Third-party wallets (such as Apple Pay)

In addition to the Pismo digital wallet, cards you issue through Pismo can be used in payment systems such as Apple Pay and Google Pay that have their own digital wallets. This happens through the following process:

  1. Customer enters card information (PAN, CVV) into payment app (Apple Pay, Google Pay, and so on) for tokenization in a digital wallet (card on file).

  2. The payment app verifies the card with the card network (Visa, Mastercard) and Pismo.

  3. If verified, the card network generates a unique digital token representing card details, which allows payments to be made without exposing sensitive data.

For more information, see Card tokenization process and onboarding.

As the card issuer, you can, for this process:

  • Provide your own anti-fraud card verification via a webhook. See Issuer anti-fraud webhook below.

  • Assign a network profile to a card that, principally, determines the picture used to represent a card in a payment app. The payment network provides card issuers a management portal where card pictures are stored and assigned an identifier.

Note: The card tokenization process generates a number of events, for more information, see Card tokenization flow and events.

Tokenizing Pismo card using wallet SDK

To add a Pismo card to a third-party wallet (Google Pay or Samsung Pay) using the wallet's SDK, you can call the Get encrypted data for wallet token endpoint to get encrypted Pismo card data. You need to get the encrypt/decrypt keys for this operation from the card network and share them with Pismo. You can do this a part of Card network certification.

For the Apple Pay SDK, you can call Get encrypted card data for Apple Pay.

Issuer anti-fraud webhook

As a card issuer you can provide your own anti-fraud card verification via a webhook, that Pismo calls during the tokenization process. If you don't provide one, Pismo uses a default anti-fraud method. You will need to configure this webhook with your Pismo representative.

For details on implementing this webhook, see Client anti-fraud webhook for card tokenization.