Attestations

Device Attestations

PCI Compliance requires that merchants using a P2PE solution inspect their devices for tam- pering at least once per year. P2PE Manager makes these inspections easy to complete.

Viewing Completed Attestations

The Completed Attestations tab provides you with a record of all the devices that have been attested.

1. Navigate to the Attestations tab
2. Click Completed Attestations in the left column.

3. Review the Complete Date for attested devices.

Shortly before a device needs to be inspected and attested to, you will receive an email notification. (The email includes device serial number and location.)

1. Click the Attestations tab. Select Upcoming Attestations in the left column.

2. Select the checkbox next to the device(s).

To select all devices, click the check box above the list of devices. You can select up to 500 devices and perform attestations on the selection as a group.

3. Click Create Attestation.

4. Optional: Based on your preference, you can upload one image. Click Choose File and then navigate your network to select the image file.
   NOTE: The following file types can be selected: .jpg, .jpeg, .png. (Maximum file size = 25 MB)
5. Click Save when you’re done.

📘

Attestations can also be performed in the Past Due Attestations tab by following Step 2 through Step 5.

Changing Device Attestation Date

PCI standards indicate a device should be inspected at least once per year, but some merchants choose to inspect devices more often. Other merchants do inspections once per year but will adjust initial inspection dates to make sure that inspections of all devices are done on the same day.

1. Select the Devices tab. All devices will be listed.
2. Click Edit (pencil icon) next to the device you want to edit.
3. You can set the attestation period frequency by selecting from a list of options. Based on your selection, the system will prompt you to perform the attestation.

4.Optional. Update the Audit Next Date based on your preference and click Save
when you're done

Batch Process: Change Device Attestation Date

You can change the device attestation date for a group of devices (up to 500) from Attestation > Upcoming Attestation. You can use the Search feature to narrow the list and you can optionally download a list of devices into a PDF or CSV file.

1. Select the device(s) you want to change and then click Update. NOTE: You can select up to 500 devices.

2. Update the information as appropriate for Audit Next Date and Attestation Period.

3. Click Save when you’re done.

Viewing Upcoming Attestations

1. Navigate to the Attestations tab
2. Click Upcoming Attestations in the left column.

3. Review the Audit Next Date for the next date the device is scheduled to be audited.

📘

Upcoming Attestations table will only display attestations 14 days prior the Audit Next Date.

Viewing Past Due Attestations

1. Navigate to the Attestations tab
2. Click Past Due Attestations in the left column.

3. Review the Past Due Date that the device was scheduled to be audited.

📘

You can use the Search feature to narrow the list and you can optionally download a list of devices into a PDF or CSV file.

Sending a Reminder to Complete Past Due Attestations

📘

Only Partner Supervisors and Partner Fulfilment user send a reminder to their Sub-Partners, Clients, and Sub-Partner’s Clients to remind them to complete past due attestations. The contact person listed for that device will receive the email.

1. Navigate to the Attestations tab
2. Click Past Due Attestations in the left column.
3. Select the device(s) you want to send a reminder for and click Send a Reminder

❗️

You can select up to 500 devices.

Device Tampering Detection

Bluefin’s P2PE devices have three mechanisms to detect tampering, each outlined below. The one that is triggered depends on the method of tampering that was utilized by the attempted data thief. For security reasons, the activities that trigger each of these mechanisms are omitted.

• If the device detects tampering at the time that it is tampered with, it will lose transaction processing ability and display tamper on the screen. If this happens there is no way to remotely reactivate the device and you will need to coordinate with Bluefin to replace it.
• If the device does not detect tampering at the time (which may be the case with external tampering), it will detect changes in the submitted data string and display quarantine within P2PE manager. The screen may look the same, but transaction processing ability will be deactivated. If this happens, please contact Bluefin.
• The device may suspect tampering by certain processing attempt patterns that are consistent with data thief testing. If these patterns are detected the device will display quarantine within P2PE manager. The screen may look the same, but transaction processing ability will be deactivated. If this happens, please contact Bluefin.