System and methods are described for enabling a first client device to authorize a second client device to use a payment token for contactless payments, in which the payment token is authorized to be used by the second device with restrictions set by the first device. In one embodiment, a system comprises a computing device that includes a secure element. The system also includes machine-readable instructions that, when executed by the processor, cause the computing device to at least receive an indication for generating a sub-payment token and receive a selection of a key restriction for the sub-payment token. An application stored in the secure element is called to generate the sub-payment token based on the key restriction. The sub-payment token is received and comprises a sub-payment key and an application transaction counter range. The sub-payment token is sent through the wireless communication session to a second computing device.