Skip to main content

Watch integration

The Watch Payment product allows payments using Huawei smartwatches connected to Android and iOS smartphones. Payments are based on the MDES Token Requestor solution from Mastercard.
Contactless payments are possible without a constant internet connection—both on the smartphone and the smartwatch.

The core payment and token provisioning process is based on the Token Requestor product and requires an active project with Mastercard.
VCPSDK is a certified and secure product, approved by EMVCo and Mastercard, and has been launched in multiple banking and partner applications.


Introduction

The product is based on Verestro Cloud Payment solutions for NFC Issuer Wallet with Mobile SDK, Mastercard MCBP 2.1 SDK, and Visa VTS SDK.
For more details, visit: Token Requestor Page.

It is also referred to as the Token Requestor SDK.
This document describes the integration between the Mastercard MCBP 2.1 SDK for both mobile devices and Huawei Watch.


Requirements & Limitations

  • Integration of Verestro Cloud Payment solutions for NFC Issuer Wallet as described here.
  • Integration of Verestro Cloud Payment solutions Watch SDK as described in this document.
  • Huawei Health integration for MPA and Huawei Watch, using the WearEngine Library provided by Huawei.

Architecture

watch-payment-architecture.png

  • Mobile application SDKs

    • VCPDSRPSDK for Android and iOS (Token Requestor SDK) – responsible for managing the issuer wallet on the phone.
    • Wearengine SDK - Manages communication between the smartwatch and the mobile application on both Android and iOS.
    • MDC SDK - Additional SDK for enduser management 

  • Smartwatch SDKs:

    • Watch Communication SDK – facilitates communication between the smartwatch and the connected smartphone, supporting both Android and iOS devices.
    • Watch Payment SDK - Handles the payment process on the smartwatch, token provisioning, and communication with servers on behalf of the smartwatch.

Watch Connection

The communication with Huawei smartwatches is based on the WearEngine library provided by Huawei. Access to development using this library can be requested on the Huawei Developer website.

For the watch to function correctly on the device, the Huawei Health app must be installed, as it serves as an intermediary in the communication between the payment application and the smartwatch.

It is strongly recommended to keep only one active watch linked to the user's mobile application.


Watch Secure Session

During this process, the SDK establishes a secure connection between the SDK and the watch to transmit the card profile and transaction credentials.

Each data synchronization requires generating new keys on both the SDK and watch sides.
Both the sender and receiver are verified during the connection process.


Token Creation

The system uses Transaction Credentials (Payment Tokens) obtained from MDES.

Using secure channels and a certified SDK, Transaction Credentials are transferred to the watch, making it ready for contactless payments. These credentials are stored on the device, enabling payments even without a constant internet connection or a direct link to the phone.

Read more about Verestro SDK integration for tokenization:
Verestro Developer Portal.


Adding Token and Transaction Credentials to the Watch

During card digitization (payment activation), data is exchanged between devices and the MDES and Verestro servers. Transaction credentials are delivered to the devices via API and Remote Notification Service.

image.png

This process is automatic for the end user. In Quicko Wallet, contactless payment is first activated on the phone, after which the user is asked whether they want to enable payments on the smartwatch. This process can also be triggered independently, provided that the Huawei smartwatch is actively connected to the application.


Token Data Synchronization

This process ensures that all token- and payment-related data on the watch remain up to date.

There are two types of token synchronization between the MPA (Mobile Payment Application) and the watch:

  • MPA-initiated synchronization
  • Watch-initiated synchronization

Payment

This process describes the payment flow on the smartwatch.

  • The user must unlock the watch to initiate a payment and open the Payment Application.
  • Once the Payment Token is selected, the user can Tap & Pay on a terminal.
  • After the payment, the watch should attempt to communicate with the MPA to synchronize the credential state.

Authentication

Transactions must be authenticated, but this does not mean that every transaction requires separate confirmation.

The application uses Consumer Device Cardholder Verification Method (CDCVM) to authenticate the user. Depending on specific circumstances, the app may request biometric authentication or a PIN.

Since the service uses on-device authentication, no additional security mechanisms need to be implemented by the integrator.


Disabling Payments

If the watch is unpaired from the phone via the Huawei Health app or the payment app, it will no longer be able to process payments.

If the watch was connected to the phone at the time of unpairing, its stored payment data will be automatically deleted.

There is no possibility to transfer payment data between devices or retain it on the watch after switching to a new phone.

Blocking payments—on both the phone and watch—is possible through the card issuer’s administrative panel.

The user can also remove the watch pairing from the mobile application, which will disable smartwatch payments.