Mobile Wallets
Mobile wallets are digital apps that store various forms of payment methods, including credit cards, debit cards, and bank account information. Payers can make payments by linking these sources to the mobile wallet app.
Mobile wallet payments refer to transactions authenticated using a device. For example, a smartphone or a tablet.
A credit or debit card added to the payer's device is tokenized and assigned a device-specific identifier called a Device Primary Account Number (DPAN) . The payment processor converts the DPAN into the corresponding Funding PAN (FPAN) of the payer's card. FPAN is the actual card number that is registered against the DPAN and is used to process the transaction. An FPAN can be associated with multiple DPANs.
The Mastercard Gateway supports the following mobile wallets:
- Contact your your payment service provider to check if the mobile wallet payments functionality is supported for your acquirer.
- Make subsequent recurring payments with mobile wallets. However, they do not support all types of merchant-initiated transactions (MIT), such as unscheduled payments, after a cardholder-initiated transaction (CIT) that used a mobile wallet payment token.
- Provide the cryptogram format in the
AUTHORIZE
andPAY
transactions for subsequent merchant-initiated payments, it must be the same as in the initial payment. If a cryptogram is available, always provide it in the transaction request for subsequent payments. The gateway passes the data as required to the acquirer. If the acquirer requires a cryptogram and it is not present, the transaction fails. - The gateway does not currently support filtering of transactions based on 3D Secure (3DS) authentication results for mobile wallet payments.
- The gateway does not support tokenized DPANs in the transaction request.
Mobile wallet payment flow
The following figure shows the payment flow for a mobile wallet payment.
Figure: Mobile Wallet Payment Flow
- A payer chooses to pay using a device and verifies the payment. For example, by entering a PIN or using a touch ID.
- The merchant initiates the transaction and gets the encrypted payment token. The encrypted payment token contains all the data elements required to process the payment, including:
- Transaction details such as currency, amount.
- Payment method details such as DPAN, expiry date, cardholder name.
- Cryptogram that was used to authenticate the payer.
- The merchant sends the encrypted payment token to the gateway. The gateway decrypts the payment token and processes the payment.
The gateway currently supports payment token decryption for Apple Pay and Google Pay only.
Alternatively, you can decrypt the payment token on your server. In this case, you need to take responsibility for storing the encryption credentials, executing the decryption, and sending the decrypted payment details in a transaction request to the gateway.
- Depending on the acquirer, the gateway sends the transaction for authorization to the processor, acquirer, or to the issuer through the card scheme network, such as Mastercard or Visa.
- The issuer validates the cryptogram, authorizes or declines the payment, and sends a transaction response to the gateway.
- The gateway sends the authorization response to the merchant.
- The merchant presents the order confirmation to the payer.
AUTHORIZE
or PAY
transactions across an order, contact your payment service provider. Visa mandates that you provide the cryptogram in each AUTHORIZE
or PAY
request for partial shipments.