ANX Partners with Bluefin to add Validated Point-to-Point Encryption to its Industry-Leading PCI Compliance Solution

SOUTHFIELD, Mich. - ANXeBusiness Corp. (ANX), a trusted provider of managed payment solutions, has formed a strategic partnership with Bluefin Payment Systems, the leading provider of secure payment technology worldwide. The partnership establishes ANX as the first PCI Qualified Security Assessor (QSA) to offer merchants a PCI-validated Point-to-Point Encryption (P2PE) solution that also delivers a comprehensive suite of layered security and tools to simplify PCI compliance.

ANX's solution, SecurePCI Validated P2PE, combines the benefits of encryption with all the other services that a merchant needs to be secure and compliant. SecurePCI Validated P2PE is fully managed and delivers: validated P2PE; POS terminals required to meet the October 2015 EMV mandate; $100,000 of retroactive data breach protection; portal tools to simplify PCI compliance; and enterprise-grade managed security technology for layered security.

"We are excited about partnering with ANX," said Jeffrey Schroeder, Bluefin's Chief of Marketing Strategy. "They have added our Validated P2PE capabilities to their industry-leading SecurePCI package. ANX is known for their operational excellence and ability to help merchants become PCI compliant."

"Bluefin is the worldwide market leader for Validated P2PE," added Mark Wayne, ANX Executive Vice President, Governance, Risk and Compliance. "The Bluefin partnership is great news for ANX stakeholders. Adding validated P2PE to the portfolio positions ANX to deliver the best-in-class layered security and compliance solution while minimizing the merchant effort to achieve and maintain PCI compliance."

The storage and movement of unencrypted credit card data make US merchants a primary target for organized cybercrime. This vulnerability is exploited with documented success resulting in millions of dollars in damages. P2PE represents a major step forward in the battle to secure credit card information. With P2PE, payment card information is encrypted at the merchant Point-of-Sale (POS) and remains encrypted as it is exchanged with the acquiring bank. Encryption actually devalues the data, which lessens the incentive for theft. Hence, validated P2PE reduces the risk of a data breach, positions merchants to meet the October EMV requirements, and makes it easier to become PCI compliant by reducing the scope.

ANX will be accepting orders for SecurePCI Validated P2PE at the Transact 15 event in San Francisco on March 31, 2015. Learn more at http://www.anx.com.

About ANX ANXeBusiness Corp., headquartered in Southfield, Michigan, is a global provider of managed payment, compliance, security and connectivity solutions. ANX is certified by the PCI Security Standards Council as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV). For more information, visit http://www.anx.com.

About Bluefin Bluefin Payment Systems is the leading provider of secure, integrated, cloud-based payment solutions for Independent Software Vendors and SaaS providers. Bluefin is one of only three companies worldwide to achieve PCI-validation for point-to-point encryption (P2PE). For more information, visit http://www.bluefin.com.

Source ANXeBusiness Corp.

Link:
ANX Announces Industry's First PCI QSA Validated Point-to-Point Encryption Solution

Previously thought limited to Apple and Google browsers, the flaw leaves communications between affected users and websites open to interception.

Windows machines are also vulnerable to a decade-old encryption flaw.

Computers running all supported releases of Microsoft Windows are vulnerable to "FREAK," a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov.

The flaw was previously thought to be limited to Apple's Safari and Google's Android browsers. But Microsoft warned that the encryption protocols used in Windows -- Secure Sockets Layer and its successor Transport Layer Security -- were also vulnerable to the flaw.

"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Microsoft said in its advisory. "The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industrywide issue that is not specific to Windows operating systems."

Microsoft said it will likely address the flaw in its regularly scheduled Patch Tuesday update or with an out-of-cycle patch. In the meantime, Microsoft suggested disabling the RSA export ciphers.

The FREAK (Factoring RSA Export Keys) flaw surfaced a few weeks ago when a group of researchers discovered they could force websites to use intentionally weakened encryption, which they were able to break within a few hours. Once a site's encryption was cracked, hackers could then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

"The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor," Matthew Green, a Johns Hopkins cryptographer who helped investigate the encryption flaw, wrote in a blog post explaining the flaw's origins and effects. "This was done badly. So badly, that while the policies were ultimately scrapped, they're still hurting us today."

Follow this link:
Microsoft Windows vulnerable to 'FREAK' encryption flaw too