How device tokens work
A new device token is created every time you add a card to your Google Wallet. Then, when it’s time to make a payment, it’s your device token’s time to shine.
Many steps happen as a device token completes your payment while keeping your FPAN secure, all in a few seconds. This includes an encrypted packet containing the device token going to the merchant’s bank; the Token Service Provider (usually the card network) “detokenizing” the token to retrieve the physical card number once it’s safe; and the card issuer running risk checks and verifying the transaction should be allowed.
Outside of this process, device tokens have another safety feature physical cards lack: built-in Android device authentication. With a physical card, you may need to punch your PIN number into the terminal, or provide your signature. But you can only use the cards in your digital wallet after getting through your phone or smartwatch’s usual authentication, like a face ID, fingerprint or PIN. Even if someone steals your phone, they won’t be able to complete a transaction without this authentication.
Finally, since losing your credit card can be an unfortunate reality, it’s worth noting: Because your device token is linked to your bank account or line of credit (and not your card itself), you can keep paying from the same account even if you have to replace the physical card. With many banks, you can still use the device token in Google Wallet for payments, even as you wait for the new card to come in the mail.
Next time you tap to pay with Google Pay, know that the security benefits of tokenization are at play. Whether you’re looking for added convenience or additional security, digital wallets can help make sure your information doesn’t end up in the wrong hands.