> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/classic-tokenization/get-started/key-concepts/tokenization-decision.md). # Tokenization decision In a card digitization request, the issuer backend receives several data elements to review before returning a `levelOfTrust` decision. Review these inputs: * Card details * Scoring information (`scoringInformation`) * Device information (`deviceInformation`) * Token requestor information (for example, xPay Wallets) The issuer sets `levelOfTrust` for each request. ### Decide the level of trust [`requestCardDigitization`](/classic-tokenization/api-reference/issuer-gateway-api/outbound-to-issuer.md) is the most sensitive issuer decision point. It is where you apply your risk logic to detect fraudulent requests. The API can include several trust signals to support this decision. Most signals depend on the card product and what the token requestor can provide. Some signals may be missing. Use the guidance below as a baseline. Adapt it to your risk policy. If the card product supports a **CSC**, start with these parameters: * cvvValidated * cardCaptureInformation.captureMethod * authenticationValue Suggested logic (pseudo-code): {% code overflow="wrap" %} ```java if (cvvValidated) { // CSC validated. setGreenFlag(); } else if (authenticationValue is available) { // If you can validate CSC via authenticationValue, treat as trusted. if (CSC_OK) setGreenFlag(); } else if (cardCaptureInformation.captureMethod == BANK_APP || cardCaptureInformation.captureMethod == ON_FILE) { // Card captured in the issuer application or from Card-on-file (COF). setGreenFlag(); } else if (cardCaptureInformation.captureMethod == CAMERA || cardCaptureInformation.captureMethod == MANUAL || cardCaptureInformation.captureMethod == UNKNOWN || cardCaptureInformation.captureMethod is not available) { // Missing or weak capture method is suspicious. setRedFlag(); } ``` {% endcode %} As a secondary check, evaluate these objects if present: * Token requestor information (for example, token requestor ID and wallet provider ID). See [Wallet provider ID mapping](/classic-tokenization/get-started/key-concepts/tokenization-decision/wallet-provider-id-mapping.md). * Card capture information (`cardCaptureInformation`) * Scoring information (`scoringInformation`). See [Scoring information](/classic-tokenization/get-started/key-concepts/tokenization-decision/scoring-information.md). * Device information (`deviceInformation`). See [Device information](/classic-tokenization/get-started/key-concepts/tokenization-decision/device-information.md). Field availability depends on the token requestor. The TSP and Thales TIG typically forward these fields as provided. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.payments.thalescloud.io/classic-tokenization/get-started/key-concepts/tokenization-decision.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.