Bluefin’s ShieldConex® is a cloud-based tokenization and encryption platform that captures and secures sensitive data fields upon entry and at rest. It enables users to enter sensitive data online through Bluefin’s secure iFrame technology – bypassing an organization’s servers and reducing PCI scope, while adhering to privacy standards. ShieldConex is also one of the only data security solutions that can support both Format Preserving Tokenization (FPT) and Format Preserving Encryption (FPE).
Tokenization refers to technology that replaces data with a substitute. In the context of data, a token usually a non-sensitive representation of data element. Once made, tokens can be used to access the unique data they're associated with. That’s why it’s a popular compliance and security solution. You give your tokenization provider anything that might be subject to security regulations, and they give you tokens. You store those tokens in place of the original data. Since tokens are not subject to the same regulations, you’ve effectively offloaded this responsibility to a trusted 3rd party.
ShieldConex uses a system called vaultless tokenization. As scale grows and rules governing businesses become more complex, there is an increasing market for a stateless solution. We needed a solution that allowed providers to desensitize the data instead of just giving it a pseudonym in the form of a randomly generated token. Vaultless tokenization was eventually developed to solve those problems. Unlike vaulted tokenization, it’s an algorithmic solution, but what makes it secure is that no single entity maintains all of the components necessary to reverse-engineer the data. Since there is no cleartext data to maintain, there isn’t an enormous vault that has to be replicated across locations, so latency is vastly reduced.
ShieldConex removes credit and debit card information from your system and networks, which can reduce your PCI compliance scope up to 90% to a Self-Assessment Questionnaire A
ShieldConex meets international and U.S. data privacy regulations by pseudonymizing, or “masking,” data at the point of entry.
ShieldConex addresses NACHA rules for the protection of Account Data and Account Numbers not only in storage, but also upon entry into online web forms
Updated 2 days ago
In this guide, we'll explain how to setup API authentication, tokenize data, and retrieve tokenized data. If you're just getting started, check out our authentication guide first.