post https://api.preczn.com/v1/tokens
The creation and usage of tokens in our system adhere to the following guidelines to ensure security and compliance:
- Credit Card Tokens without CVV: In the absence of a Card Verification Value (CVV),
card
tokens are generated as multi-use. This is based on the ability to reuse these tokens without the CVV. - Credit Card Tokens with CVV: Conversely, when a
card
token includes a CVV, it must be generated for single-use only. This token is set to expire upon the first transaction or after a 24-hour period. The purpose of this is to align with Payment Card Industry (PCI) compliance rules, which mandate that the CVV should not be stored post-transaction. - Loan Tokens : Upon creation,
loan
tokens are designed to be multi-use. This enables the execution of multiple drawdowns, allowing for flexible and ongoing borrowing transactions. - Bank Accounts Upon creation,
bankAccount
tokens are multi-use. This enables the use of the bank account for multiple transactions.
These guidelines are established to strike a balance between user convenience and stringent security measures.
PCI Compliance Implications
If you transmit or store full card numbers (PAN) or CVV/CVC data, you are responsible for achieving and maintaining compliance with PCI DSS requirements. You must be prepared to provide a validated Self-Assessment Questionnaire (SAQ) or Attestation of Compliance (AOC) upon request to demonstrate your adherence to the applicable PCI DSS standards.