post https://api.preczn.com/v1/tokens
The creation and usage of tokens in our system adhere to the following guidelines to ensure security and compliance:
- Loan Tokens : Upon creation, loan tokens are designed to be multi-use. This enables the execution of multiple drawdowns, allowing for flexible and ongoing borrowing transactions.
- Credit Card Tokens without CVV: In the absence of a Card Verification Value (CVV), credit card tokens are generated as multi-use. This is based on the ability to reuse these tokens without the CVV.
- Credit Card Tokens with CVV: Conversely, when a credit card token includes a CVV, it must be generated for single-use only. This token is set to expire upon the first transaction or after a 24-hour period. The purpose of this is to align with Payment Card Industry (PCI) compliance rules, which mandate that the CVV should not be stored post-transaction.
These guidelines are established to balance user convenience with stringent security measures.
PCI Compliance Implications
If you transmit or store full card numbers (PAN) or CVV/CVC data, you are responsible for achieving and maintaining compliance with PCI DSS requirements. You must be prepared to provide a validated Self-Assessment Questionnaire (SAQ) or Attestation of Compliance (AOC) upon request to demonstrate your adherence to the applicable PCI DSS standards.