Skip to main content

Mobile Wallets: Google Pay & Apple Pay

The adoption of mobile wallet solutions, such as Apple Pay and Google Pay, represents a fundamental shift in the payments landscape, moving away from physical plastic towards a more secure and streamlined digital ecosystem.

From a strategic perspective, these services offer two major advantages:

  • a Frictionless User Experience
  • an Enhanced Security Framework.

By leveraging NFC (Near-Field Communication) technology for in-store payments and integrated APIs for online checkouts, these wallets eliminate the need for manual data entry, significantly reducing transaction abandonment.

The core strength of these platforms lies in Network Tokenization, which replaces the primary account number (PAN) with a unique digital identifier (DPAN), ensuring that sensitive card data is never shared with merchants or stored on servers.

Furthermore, every transaction is protected by Strong Customer Authentication (SCA), natively integrated through biometrics (FaceID, TouchID, or fingerprint) or device passcodes. For an Issuer, supporting these services means not only meeting the modern consumer's demand for convenience but also drastically lowering the risk of fraud and data breaches.

Ultimately, the integration of Apple Pay and Google Pay provides a robust, PCI-compliant environment that bridges the gap between physical security and digital agility, fostering greater trust and loyalty within the cardholder base.

Support for Mobile Wallets integration

The main concepts around the tokenization process are the following:

  • The cardholder possesses a physical card and its sensitive data (PAN, CVV, Expiration Date).
  • The cardholder initiates the provisioning process by entering the card details into the Digital Wallet (e.g., Google Pay).
  • Google Pay securely sends the encrypted card data to the Network Scheme (e.g., VISA/Mastercard).
  • The Network Scheme identifies the Issuer and requests permission for digitization.
  • The Issuer evaluates the risk and triggers a "Yellow Flow" (Step-up Authentication), generating an OTP code.
  • The Issuer sends the OTP directly to the cardholder's registered mobile number or email address.
  • The cardholder enters the received OTP code into the Google Wallet app.
  • Google Pay forwards the OTP to the Network Scheme, which sends it to the Issuer for verification.
  • Once the Issuer validates the OTP, it authorizes the Network Scheme to proceed with tokenization.
  • The Network's Token Service Provider (TSP) generates a DPAN (Token) and a set of cryptographic keys.
  • The DPAN and keys are securely downloaded and stored in the device's Secure Element.
  • The card is now Active and ready for contactless or online payments.

P2 Card Issuing Platform offers a robust and easier way to start the provisiong of a card on Google Pay or Apple Pay. Even if this process can be also carried on manually using the tools provided by Circuit (VISA, Mastercard, Diners, etc.), the API provided by P2 allows to the Affiliate to narrow the effort for the tokenization of the card, and creates a more smooth user experience.

Below is a complete diagram of the process to be implemented. It involves the Affiliate Mobile App, the Affiliate Backend, and—of course—the Issuer, the Network Scheme, and the Digital Wallet Platform. To keep it as simple as possible, the following example focuses on the Google Pay Platform and Android devices, but it also applies to Apple Pay and iOS devices.