As mentioned in the following post:
The card expiry date is masked when returned in the getCustomerProfileRequest. As the card number is masked, there is no PCI requirement that the expiry date of the card also be masked. Without the expiry date, it makes it impossible for us to automate the process of notifying our customer's clients that their card will be soon expiring. The reason for us going this route is to offer an ARB solution managed completely from within our application. It is imparative for us to have access to this date.
The idea is a simple one. Return the expiry date in the CIM getCustomerProfileRequest unmasked.