A system may receive a transaction request from a user device, and request an in-app cryptogram from a network software development kit (SDK) on the user device. The in-app cryptogram may include an unpredictable number, an application transaction counter (ATC), and a card verification result (CVR), and the ATC may be extracted from a limited use payment credential (LUPC). The system may transmit a token, a token expiry, and a token data block for an assessment by a payment network, with the token data block including the token, the token expiry, the ATC, and/or the in-app cryptogram. The system may further receive a request from the payment network to update the LUPC on the user device, and attest that the user device is secure in response to the request from the payment network to refresh the LUPC on the user device.