ShieldConex®

API / iFrame Implementation

Tokenize payments, PHI, PII and ACH account data using our API or secure iFrame.

LinkedinInstagram
API/iFrame Implementation

Simple Tokenization Implementation

API Tokenization

Tokenize and detokenize via the API, as well as perform validations and health checks to ensure your implementation continues to run smoothly.

Use our secure iFrame to handle common data entry and initial tokenization; simply open the management portal and create a template.

Detokenization is performed via API and implementation can easily be limited to your Data Access Layer.

Share tokenized data or template references with other organizations that tokenize using ShieldConex.

Customization

Greater flexibility and choice

The use of an iFrame allows ShieldConex customers to outsource the capturing of sensitive data, in a scenario where the end-user sends its data directly to Bluefin for tokenization without traversing the customer’s production systems. This allows for greater scope (and therefore risk) reduction of the customer environment as no sensitive data is ever handled by those front-end systems in terms of transmission, processing or storage. The responsibility for the capture and encryption of this data rests with Bluefin as a Tokenization Service Provider.

Tokenization API

ShieldConex FAQs

See what others are asking…

What is the Difference Between Tokenization and Encryption?

Encryption, simply put, is taking a known piece of data and locking it up so that the data can only be retrieved with a key. In more technical terms, encryption uses an algorithm and a key to take the data and make it unreadable. Of course, this key must be controlled, typically called key management, to keep the data safe. If your data is “123,” and you encrypt the data with key “ABC,” resulting in “98zy65x,” and protect the key properly, all an attacker will be able to see is 98zy65x, which is useless to them.

Encryption, simply put, is taking a known piece of data and locking it up so that the data can only be retrieved with a key. In more technical terms, encryption uses an algorithm and a key to take the data and make it unreadable. Of course, this key must be controlled, typically called key management, to keep the data safe. If your data is “123,” and you encrypt the data with key “ABC,” resulting in “98zy65x,” and protect the key properly, all an attacker will be able to see is 98zy65x, which is useless to them.

How are iFrames Used within ShieldConex?

The use of an iFrame allows ShieldConex customers to outsource the capturing of sensitive data, in a scenario where the end-user sends its data directly to Bluefin for tokenization without traversing the customer’s production systems. This allows for greater scope (and therefore risk) reduction of the Page customer environment as no sensitive data is ever handled by those front-end systems in terms of transmission, processing or storage. The responsibility for the capture and encryption of this data rests with Bluefin as a Tokenization Service Provider.

The use of iFrame Forms in the capture of data means that once the end-user enters the data to a data capture form, the sensitive data is sent directly to Bluefin’s servers for tokenization and only the tokenized data need be received by the partner. This removes the transmission, processing and storage of the sensitive data elements from the partner environment and Bluefin effectively acts as a tokenization service provider without the need to store its own copy of the tokenized data. Neither the partner organization nor Bluefin possesses the original clear text data.

 

How do I Determine if the iFrame or API Option is Right for my Organization?

The iFrame is specifically intended to capture  data entered by a person into a web form. Typically, when PCI data is captured on a website, this brings the site into PCI scope, requiring additional work to make it PCI DSS compliant. With the iFrame, Bluefin hosts the data capture and is responsible for maintaining a PCI DSS compliant site, thereby reducing the time and effort required to implement PCI data capture.

If you’re capturing data in a web form, but have strict controls and requirements for the user interface, then API tokenization allows you to maintain full control over the user interface. However, the additional overhead of maintaining compliance should be considered.

If you need to tokenize data that is not being manually entered, then API tokenization is the right solution for you.

Does ShieldConex Store Data?

ShieldConex is a “vaultless” token solution, so the actual data is never stored in a “vault” or database. Secured data can be unmasked at any time by calling the ShieldConex service using your assigned API key

How is ShieldConex Implemented?

ShieldConex is an entirely cloud-based product that leverages APIs and secure iFrames configured through our ShieldConex Manager administration portal. Bluefin will provide access to the ShieldConex APIs, login credentials to ShieldConex Manager, and online integration documentation. We also provide integration assistance as needed to get your organization live with ShieldConex in a timely and successful manner.

Think ShieldConex is right for you?

Let’s connect.

"*" indicates required fields

Name*
Hidden
What can we help you with today?*
This field is for validation purposes and should be left unchanged.