Third-party wallets (such as Apple Pay)

In addition to the Pismo digital wallet, cards you issue through Pismo can be used in payment systems such as Apple Pay and Google Pay that have their own digital wallets. This happens through the following process:

  1. Customer enters card information (PAN, CVV) into payment app (Apple Pay, Google Pay, and so on) for tokenization in a digital wallet (card on file).

  2. The payment app verifies the card with the card network (Visa, Mastercard) and Pismo.

  3. If verified, the card network generates a unique digital token representing card details, which allows payments to be made without exposing sensitive data.

As the card issuer, you can, for this process:

  • Provide your own anti-fraud card verification via a webhook. See Issuer anti-fraud webhook below.

  • Assign a network profile to a card that, principally, determines the picture used to represent a card in a payment app. The payment network provides card issuers a management portal where card pictures are stored and assigned an identifier.

Card tokenization process and onboarding

See Card tokenization process and onboarding.

The card tokenization process generates a number of events, for more information, see Card tokenization flow and events.

Tokenizing Pismo card using wallet SDK

To add a Pismo card to a third-party wallet (Google Pay or Apple Pay) using the wallet's SDK, you can call the Create encrypted data for Google Pay or the Create card data for Apple Pay endpoints to get encrypted Pismo card data.

You need to get the encrypt/decrypt keys for this operation from the card network and share them with Pismo. You can do this during Card network certification.

Issuer anti-fraud webhook

As a card issuer you can provide your own anti-fraud card verification via a webhook, that Pismo calls during the tokenization process. If you don't provide one, Pismo uses a default anti-fraud method. You will need to configure this webhook with your Pismo representative.

For details on implementing this webhook, see Client anti-fraud webhook for card tokenization.