Guide to Digital Wallets and Tokenized Cards

Digital wallets are quickly becoming the primary payment method for online purchases.

According to FIS, digital wallets accounted for nearly half of all ecommerce transactions in 2021 (representing a bit over $2.5 trillion) and it’s projected they will surpass physical card usage by the end of this year.

With more consumers opting to use digital wallets over other payment options, we expect more fintechs are going to offer digital wallet compatible cards to gain “top of wallet” awareness.

In this guide, we explain how digital wallets work and break down the step-by-step process required to offer a digital wallet compatible card.

Founder TL;DR

• Digital wallets use a special type of card called a tokenized card that replaces a card’s sensitive data (PAN, CVV2, and expiration date) with a token.
• There are many different types of digital wallets, but the three main players in the U.S. fintech space are Apple Pay, Google Pay, and Samsung Pay. Apple currently has the most users.
• When you make a payment using a digital wallet, your original card details are never exposed. Instead, the wallet provides a token that can be specific to a particular merchant or wallet, or valid for only a specific number of purchases.
• If a fraudster intercepts a token, they won’t be able to use it because the token either doesn’t match the associated wallet, isn’t the right token for the right merchant, or the token has already expired.
• Virtual cards can’t be added to digital wallets unless they’re tokenized. By default, virtual cards operate more like traditional physical cards.
• Tokenized cards generally take longer to launch because they require coordination, review, and approvals from the card networks and wallet providers. Missing certain deadlines can also extend the timeline further.
• Modern card issuing platforms now make launching a tokenized card much easier to manage and help expedite the launch process (although some companies may want to manage their own card program).

What is a digital wallet?

Digital wallets are applications that allow users to securely store their payment information, make payments, and store their payment history.

They eliminate the need to carry around cards in your physical wallet by letting you access your card’s payment information from your smartphone, smartwatch, computer, or tablet. As long as a device supports near field communication (NFC) transmissions, it can be used to make payments.

Because most consumers use wallets on mobile devices, the terms “digital wallet” and “mobile wallet” are often used interchangeably.

There are many different types of digital wallets, but the three main players in the U.S. fintech space are Apple Pay, Google Pay, and Samsung Pay. Apple currently has the most users.

Fun fact: The Starbucks mobile app also offers digital wallet-like features. With over 31 million users, Starbucks has more users than both Google and Samsung.

How do digital wallets work?

Digital wallets use a special type of card called a tokenized card. From a user perspective, they function similarly to a virtual or physical card. But on the backend, they use a process called tokenization to replace a card’s sensitive data (PAN, CVV2, and expiration date) with a token.

When a digital wallet uses a card for payment, it never exposes any of the original card details. Instead, the wallet provides a token. The token can be specific to a particular merchant or wallet, or valid for only a specific number of purchases.

If a fraudster intercepts a token, they won’t be able to use it because the token either doesn’t match the associated wallet, isn’t the right token for the right merchant, or the token has already expired.

This is why tokenized cards are considered much safer than other payment options.

How digital wallets work from a cardholder perspective

Most digital wallets come with a mobile app you can add to your device. Some devices come with a wallet pre-installed, such as iPhones and Apple Watches.

To add a card, users either manually enter the card information or scan the card with their device’s camera. Many fintechs leverage push provisioning to allow users to automatically add card details to their wallet with a tap of a button.

Once a card is stored in a digital wallet, it be used for payment in several ways:

• via phone in a brick-and-mortar store
• on the checkout page of a website
• as a payment method within other apps
• through a messaging app

When they’re out shopping, users can pay by holding their device to any point-of-sale terminal that supports contactless payments. If they’re shopping online, they simply choose the wallet as a payment option at checkout.

To complete the transaction on mobile, the user will either need to provide a passcode or authenticate through biometric verification at checkout. If they’re using a computer or laptop, users will instead be prompted to log in or provide a password.

After a payment has been made, the merchant sends the token to the card network to match the token with the PAN. The network then forwards the authorization request to the issuer who approves the request, completing the transaction.

Virtual cards aren’t default compatible with digital wallets

Virtual cards cannot be added to digital wallets unless they are tokenized.

By default, they operate more like traditional physical cards and have all the same characteristics such as the 16-digit primary account number (PAN), CVV, cardholder name, and billing address. When a user pays with a virtual card, they provide the merchant with the PAN instead of a token.

If a fraudster intercepts the transaction or gains access to the card information, the card is compromised and the bad actor will be able to use that to make further purchases.

That’s why tokenized cards are much safer payment options. No matter who gains access to the token, your PAN remains protected.

How to launch a tokenized card

Tokenized cards generally take longer to launch because they require coordination, review, and approvals from multiple parties (e.g. card networks, wallet providers). Missing certain deadlines can also extend the timeline further.

Modern card issuing platforms now make this process much easier to manage and help expedite the launch process (although some companies may want to manage their own card program).

No matter what approach you use, you’ll still be working with the following players:

• Issuer: the entity that creates the card and releases it to end users (e.g., the fintech).
• Sponsor bank: also called the issuing bank, holds the principal issuing licenses with the card network(s), giving them the ability to issue cards with the schemes.
• Processor: the entity that connects the bank to the card network, processes card transactions, and orchestrates network messages between the issuer/sponsor bank and the card networks (e.g., Lithic).
• Card network: the card network remits payment between the parties engaged in the transaction (e.g., Mastercard or Visa). They take money from the party using the card to make a payment and send it to the merchant or other party receiving payment.
• Digital wallet provider: creates the digital wallet used to hold the tokenized card (e.g., Apple, Samsung, Google).
• Program manager: manages the card program. Typically the card issuing platform (e.g., Lithic) will hold this role, but the issuer can also manage its own card program.

The 7-step launch process for tokenized cards

The launch process, sometimes referred to as the implementation process, can be broken down into different phases.

Step 1: Establish a BIN or BIN range

To issue digital wallet cards, you need a BIN that is programmed to enable card tokenization or else the cards will not meet the technical requirements for inclusion in digital wallets.

You can establish your own BIN or share an existing BIN. If you plan to act as your own card program manager or intend to take over the card program after launching, you will want to establish your own BIN.

Establishing your own BIN takes extra time and can be more expensive. If you opt to use your card processor as a program manager, they can allocate a portion of an existing BIN to you.

In order for a project to be opened with Mastercard and Visa, the BIN needs to be live or in the production environment (i.e., available to spend money).

Step 2: Card art approval

After you have a BIN in place, you need to design how your card will appear in the digital wallet. You will need to design the front of the card by selecting a card background color and submitting your logo.

Card art must fit within certain specifications and requires approval from the card network, digital wallet provider, and your bank.

Here are examples of the specifications you should expect from the card network:

• Company logo in PNG format (1372 x 283 pixels)
• Card design with no rounded corners in PNG format (1536 x 969 pixels)
• Company app icon in PNG format (100 x 100 pixels)
• Hex code value for your card’s background color
• Hex code value for your PAN color
• Hex code value for your card description color

Step 3: Card configuration

Next, you need to submit the information that will be included with your card in the digital wallet app, such as your:

• Terms and conditions
• Contact information
• Different types of identifiers

Wallet providers use identifiers to link the card back to your app. Apple and Google each require certain unique identifiers.

You will also need to include other details to aid in configuration, such as your card’s default settings upon activation.

Step 4: Network configuration

After you determine how your card will be configured, the network needs to take steps to support that configuration. To kick this process off, your card program manager needs to submit a request to the network to set up your card settings.

Step 5: Testing

Once your card and network configuration are complete, the card program manager needs to test the BIN range associated with your card program to ensure it is properly issuing tokens for specific, designated PANs or account numbers within the BIN’s range. This ensures that cards within the BIN range will work as expected once they’re issued to end users.

Step 6: Submit approvals to network

Next, your card program manager needs to submit forms that document successful testing and outlines certain program details to the card network. While the issuing bank is not involved in submitting these forms, card networks sometimes refer to them as “financial institution forms.”

Step 7: Apply for approvals from wallet providers

Finally, the card network will take the forms provided in step 6 and submit them to the wallet providers for approval. Each provider may request slightly different information. If your card processor is acting as your card program manager, they can help you navigate these requirements.

Once your card receives approval from a digital wallet, you’re ready to go live! You can officially start issuing tokenized cards users can add to the approved wallet.

Optional: Set up push provisioning (recommended)

Tokenized cards can be added to digital wallets through three methods:

• The user can manually type their card number into the digital wallet
• The user can scan the front and back of their card
• The user can push a token to the wallet using push provisioning

Push provisioning makes it easier for users to add your card to their digital wallet, which means they’re more likely to use it when it comes time to pay for a purchase. But it does require a bit of extra work as you’ll need to integrate your app directly with the wallet provider.

–

If you’re interested in learning more about launching a tokenized card, contact us.