Digital Wallets and Tokenization

A digital wallet is a device or system for storing digitized versions of payment cards. Examples of digital wallets include Apple Pay and Google Pay.

Digital wallets provide card holders with a secure and convenient way to store and use their payment cards without needing to carry physical cards. As payment by digital wallet becomes more widely accepted by merchants, the benefit to card holders of using a digital wallet increases.

The Marqeta platform enables you to take advantage of digital wallet technology both by facilitating the insertion of cards into digital wallets and by providing control over the lifecycle of the inserted cards.

The Marqeta platform supports Apple Pay and Google Pay digital wallets.

Card tokenization

Card tokenization is the process of protecting sensitive data by replacing it with secure, surrogate data, called a token. To insert a payment card into a digital wallet, the card's sensitive data (i.e., the PAN, CVV2, and expiration date) must be replaced with a token that serves as a reference to the card. When a digital wallet uses a card for a payment, it only provides the token, without exposing any of the original card details.

There are several paradigms for implementing card tokenization, depending on which entity generates the tokens and stores the card data on behalf of the digital wallet. The Marqeta platform supports network tokenization, which means that the card network (e.g., Visa or Mastercard) generates the tokens.


Benefits of digital wallets and card tokenization

Key advantages of supporting payments with digital wallets include:

  • Broad acceptance – Tokenized cards are valid at any merchant who accepts that digital wallet.
  • Increased security – Fewer systems have access to sensitive data, and the card network can implement tight controls and validations.

For security reasons, each network token is exclusive to both a digital wallet and a device (phone, laptop, etc.). For example, a network token requested by Apple Pay on an iPhone cannot be used by a Google Pay digital wallet or by an Apple Watch. The token can be used only by Apple Pay on the particular iPhone on which it was requested.


Tokenization participants

These are the key participants in network tokenization:

  • Card Network – (e.g., Visa or Mastercard) provides services for creating, storing, and managing tokens.
  • Issuer-Processor – (Marqeta) issues the payment card from which the token is derived, and must approve each request to provision tokens for these cards. This approval process requires integration and certification with tokenization services at the card network.
  • Digital Wallet – (e.g., Apple Pay or Google Pay) requests and stores tokens for payment cards. Digital wallets undergo certification in order to utilize network tokenization services, allowing them to request and make purchases with tokens.
  • Card holder – owns the card that will be or has been tokenized. Card holders provide their card data to a digital wallet, which then contacts the card network and requests a token for the card.

Marqeta platform objects

To support digital wallet tokens, the Marqeta platform models card holders as user objects, cards (both physical and virtual) as card objects, and network tokens as digital_wallet_token objects. A user object can be associated with multiple card objects (the number of cards that can be simultaneously active depends on your program settings). A card object can be associated with multiple digital_wallet_token objects, any number of which can be active. Each digital_wallet_token is associated with only one card. This design allows card holders to add the same card to multiple digital wallets and devices.