Digital Wallets and Tokenization
A digital wallet is a device or system for storing digitized versions of payment cards. Examples of digital wallets include Apple Pay and Google Wallet.
Digital wallets provide cardholders with a secure and convenient way to store and use their payment cards without needing to carry physical cards. As payment by digital wallet becomes more widely accepted by merchants, the benefit to cardholders of using a digital wallet increases.
The Marqeta platform enables you to take advantage of digital wallet technology both by facilitating the insertion of cards into digital wallets and by providing control over the lifecycle of the inserted cards.
The Marqeta platform supports Apple Pay and Google Wallet digital wallets.
For endpoint documentation, see the Digital Wallets Management API reference page.
Card tokenization
Copy section link
Card tokenization is the process of protecting sensitive data by replacing it with secure, surrogate data, called a token. To insert a payment card into a digital wallet, the card’s sensitive data (i.e., the PAN, CVV2, and expiration date) must be replaced with a token that serves as a reference to the card. When a digital wallet uses a card for a payment, it only provides the token, without exposing any of the original card details.
There are several paradigms for implementing card tokenization, depending on which entity generates the tokens and stores the card data on behalf of the digital wallet. The Marqeta platform supports network tokenization, which means that the card network (e.g., Visa or Mastercard) generates the tokens.
Benefits of digital wallets and card tokenization
Copy section link
Key advantages of supporting payments with digital wallets include:
-
Broad acceptance – Tokenized cards are valid at any merchant who accepts that digital wallet.
-
Increased security – Fewer systems have access to sensitive data, and the card network can implement tight controls and validations.
For security reasons, each network token is exclusive to both a digital wallet and a device (phone, laptop, etc.). For example, a network token requested by Apple Pay on an iPhone cannot be used by Google Wallet or by an Apple Watch. The token can be used only by Apple Pay on the particular iPhone on which it was requested.
Tokenization participants
Copy section link
These are the key participants in network tokenization:
-
Card network – (e.g., Visa or Mastercard) provides services for creating, storing, and managing tokens.
-
Issuer processor – (Marqeta) issues the payment card from which the token is derived, and must approve each request to provision tokens for these cards. This approval process requires integration and certification with tokenization services at the card network.
-
Digital wallet – (e.g., Apple Pay or Google Wallet) requests and stores tokens for payment cards. Digital wallets undergo certification in order to utilize network tokenization services, allowing them to request and make purchases with tokens.
-
Cardholder – owns the card that will be or has been tokenized. Cardholders provide their card data to a digital wallet, which then contacts the card network and requests a token for the card.
Marqeta platform objects
Copy section link
To support digital wallet tokens, the Marqeta platform models cardholders as user objects, cards (both physical and virtual) as card objects, and network tokens as digital_wallet_token objects.
A user object can be associated with multiple card objects (the number of cards that can be simultaneously active depends on your program settings).
A card object can be associated with multiple digital_wallet_token objects, any number of which can be active.
Each digital_wallet_token is associated with only one card. This design allows cardholders to add the same card to multiple digital wallets and devices.
