How device tokens protect your payment cards in Google Wallet

How device tokens work

Every time you add a card to Google Wallet, a new device token is created. When it’s time to make a payment, your device token will flash.

Multiple steps occur as the device token completes the payment while providing security to the FPAN network, all in a matter of seconds. This includes an encrypted packet containing the device token being sent to the merchant’s bank; the token service provider (usually the card network) “detokenizing” the token to recover the physical card number once it’s secure; and the card issuer should be able to perform risk checks and verify the transaction.

Beyond this process, device tokens have another security feature that physical cards lack: built-in Android device authentication. In the case of a physical card, you may need to enter your PIN at the terminal or sign. However, you can only use the cards in your digital wallet after you pass regular authentication on your phone or smartwatch, such as with Face ID, fingerprint or PIN. Even if someone steals your phone, they won’t be able to complete the transaction without this authentication.

Finally, since losing your credit card can be an unfortunate reality, it’s worth noting: Since the device token is tied to your bank account or line of credit (not the card itself), you can still pay from the same account even if you need to replace your physical card. With many banks, you can still use the device token in Google Wallet to pay even while you wait for a new card in the mail.

Next time you make a contactless payment with Google Pay, know that the security benefits of tokenization come into play. Whether you’re looking for added convenience or added security, digital wallets can help ensure your information doesn’t end up in the wrong hands.