Payment security solutions company Bluefin is expanding its expertise this week with the launch of ShieldConex, a tool to help secure personal data for firms in retail, hospitality, healthcare, and high education verticals.

With ShieldConex, firms can enter sensitive consumer data– including personally identifiable information and card data– into forms embedded on their website. Once sensitive data is entered into an online form, Bluefin’s technology immediately tokenizes it, replacing it with a Format Preserving Token (FPT) or Format Preserving Encryption (FPE) that can be used in the same way as the original data. With the encryption in place, even if an organization is hacked, the fraudster only sees tokenized data, which is useless to them.

The new tools allows merchants to remain compliant in encrypting their data while maintaining control over the embedded, client-facing form.

According to Bluefin Chief Strategy Officer Ruston Miles, the company is currently “in testing” to help a major airline tokenize user information entered online. “What makes this system unique is the fact that we will collect the information on behalf of the client first, and then perform FPT or FPE. Thus, the client never touches the sensitive data on their web property and the partner gets back a vaultless token for storage – it’s the best of both worlds,” added Miles.

Originally focused exclusively on securing the payment experience, Bluefin offers token-based payment processing, payment tokenization, point-to-point encryption, EMV authentication, and Payment iFrame, a tool that allows merchants to embed an iFrame in their checkout page to encrypt user-entered payment data.

Miles gave a presentation at FinDEVr Silicon Valley 2014 about how Bluefin’s point-to-point encryption can help with PCI compliance. Recently, the Georgia-based company partnered with NCR and Powertranz to help secure NCR’s Aloha POS solution.

Bluefin has raised $6 million and was founded in 2007. John Perry is CEO.