Re: Tokenised?
I *think* that what it essentially means is that they aren't storing the card details themselves but pass them on to their payment processor who supplies them with a code (token) related to that card's details, which they can then use to process the payments each month. This way they don't have the same level of compliance testing as they aren't storing card details themselves, and the payment processor *should* only allow transactions using the token to process payments submitted by, and directing payments to, T-T.