Systems and methods for issuer-specified domain controls on a payment instrument

1 - 15 . (canceled) 16 . A system for processing a transaction using issuer-specified domain controls, comprising: an issuer computer program executed by an issuer of a financial instrument; a payment network; an electronic device executing an electronic wallet; and a third-party token service provider computer program executed by a third-party token service provider; wherein: the issuer computer program specifies an issuer-applied domain-specific control or an issuer-applied domain-specific restriction on a device-specific payment token for the financial instrument that is provisioned to the electronic wallet on the electronic device, wherein the device-specific payment token is restricted to transactions from only the electronic device; the issuer computer program requests, from the third-party token service provider, generation of the device-specific payment token comprising a pass-through indicator; the third-party token service provider computer program receives the device-specific payment token comprising the pass-through indicator; the issuer computer program stores an association of the issuer-applied domain-specific control or restriction and the device-specific payment token; the payment network receives a transaction request comprising the device-specific payment token that comprises the pass-through indicator; the payment network passes the transaction to the issuer without applying the issuer-applied domain-specific control or restriction in response to the pass-through indicator; the issuer computer program retrieves the domain control or restriction associated with the device-specific payment token; and the issuer computer program applies the control or restriction to the transaction request. 17 . The system of claim 16 , wherein the pass-through indicator is a bank identification number. 18 . The system of claim 16 , wherein the pass-through indicator is a cryptogram parameter for the device-specific payment token. 19 . The system of claim 16 , wherein the domain control or restriction controls use of the device-specific payment token with a certain merchant, with a certain device, in a certain environment, at a certain time, in a certain geography, or at a certain authentication level. 20 . The system of claim 16 , wherein the payment network applies a payment-network level domain control or restriction on the transaction before passing the transaction to the issuer. 21 . The system of claim 16 , wherein the third-party token service provider is not associated with a payment network. 22 . The system of claim 16 , wherein the issuer-applied domain-specific control or the issuer-applied domain-specific restriction is dynamic. 23 . A non-transitory computer readable storage medium, including instructions stored thereon, which when read and executed by one or more computer processors, cause the one or more computer processors to perform steps comprising: specifying an issuer-applied domain-specific control or an issuer-applied domain-specific restriction on a device-specific payment token for a financial instrument that is provisioned to an electronic wallet on an electronic device, wherein the device-specific payment token is restricted to transactions from only the electronic device; requesting, from a third-party token service provider, generation of the device-specific payment token comprising a pass-through indicator, wherein a payment network is configured to receive a transaction request comprising the device-specific payment token and is configured to pass the transaction request through without applying the issuer-applied domain-specific control or restriction in response to the pass-through indicator; receiving, from the third-party token service provider, the device-specific payment token comprising the pass-through indicator; storing an association of the issuer-applied domain-specific control or restriction and the device-specific payment token; and in response to receiving the transaction request with the device-specific payment token from the payment network, retrieving the issuer-applied domain-specific control or restriction associated with the device-specific payment token and applying the issuer-applied domain-specific control or restriction to the transaction request. 24 . The non-transitory computer readable storage medium of claim 23 , wherein the pass-through indicator is a bank identification number. 25 . The non-transitory computer readable storage medium of claim 23 , wherein the pass-through indicator is a cryptogram parameter for the device-specific payment token. 26 . The non-transitory computer readable storage medium of claim 23 , wherein the third-party token service provider is not associated with a payment network. 27 . The non-transitory computer readable storage medium of claim 23 , wherein the issuer-applied domain-specific control or the issuer-applied domain-specific restriction is dynamic. 28 . The non-transitory computer readable storage medium of claim 23 , wherein the issuer-applied domain-specific control or the issuer-applied domain-specific controls use of the device-specific payment token with a certain merchant, with a certain device, in a certain environment, at a certain time, in a certain geography, or at a certain authentication level.