# How Firstoken Works to Reduce Your Scope Databye is Firstoken's PCI DSS scope reduction model. It ensures sensitive cardholder data is never exposed to your systems by combining secure capture, tokenization, and proxy-based transmission. Your environment handles only non-sensitive tokens at every stage. Firstoken components are processor-agnostic and work independently of any specific payment processor or gateway. *** ### The Databye Model Databye is Firstoken's scope reduction model. It is built on three stages that together eliminate your system's exposure to sensitive card data. ```mermaid flowchart LR A[Capture\nAPI / SDK / Phone / Browser] --> B[Inbound Route] B --> C[Firstoken\nTokenization] C -->|Permanent token| D[Vault] C -->|Temporary or permanent token| E[Client Systems\nToken only] E --> F[Firstoken Proxy] F -->|Detokenized data| G[Payment Processors\nBanks / Third Parties] ``` #### Collect Card data is captured directly from the source — web, app, API, or device — and routed to Firstoken through an Inbound Route. Your systems never receive the card data in plain text. #### Store Firstoken tokenizes the captured data. Two token types are available: | Type | Description | | --------- | --------------------------------------------------------------------------------------- | | Temporary | Short-lived tokens for single-use flows. Can be converted to permanent tokens. | | Permanent | Long-lived tokens stored in the Firstoken Vault, accessible from the Firstoken Console. | Your systems store and operate on tokens only. Sensitive card data resides exclusively in the Firstoken Vault. #### Transfer When card data must be transmitted to a payment processor, bank, or third party, Firstoken's Proxy detokenizes and forwards the data on your behalf. Your systems pass the token; the Proxy handles the sensitive payload. *** ### Key components | Component | Role | | --------------- | ---------------------------------------------------------------------------------------------------------------------------- | | Inbound Route | Receives card data from your capture points and routes it into Firstoken for tokenization. | | Firstoken Vault | Stores sensitive card data and its corresponding permanent tokens. Your systems have no direct access to the sensitive data. | | Proxy | Detokenizes and transmits card data to downstream processors or partners on your behalf. | *** ### Vault vs. Databye Firstoken also supports standalone tokenization through the Vault, independently of the Databye model. | | Vault | Databye | | ----------------------------------- | --------------- | ------- | | Tokenization | Yes | Yes | | Client captures data directly | Yes | No | | Client ever has data in plain text | Yes, at capture | Never | | Proxy transmission to third parties | No | Yes | | PCI scope reduction model | Partial | Full | Use Vault when you need tokenization for storage purposes. Use the Databye model when your goal is to remove sensitive data from your environment entirely. *** ### PCI DSS scope reduction By implementing the Databye model, your systems interact only with tokens throughout the entire flow — from capture to transmission. This eliminates the most complex PCI DSS security controls from your environment and can reduce your PCI DSS scope by up to 80%. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://firstoken.gitbook.io/api-docs/guides/how-firstoken-works-to-reduce-your-scope.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.