# Bluefin Encryption **Revision History** | **Date** | **Description** | | --------- | ------------------------------ | | 9/15/2025 | Initial Documentation Release. | | 1/08/2026 | Fixed review comments | ## Overview ### Feature Description PCI-DSS 4.0 has introduced many new requirements which can be reduced if payment devices have implemented Point-to-Point Encryption (P2PE). Bluefin has teamed up with Heartland to provide P2PE on Heartland Value Added Payment System (VAPS) and Network Services (NWS) platforms. For Verifone Release 56.03, Verifone has implemented the P2PE solution using Bluefin for Phillips 66. For this release the encryption is only implemented for indoor PIN pads. This solution requires the installation of Feature Enablement Token (FET) package, Bluefin key (DATA DUKPT / P2PE) and associated configuration files on the PIN pad. This installation is in addition to the usual 3DES DUKPT debit keys that are used for debit PIN encryption. Sites should get in touch with P66 to install the required packages on the PIN pad. If any indoor PIN pad is enabled for ADE encryption (the encryption Bluefin uses), then all the active PIN pads at that site must also be using the ADE encryption. Mixed implementation are not allowed where some PIN Pads are encrypted and some are not. ### Requirements **Supported Hardware Configurations** * Verifone Commander with C18 **PIN pad** * P400 * M400 **Software Requirements** * Verifone Commander Release 56.03 and above * EVPAY 2.08.00 R09 kernel 703 #### EPS and PIN pad Configuration **EPS** There is no configuration required. After the 56.03 software is installed, EPS automatically detects whether any PIN pad is P2PE enabled. On detecting that any PIN pad is P2PE enabled EPS considers that P2PE is active at the site. After P2PE is active at a site, EPS will not allow any network transactions from a POS that is associated with a non P2PE PIN pad. **PIN Pad** 1. Installing 56.03 will automatically get all the PIN pads at the site upgraded to EVPAY 2.08.00 R09. To enable P2PE functionality on the PIN pad below two steps are required. These are only required to be done for the initial setup. After a PIN pad is P2PE enabled, it cannot be revered back to non-P2PE mode. 1. Install FET package to enable P2PE (e.g: ADE-FE-VOS-PROD-WAW-Token.tgz). 2. Install Bluefin production ADE keys for encryption (e.g: BMX\_1-25-0011-5598.tgz). Steps 2 and 3 can be done remotely from VHQ or manually at a site by VASC using USB pen drive. P66 is responsible for installing the packages on the PIN pad. The cashier should log off and log in to the POS after P2PE is enabled on the PIN pad. ![](/files/f2bc0df79c818f8148841a98ebb8c8d0f8579186) The FET and ADE packages names are for reference only, the actual package names might be different. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.verifone.com/feature-references/feature-references/bluefin-encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.