Mobile wallet payment transaction
Let’ say you (a payer) want to make a contactless payment using a NFC enabled smartphone. The diagram below gives a high level overview. There are multiple steps happening under the hood.
Step 1: Payer unlocks the phone and sends the token
First the digital wallet performs user authentication. The customer must unlock it’s smartphone using a fingerprint or entering its pin code. Then (S)he must enable NFC and bring her phone in close proximity (4 cm) to POS terminal. Finally, Google Pay sends the payment token over NFC to the merchant POS.
During the card registration with Android Smartphone, Google Pay stores your (credit/debit) card information in it’s cloud. Google pay does not share your card number with merchants.
Step 2: POS sends the payment token to its merchant bank
Merchant POS sends the payment token to its merchant bank.
Tokenization is an effective method to keep credit card data safe during mobile contactless payments. In Tokenization process, a sensitive information e.g. primary account number (PAN) is substituted by a non sensitive information called token. It is used in payment transactions.
Step 3: Merchant bank sends token to payment processor network
Merchant bank contacts the customer bank via payment processor network.
Step 4–5: Payment processor Network gets PAN from TSP
A Payment processor sends payment token to a Token Service provider (TSP). TSP is responsible for issuing and managing of payment tokens. A TSP returns the PAN (Personal Account number) of the credit card to the payment network.
Step 6: Payment processor network sends PAN to Acquirer
In step six, the payment processor network sends PAN to acquirer bank. This bank issued the (credit/debit) card to the customer.
Step 7: Acquirer sends authorization response
In the final step, the acquirer bank decides to authorize / decline the payment based on customer balance/credit. The acquirer bank sends the authorization response.