Payment accounts are in widespread use. At a point of sale, such accounts may be used for purchase transactions, and may be accessed by devices such as magnetic stripe cards, contactless or contact integrated circuit (IC) cards (also sometimes referred to as “smartcards”), or payment-enabled mobile devices, such as payment-enabled smartphones. In the case of a payment-enabled mobile device, it may emulate a contactless IC payment card by engaging in an exchange of communications with a point of sale (POS) terminal. The exchange of communications may include transmission of a payment account indicator—PAN (“primary account number”) or payment token—from the payment-enabled mobile device to the POS terminal. The POS terminal may then generate a transaction authorization request message, including the payment account indicator, and the transaction authorization request message may then be routed (with de-tokenization if necessary) for approval by the payment account issuer.
According to some proposals, a payment-enabled mobile device may be used to access a number of different payment accounts. A so-called “wallet app” may run on the mobile device to aid the user in managing and selecting among the payment accounts accessible via the mobile device. In such cases, it may be said that the mobile device serves as a “digital wallet.”
Of course, it is not unusual for consumers to trade-in, or even lose, their mobile devices. In connection with widespread use of digital wallets based on mobile devices, there may be a need to quickly, securely and easily load relevant payment credentials onto a new device. It would be desirable for such a process that there be very strong authentication of the user, since otherwise a wrongdoer may possibly obtain access to all the legitimate user's credentials.