There are also additional mandates around the implementation of Tokenization that need to be adhered to.
- A Token must be scoped to a Merchant, Customer Card and Token Requestor
- Explicit user consent and Additional Factor of Authentication must be taken before generating a Token
- A Merchant should give the customer an option to de-register their Token from the Merchant platform
- Only last 4 digits of the customer card, along with Issuer Bank name will be available to a Merchant during transactions