A tokenized account number is a secure way to handle sensitive banking information. Instead of using the actual account number, a unique token is generated and used in its place. This token represents the account number without exposing the actual account details, adding an extra layer of security.
In the Plaid API, US Bank, PNC, and Chase return a "tokenized" account number in place of the user's actual account number. The tokenized account number is accompanied by a standard routing number, returned by the API, that must be used with it, and the pair can be used for ACH transfers. The digits returned in the mask field will continue to reflect the actual account number, rather than the tokenized account number.
For this reason, when displaying account numbers to the user to help them identify their account in your UI, always use the mask field returned in the Auth response rather than truncating the account number.
For more information, see Tokenized Account Numbers in the Plaid docs.