Understanding In-App Provisioning and Digital Tokenization With Visa

Visa Employee

Usage of mobile payment wallets is expanding because consumers find using them both fast and convenient.   In-app provisioning is the process used by issuer and partner developers to implement push-provisioning of a customer’s digital card to a digital wallet such as Apple Pay, Google Pay or Samsung Pay from a banking app.  From the customer’s perspective, it takes the form of selecting an “Add to” button within the banking app.  Visa provides tool sets discussed below to aid developers to implement push provisioning capabilities while keeping customer accounts safe.


Digital Tokenization

To safeguard customer information, increase authentication and prevent fraud during use of a digital payment service, Visa Token Service (VTS)  creates a token as a replacement for customer account information through the following process:

  1. Customer enrolls their Visa account with a digital payment service (online retailer or mobile wallet) by sending account information to the payment service provider.
  2. The payment service provider requests a payment token from Visa for that account.
  3. Visa shares the request with the account issuer for approval. 
  4. With approval, Visa replaces the customer’s account information with a unique digital identifier (token).
  5. Visa shares the token with the requestor for payment use online or mobile (NFC).  Thereafter the token is used to identify the customer while making payments.    


Two In-App Provisioning Solutions

Visa offers two ways to include in-app provisioning in an app.  A developer can choose a Visa Digital Enablement SDK (SDK) or an Visa In-App Provisioning API (API) solution to enable in-app provisioning during or after debit card and credit card issuance.   In-app provisioning is available for prepaid, virtual, commercial, purchase and one-time use cards. 


Visa In-App Provisioning API

With the Visa In-App Provisioning API, developers can enable instant provisioning of digitally issued cards into mobile wallets by enrolling customers and their cards and generating the encrypted card data needed by mobile wallets for tokenization.  In-App Provisioning APIs are available for Apple Pay, Google Pay and Samsung Pay.

Roles in this process include:

  • Cardholder - Consumer with card issued by client
  • Client – Traditional Issuer/FI or Non-Bank Issuers of card to the consumer
  • OBO Partner – Issuer processor or issuer program manager/service provider
  • BIN Sponsor – Lend BIN to non-bank issuers for card issuance
  • Pay Wallet – Apple, Google or Samsung Pay

Clients can opt to directly call the Visa In-App Provisioning API using encrypted card, or use the Universal Card Enrollment API to digitally register accounts with Visa in real time.  The graphic below is an overview of the process.

VIAP image.png

It’s important to reference Getting Started in the Visa Developer Center and to use the API explorer in the "API Reference" section to understand how to use APIs in the Sandbox.


For each digital wallet provider that you intend to enable push provisioning for, the necessary pre-requisites must be met.  Each issuer must be a participant in the (VTS).  Mobile applications must be published in applicable app stores with the ability to publish updates.  Clients must assess required steps and meet compliance for each wallet provider and work with each to ensure satisfaction.


Note that each wallet uses a unique method to identify if a card has been tokenized in that particular wallet through the pay wallet’s API/SDK integration.  The client app should use this service and enable the “Add to Wallet” button only if the card is not yet tokenized on the device’s pay wallet.


Visa Digital Enablement SDK

The Visa Digital Enablement Software Development Kits are available for iOS® and for Android™ mobile platforms and are designed to support end-to-end provisioning of consumer credentials from a mobile app directly into a payment wallet on the device.  These consumer credentials can come from an issuer, a processor, mobile app provider, fintech or channel partner.  Designed to reduce expense and complexity of multiple integration efforts for mobile providers, the Visa Digital Enablement SDK eliminates the need for cardholders to enter card information separately, because cardholders’ credentials are passed seamlessly from the client’s mobile app to digital/mobile wallets and e-commerce merchants on the cardholder’s device. 


After being embedded within the mobile app by the mobile app development team, the SDKs allow clients to control the user experience within the app and at the same time experience the benefit of ­­Visa’s In-App provisioning and infrastructure.  The graphic below is an overview of steps through the pay wallet process depicting each players’ responsibilities.



 If interested in using the Visa Digital Enablement SDK, please contact your sales representative or email developer@visa.com.



Visa supports digital commerce and mobile pay wallets by offering tokenization and in-app provisioning services to issuers.   Adoption of online and mobile payments is made both easier and safer for consumers when Visa’s services are used to make adding a digital card to a mobile wallet simple while keep consumer accounts safe.


Blog Written by guest contributor Carolyn Darity



Recent blogs