About Digital Wallets

Learn about how digital wallets and tokenized cards work, and how they might be a fit for your card program.


What is a digital wallet?

Digital wallets are applications such as Apple Pay and Google Pay that allow your cardholders to securely store their payment information, make payments, and store their payment history.

They can eliminate the need to carry around physical cards by letting your cardholders access their card’s payment information from a smartphone, smartwatch, computer, or tablet. As long as a device supports near field communication (NFC) transmissions, it can be used to make payments.

Because most consumers use wallets on mobile devices, the terms “digital wallet” and “mobile wallet” are often used interchangeably.

How do digital wallets work?

Digital wallets use a special type of card called a tokenized card. From your cardholder's perspective, they function similarly to a virtual or physical card. On the backend, a process called tokenization is used to replace a card's sensitive data (PAN, CVV2, and expiration date) with a token.

When a digital wallet uses a card for payment, it never exposes any of the original card details. Instead, the wallet provides a token. The token can be specific to a particular merchant or wallet, or valid for only a specific number of purchases.

When a payment is made, the merchant sends the token to the card network to match the token with the PAN. The network then forwards the authorization request to Lithic (and you, if you have ASA enabled) to approve or decline the request.

How can cards be added to digital wallets?

There are two primary ways that cards can be added to digital wallets:

  • Manual entry: Cardholder either types their card information directly into the digital wallet or uses an embedded image capture feature to scan the front (and sometimes back) of their card
  • Push provisioning: Cardholder taps an "add card to digital wallet" button or similar action from your app. Push provisioning makes it easier for cardholders to add your cards to their digital wallets, which means they're more likely to use it when it comes time to pay for a purchase. Implementing push provisioning requires extra steps, as you'll need to integrate your app directly with the wallet provider. See the Push Provisioning page for more information

Implementation Steps

Across digital wallet providers and card networks, there are a few standard steps required to enable your program for digital wallets.


The below steps assume that Lithic is your program manager. Processor only-customers will go through many of the same steps with their program manager's assistance.

Establish a BIN or BIN range

You will first need to work with a bank to establish a BIN or BIN range for your card program, which Lithic can do for you. At this stage, Lithic will work with you to have a project opened with the card network to initiate the process of enabling your cards to be added to digital wallets.

Card art approval

Once you have a BIN in place, you will need to design how your card appears in the digital wallet. You will need to design the front of the card by selecting a card background color and submitting your logo.

Card art must fit within certain specifications and requires approval from the card network, digital wallet provider, and your bank. Here are the specifications that you will need to submit to your Lithic Implementations Manager:

  • Company logo in PNG format (1372 x 283 pixels)
  • Card design with no rounded corners in PNG format (1536 x 969 pixels)
  • Company app icon in PNG format (100 x 100 pixels)
  • Hex code value for your card’s background color
  • Hex code value for your PAN color
  • Hex code value for your card description color

Lithic also enables customers to associate multiple card arts with each BIN. See Flexible Card Art below.

Card configuration

Next, you will need to provide some additional information that will be included alongside your card when your cardholder adds it to a digital wallet app, including:

  • Terms and conditions
  • Contact information
  • Different types of identifiers (which the wallets use to link the card back to your app, where applicable)

Network configuration

After you determine how your card will be configured, the network will take steps to implement your configuration. Your Implementation Manager will submit a request to the network on your behalf to set up your card configuration.


Once your card and network configuration are complete, you will need to allow-list test cards on your BIN range to ensure that tokens are properly issued when you attempt to add them to digital wallets. This allows you to confirm that cards on your program are working as expected once they're issued to end users.

Submit approvals to network

Next, Lithic will submit forms that document successful testing and certain program details to the card network. While the issuing bank is not explicitly involved in submitting these forms, card networks typically refer to these forms as "financial institution forms".

Apply for approvals from wallet providers

Finally, the card network will take the forms provided in the prior step and submit them to the wallet providers for approval. Each provider may request slightly different information. Once your card receives aprproval from a digital wallet, you are ready to go live. Your cards can now be successfully tokenized and added to the approved wallet.

Cardholder Authentication

During the card tokenization process, the digital wallet and card network may recommend one of three outcomes: approve, require additional authentication, or decline.

If the recommended outcome is "approve", the tokenization will be approved and the card will be successfully added to the digital wallet. If the recommended outcome is "decline", Lithic will decline the tokenization request.

If the recommended outcome is "require additional authentication", the cardholder will be prompted (in the digital wallet provider app) to select one of two authentication methods:

  • Authenticate via one-time passcode sent via SMS (text message)
  • Authenticate via one-time passcode sent via email

Depending on the cardholder's selection, Lithic will send a one-time passcode (OTP) to the phone number or email address passed to Lithic when the associated Account Holder was created. From there, the cardholder can input the OTP to the digital wallet app to continue the tokenization process. If the Account Holder object associated with the card is missing values for either the phone number or email address, the tokenization request will be declined.

To ensure the best possible cardholder experience, Lithic customers should use the update account holder information endpoint to ensure that a current phone number and email are on file for their account holders.

Enterprise customers can customize an email address on their domain from which the OTP will be sent to their cardholders.

Flexible Card Art

You can associate more than one card art with your BIN. When end users tokenize their cards, you can then choose which digital wallet card art to display. To associate card art with a card at tokenization:

  1. You will need Card Art Approval for each additional card art. Share the new card art you want to associate with your BIN with your implementation or customer success manager. They’ll submit the art to Mastercard and the appropriate sponsor bank for approval.
  2. After the card art is approved, your implementations/customer success manager will share a corresponding Card Art Token UUID.
  3. You can then append this Card Art Token UUID to POST or PATCH card requests via the digital_card_art_token parameter. When the cardholder tokenizes, the digital wallet card art associated with that Card Art Token will be shown.