s to protect top-line revenue without exhausting resources and budgets.

From a regulatory standpoint, the solution set protects merchants from being fined for not complying with GDPR and/or the California Consumer Privacy Act (CCPA). Additionally, PSD2 will require strong customer authentication (SCA) on all payer-initiated transactions when both the card issuer and acquirer are within the European Economic Area.

“Violation of these Regulations and Acts, carry enormous penalties, ranging up to 4% of the business’ annual global revenue or $20 million Euro,” said Adam Gluck, CTO, PAAY. “There have been companies fined upwards of $250M under GDPR and merchants need a solution to conduct business in this environment. The PAAY and Bluefin partnership protects the livelihood of Ecommerce merchants on a global scale. The combined solution set empowers merchants to say ahead of the curve, and conduct business with confidence knowing their data is secure and their bottom line isn’t suffering because of unnecessary expenses related to online fraud.”

PAAY & Bluefin will be hosting a ‘first-look’ inside the new solution set on December 1 2020. For event details, visit

About PAAY

PAAY is a leading innovative consumer authentication service for merchants that is simple, secure and easy to implement. PAAY’s frictionless EMV 3-DS solution empowers remote commerce merchants to grow their business securely by increasing authorization rates and eliminating friendly fraud while meeting all network security and compliance needs. PAAY’s mission is to give merchants choice and control of their destiny. To learn more visit

About Bluefin

Bluefin specializes in payment and data security technologies that protect point-of-sale (POS) and online transactions. Our security suite includes PCI- validated point-to-point encryption (P2PE) for contactless retail, call center, mobile and unattended payments, and our ShieldConex® data security platform for the protection of personally Identifiable Information (PII), Personal Health Information (PHI), and payment data entered online. The company’s partner network currently includes over 130 processors, payment gateways and ISVs operating in 32 countries, which provide Bluefin’s P2PE solutions direct to merchants, enterprises, healthcare organizations and More. Bluefin is a Participating Organization (PO) of the PCI Security Standards Council (SSC) and is headquartered in Atlanta, with offices in Waterford, Ireland. For more information, please visit