Foreign VISA cards blocked for select Japanese in-app and online payments

Notice: latest situation updates here

SoftBank Payments network chart

When foreign issue VISA cards in Wallet stopped working for Apple Pay in-app Suica and PASMO recharge on August 5, the first people to howl in pain were Apple Pay PASMO users who suddenly couldn’t recharge with their Chase Sapphire VISA cards. Chase Sapphire still codes for 3x travel points with a PASMO recharge and long time resident Suica users migrated to PASMO when JR East and VISA shut down 3x travel points in May 2021.

I did the usual duty of talking with Mobile Suica support, official line: there should be no problem, contact the card issuer. I then contacted Wells Fargo card services support, official line: there should be no problem with your VISA, contact the merchant. Entirely expected of course but I did confirm that Mobile Suica transaction attempts were not even showing on the Wells Fago system. They said it seems to be a ‘communications issue’… code word for: something’s not right on the merchant transaction authorization side.

I suspected a larger issue than just Apple Pay and an Android Suica user confirmed the same non-JP VISA problem with Google Pay Suica. I also alerted IT journalist Junya Suzuki who focuses on mobile payments. His first thought was something might be going on with the VISA Japan merchant acquirer side of the payment network. For reference, the merchant acquirer handles transaction authorization from the merchant side, ‘this transaction is clear to send to the card issuer.’ The issuer then clears the transaction with the customer account, ‘this customer is good to pay for this charge.’

Merchant acquirers are very secretive and nobody knows who is the merchant acquirer is for Mobile Suica/Mobile PASMO. Maybe they were tightening online transaction security…or something else. Everything was clear as mud though a well placed source did say this:

An acquirer made the decision stopping handling cards issued in other countries… Another guy suggests Apple or such acquirer may face money laundering issue by registering Apple Pay with pre-paid Visa cards or such.

In addition, that means JRE doesn’t know what’s happening on this problem.

A reader asked me if Japan was banning non-JP VISA cards across the board along with a screenshot of Universal Studios Japan advance ticket sales page with a red colored important notice on the top that said: “We apologize that currently Visa and Mastercard credit cards issued outside Japan are not available until further notice.”

This points to a larger problem than just Mobile Suica and PASMO. The USJ wording also suggests that JTRWeb have their hands tied ‘until further notice’ and echos what JR East PR told Suzuki san about the non-JP VISA recharge problem being beyond their immediate control. Something seems to be happening with the VISA merchant acquirer…but in different highly selective ways. For example why does foreign issue VISA work for Apple Pay in-app purchases with Japanese apps like Starbucks, but not in-app purchase with JR East for Suica recharge?

Security and Apple Pay Enhanced Fraud Prevention
It’s helpful to examine the impact of phishing attacks that hit NTT Docomo, Line Pay, PayPay and other QR code mobile payment services in late 2020, and JR East online services (Mobile Suica, JRE POINT, Eki-Net and VIEW card) in early 2022. Responses to phishing attacks were varied and vague. Companies like to say they value customer security but are short detailing what they’re doing because nitty gritty details hashed out with the card brands and merchant acquirers are secret non-disclosure territory.

Japanese credit card issuers responded by upgrading to EMV 3-D Secure v2 (3-D stands for three domains: merchant/acquirer domain, the issuer domain, and the interoperability domain), for non-digital wallet browser and mobile app payments. EMV 3-D Secure is the EMV e-commerce browser and app authentication tokenization spec with card brands using their own naming and handling the merchant support. It’s important to understand that EMV 3-D Secure has nothing to do with Apple Pay, Google Pay, Samsung Pay and similar digital wallets who have their own tokenization. However, Apple Pay has been making some changes to enhance online and in-app security.

Apple Pay quietly launched Enhanced Fraud Protection in April 2022 when Apple Cash was upgraded from Discover to VISA brand debit card. The updated Apple Pay and Privacy text included a new section:

For cards with certain enhanced fraud prevention, when you attempt an online or in-app transaction, your device will evaluate information about your Apple ID, device, and location if you have enabled Location Services for Wallet, in order to develop on-device fraud prevention assessments. The output of the on-device fraud prevention assessments, but not the underlying data, will be sent to Apple and combined with information Apple knows about your device and account to develop Apple Pay transaction fraud prevention assessments. These transaction fraud prevention assessments may be shared with your payment network, together with a shipping address identifier and IP address if available, in order to prevent fraud at the time of transaction. The shipping address identifier differs per payment network and may be used to confirm whether shipping addresses for different transactions using a particular card on your device are the same in a way that does not reveal the underlying address. You can check whether a card has this enhanced fraud prevention at any time by going to the back of your payment credential in Wallet. To prevent the sharing of fraud prevention assessments with your payment network, you can select another card.

Apple Pay & Privacy

This means that Apple Pay ‘might’ share iPhone/Apple Watch location information when making online or in-app purchases. So far VISA cards are the only ones that have Enhanced Fraud Protection but it doesn’t seem an across the board change for all VISA issue cards and depends on the issuer. My Wells Fargo VISA card for example doesn’t show any sign of enhanced fraud prevention in Wallet app card details.

Does enhanced fraud prevention have anything to do with Apple Pay Suica and PASMO recharge not working for foreign issue VISA? I suspect not but it’s an important background development because: 1) it’s limited to online and in-app purchases, 2) VISA pushed for these ‘fraud prevention assessments’ so they could obtain device location information and more. VISA pushing this agenda could be causing issues on the merchant acquirer side.

The VISA open loop power play
So we circle back to foreign issue VISA use in Japan again. Why are cards cleared for Apple Pay, cards that worked fine until August 5, suddenly not working? JR East support says it’s not o them: all credit and debit cards that support Apple Pay in-app purchase are good to go. They certainly want inbound visitors to use Suica. Evidence points to a transaction authorization change on the VISA merchant acquirer side. Everybody else seems to be doing what they always do.

The timing is perfect however when you also consider that VISA is heavily promoting ‘VISA Touch’ EMV contactless and open loop transit in Japan as a challenge to the home grown FeliCa based Transit IC card system. It’s very convenient for VISA Touch open loop marketing purposes when Apple Pay Suica and PASMO are kneecapped as easy payment and transit options for inbound visitors.

VISA has a history of not playing nice with Japanese stored value cards on mobile. Japanese issue VISA cards didn’t work for Apple Pay in-app purchases and Suica recharge until May 2021, VISA waited 5 years to ‘resolve’ that issue. VISA cards still do not work with Mobile WAON and Mobile nanaco on Android and Apple Pay, they likely never will. My take is that VISA is happy with people buying things with VISA, they are certainly happy with people borrowing money at ATM machines with VISA, but they are not happy with people using VISA to move money into stored value prepaid cards for making payments, earning points, etc., that are not VISA.

One thing is for sure, VISA has played hardball with Apple Pay in the Japanese market before, maybe they are doing so again and refuse to be an ATM-like recharge backend for Japanese e-money cards…unless they also get ATM-like lending rate transaction fees. They certainly want to promote open loop VISA Touch and Stera Transit at the expense Mobile Suica market and mindshare.

Junya Suzuki thinks the VISA merchant acquirers might be coming under pressure from potential money laundering risks. I say bunk, after all we’re only talking a max Suica balance of ¥20,000 here. Whatever the reason let’s hope it is fixed, though I have learned over the years that card brand payment issues are never simple or solved quickly. Time will tell. At the very least we can mark this down as another skirmish in the ongoing digital payment turf wars.


2022-12-03 UPDATE
JR East updated the entire JR East credit card system with a series of special maintenance downtimes in November 2022. The work covered everything connected to credit card purchases: JR East station kiosks, VIEW ATMs, Mobile Suica, Eki-Net, etc.

After the last scheduled overnight maintenance session on November 30~December 1, a few select foreign issue VISA cards started working again for Apple Pay Suica and PASMO recharge but everything stopped again 2022-12-03. The VISA in-app block continues. JR East has also scheduled special Mobile Suica credit card system maintenance for March.