Welcome to ShieldConex®

Learn more about Bluefin's Vault-less Tokenization Solution – ShieldConex

Bluefin’s ShieldConex® is a cloud-based tokenization and encryption platform that captures and secures sensitive data fields upon entry and at rest. It enables users to enter sensitive data online through Bluefin’s secure iFrame technology – bypassing an organization’s servers and reducing PCI scope, while adhering to privacy standards. ShieldConex is also one of the only data security solutions that can support both Format Preserving Tokenization (FPT) and Format Preserving Encryption (FPE).

If you're looking for help or information regarding the ShieldConex portal, please see our User Guide.

The Benefits of ShieldConex

Reduce PCI Scope

ShieldConex removes credit and debit card information from your system and networks, which can reduce your PCI compliance scope up to 90% to a Self-Assessment Questionnaire A

Address Data Privacy Regulations

ShieldConex meets international and U.S. data privacy regulations by pseudonymizing, or “masking,” data at the point of entry.

Meet Nacha Rules

ShieldConex addresses NACHA rules for the protection of Account Data and Account Numbers not only in storage, but also upon entry into online web forms

Implementing ShieldConex

Before you dive in, there are a few things you should know.

Code Languages

Any language that can make a Rest API request in JSON can write to ShieldConex. All of our sample requests are in Node.js.

Two Implementation Methods

Detokenization will always be performed via API so that you can isolate code changes within your Data Access Layer, but there are 2 ways for you to implement tokenization with ShieldConex. Like detokenization, you can perform tokenization using only the API, but we also provide a path using the Secure iFrame. This way, you don't have to worry about protecting data from the points of entry to tokenization – we host the data intake and you fetch the resulting tokens from us via API. For more information, take a look at the iFrame Tokenization guide and the API Authentication.


Regardless of your implementation method, you'll need to implement API authentication. We've put together an Authentication Guide outlining exactly how to set it up so you can start making secure calls with very little time or effort.

What’s Next

In this guide, we'll explain how to setup API authentication, tokenize data, and retrieve tokenized data. If you're just getting started, check out our authentication guide first.

Did this page help you?