Bluefin, the leading provider of payment security solutions for retail, hospitality, healthcare, and higher education, announced the introduction of ShieldConex®, which utilizes their patent-pending secure payment frame and vaultless tokenization solution for securing Personally Identifiable Information (PII), Personal Health Information (PHI) and card data.
ShieldConex utilizes Bluefin’s secure payment frame technology service to enable organizations to enter sensitive data via secure online forms embedded in their website. Data is immediately tokenized, securing PII, such as passport and social security numbers, drivers licenses, etc., PHI, and financial information including ACH bank account information and debit and credit cards, in a tokenized format without the use of a “vault” or database. The system tokenizes original data and replaces it with a Format Preserving Token (FPT) that can be created in the same format as the original data while retaining the usability of the original data for minimal-to-no impact to existing business processes.
According to the Identity Theft Resource Center (ITRC), as of August 2019, 907 data breaches have been reported compromising over 145 million consumer records. Businesses currently lead with the greatest number of breaches, at 44%, followed closely by Healthcare at 37%.
“The fraud landscape is changing, as evidenced by the headline-making data breaches of 2019,” said Ruston Miles, Chief Strategy Officer, Bluefin. “Hackers are going after more than just payment data. They want personally sensitive information, including healthcare records, social security numbers and more, to sell on the dark web. Consumer records can fetch high costs and be used for purposes such as identity theft – opening loans and mortgages in other people’s names – and healthcare fraud.”
“Bluefin is excited to offer secure payment frames and vaultless tokenization to and through our more than 110 connected partners worldwide,” added Miles. “To date, Bluefin’s partners have relied on our network platform for real-time decryption-as-a-service to protect card data in motion. Now, connected partners can offer ShieldConex to their merchants to protect all data at rest. The combination of Bluefin’s PCI-validated P2PE and tokenization service will protect the full lifecycle of card data.”
“PII touches every organization collecting personal consumer information, and Bluefin is currently in testing with a major airline for the tokenization of user information entered online,” added Miles.
ShieldConex allows a merchant to perform data encryption in a compliant manner while also affording programmatic control over the look and feel of the embedded input form. Format-preserving token types, including numeric, alphanumeric, date, time, address, and other structured tokens that disguise part or all of the original data based on user requirements, are returned to users. This devalues the sensitive information, so that if an organization’s system is breached, hackers only find tokenized data which they cannot compromise.
In addition to Format Preserving Tokenization (FPT), ShieldConex will also support Format Preserving Encryption (FPE).
“Securing payment, PII, or PHI in storage is not a core competency of most organizations. It requires diligent and continuous investment, training, oversight, and human capital expense to minimize risk and comply with standards,” said Miles. “What makes this system unique is the fact that we will collect the information on behalf of the client first, and then perform FPT or FPE. Thus, the client never touches the sensitive data on their web property and the partner gets back a vaultless token for storage – it’s the best of both worlds.”
ShieldConex will be available to Bluefin’s Connected Partners, which includes processors, payment gateways and ISV’s, to provide on their platforms.
Bluefin provides the leading payment security platform that supports payment gateways, processors and ISV’s in 30 countries. Bluefin’s secure payment platform is key to the holistic approach to data security. Designed to complement EMV and tokenization, Bluefin’s PCI-validated Point-to-Point Encryption (P2PE) solutions provide a solid security defense against current and future data breaches. Bluefin supports point of sale solutions for retail, mobile, call center and kiosk/unattended environments, and secure Ecommerce technologies. Bluefin is a Participating Organization (PO) of the PCI Security Standards Council (SSC) and is headquartered in Atlanta, with offices in New York, Chicago, Tulsa and Waterford, Ireland. For more information, please visit https://www.bluefin.com/.