ShieldConex® Vaultless Tokenization Solution

Protect Carhdholder Data, PII, and PHI

Tokenization as a Service

ShieldConex® is a powerful Tokenization as a Service (TaaS) platform designed to ensure payment security while protecting customer data across endpoints. By replacing sensitive payment, Personally Identifiable Information (PII), and Protected Health Information (PHI) with secure, vaultless tokens, ShieldConex helps businesses reduce PCI DSS scope while meeting data privacy regulations. Whether securing transactions across multiple channels or integrating with trusted third parties, ShieldConex delivers seamless, scalable sensitive data security.

Bluefin ShieldConex compliance to tokenize PAN data and associated PII/PHI data

Ensure Compliance with Ease

Stay ahead of data privacy regulations by tokenizing PAN, PII, and PHI data, ensuring compliance with PCI DSS and industry mandates.

Bluefin ShieldConex promotes PCI DSS scope reduction across all channels

Minimize PCI Scope, Maximize Security

Reduce PCI DSS scope across all payment channels and third-party integrations, lowering compliance costs and complexity.

Bluefin ShieldConex mitigates risk by devaluing sensitive data

Devalue Data, Reduce Risk

Protect sensitive data by replacing it with secure, vaultless tokens – minimizing exposure and reducing the risk of data breaches.

Bluefin ShieldConex - a cloud-based and easy to manage web portal that simplifies tokenization

Simple, Scalable, Cloud-Based

Deploy and manage tokenization effortlessly with a user-friendly web portal, real-time analytics, and seamless cloud integration.

Features

  • Payment and Data Tokenization Solution

    Read More

  • Tokenization API / iFrame Implementation

    Read More

  • ShieldConex Management System

    Read More

Field templates for secure data entry in payment systems.
Developers Portal
Tokenization Totals Daily

Effortless vaultless tokenization for any system – any time

Ensure Payment Data Security

Secure Payment and Associated Account Data

  • Seamless, cloud-based security

    ShieldConex is a fully cloud-based, API-driven Tokenization-as-a-Service platform, eliminating the need for on-premise hardware or infrastructure changes.

  • Vaultless, format-preserving tokenization

    Secure every data element—including payment, personal, and health information—without altering its format or requiring a complex integration.

  • Instant data protection at the point of entry

    Tokenize sensitive data upon intake before it ever touches your system, ensuring compliance with PCI DSS, HIPAA, GDPR, and other data privacy regulations.

  • Enhanced payment flexibility

    Enable card-on-file tokenization for recurring transactions, simplify refunds, and standardize payment security across online, in-store, and mobile channels.

  • Effortless integration and management

    Use the ShieldConex Manager portal to create and customize templates, manage users, track tokenization metrics, and maintain access controls—all from one intuitive dashboard.

Tokenization is a broad and complicated topic with many types of tokens and different token service providers. Over time, it’s common for business relationships and partnerships to change, and moving to a new tokenization service can cause disruptions. A solution that insulates merchants from tokenization changes and gives them the freedom to switch or add new payment partners at will, greatly simplifies the effort of doing business in today’s fast-paced environment.

David Mattei, Strategic Advisor, Fraud & AML practice – Datos Insights

Learn About Tokenization and Its Role in Data Protection

What is Tokenization and Why is It Important?
Tokenization vs. Encryption – What’s the Difference?
Tokenization, Cardholder Data and PCI Compliance: What you Need to Know

Bluefin Resources

Learn more about our features.

ShieldConex in Action
A video guide to ShieldConex and its data protection features
ShieldConex Resources
Tokenization, encryption and ShieldConex white papers
Developer Portal
ShieldConex documentation / sandbox

FAQ About ShieldConex and Data Tokenization

What is the ShieldConex Tokenization Platform?

ShieldConex is Bluefin’s vaultless tokenization platform that secures any PII, PHI or payment element entered online. Our cloud-based solution can be implemented via API or an iFrame. Users can choose to protect their data with either Format Preserving Tokenization (FPT) or Format Preserving Encryption (FPE). ShieldConex also provides omnichannel tokenization across the POS and online, and in 2023, will support network tokenization.

How are iFrames Used within ShieldConex?

The use of an iFrame allows ShieldConex customers to outsource the capturing of sensitive data, in a scenario where the end-user sends its data directly to Bluefin for tokenization without traversing the customer’s production systems. This allows for greater scope (and therefore risk) reduction of the Page customer environment as no sensitive data is ever handled by those front-end systems in terms of transmission, processing or storage. The responsibility for the capture and encryption of this data rests with Bluefin as a Tokenization Service Provider.

The use of iFrame Forms in the capture of data means that once the end-user enters the data to a data capture form, the sensitive data is sent directly to Bluefin’s servers for tokenization and only the tokenized data need be received by the partner. This removes the transmission, processing and storage of the sensitive data elements from the partner environment and Bluefin effectively acts as a tokenization service provider without the need to store its own copy of the tokenized data. Neither the partner organization nor Bluefin possesses the original clear text data.

How Does ShieldConex Perform Omnichannel Tokenization?

ShieldConex has the ability to always create the same token for the same input value. For example, the same credit card number can always generate the same token. So, if the credit card number comes from a mobile phone, a website, or even a payment terminal, ShieldConex can always generate the same token from the same credit card number. This gives the business the ability to affiliate the tokenized card number with the customer – so whenever that token is used, the business can immediately identify the customer while never having access to the real credit card number. This feature, when combined with the partner token sharing feature in ShieldConex, can solve some complex business requirements for the business and their affiliates.

Is There Any Latency in Tokenization or Detokenization?

In legacy “vaulted” tokenization solutions, data is stored on a token server and must be retrieved to use. This form of tokenization requires large databases to map tokens to their original data.

Unlike those legacy vaulted solutions, ShieldConex leverages vaultless tokenization. In this case, tokens are generated using Hardware Security Modules (HSMs), eliminating the need for storing any sensitive data. Typical response times are about 1/10th of a second – not perceptible by humans – meaning data is available instantaneously.

Does ShieldConex Store Data?

ShieldConex is a “vaultless” token solution, so the actual data is never stored in a “vault” or database. Secured data can be unmasked at any time by calling the ShieldConex service using your assigned API key.

Can ShieldConex Secure Data Through a Mobile Application?

Yes, ShieldConex also protects data in a mobile environment. If the app is written in a native app framework, the app would need to call Bluefin’s ShieldConex API. If the app is written within a web app framework, it will be able to either leverage the ShieldConex API or leverage the ShieldConex iFrame, depending on your organization’s preference.

Can ShieldConex Protect my Webpage from Being Compromised?

ShieldConex can add protection. When using the ShieldConex iFrame, the sensitive data is being captured by ShieldConex directly – not on the webpage of the customer. It also requires an out-of-band, 2-step process to retrieve this data from ShieldConex, adding an additional layer of security. Even with this in place, Bluefin recommends:

  • Regularly analyze all of your own website scripts throughout the development lifecycle
  • Implement client-side protections such as web skimming or malware protection
  • Deploy a bot management solution that is able to detect and defend against sophisticated botnets that result from browser-based attacks.

How is ShieldConex Implemented?

ShieldConex is an entirely cloud-based product that leverages APIs and secure iFrames configured through our ShieldConex Manager administration portal. Bluefin will provide access to the ShieldConex APIs, login credentials to ShieldConex Manager, and online integration documentation. We also provide integration assistance as needed to get your organization live with ShieldConex in a timely and successful manner.

How do I Determine if the iFrame or API Option is Right for my Organization?

The iFrame is specifically intended to capture data entered by a person into a web form. Typically, when PCI data is captured on a website, this brings the site into PCI scope, requiring additional work to make it PCI DSS compliant. With the iFrame, Bluefin hosts the data capture and is responsible for maintaining a PCI DSS compliant site, thereby reducing the time and effort required to implement PCI data capture.

If you’re capturing data in a web form, but have strict controls and requirements for the user interface, then API tokenization allows you to maintain full control over the user interface. However, the additional overhead of maintaining compliance should be considered.

If you need to tokenize data that is not being manually entered, then API tokenization is the right solution for you.

Think ShieldConex is right for you?

Contact Us to Learn More about ShieldConex

"*" indicates required fields

Name*
This field is hidden when viewing the form
What can we help you with today?*
This field is for validation purposes and should be left unchanged.
This site is protected by reCAPTCHA and Bluefin's Privacy Policy and Terms of Use.