Suica App v2.2 Security Update

A security update for Suica App v2.2 has been released with a notice from JR East to update to the new version before August 28. From this date older versions of Suica App will no longer be able to log on and access the Mobile Suica network for Shinkansen e-ticket purchases, commuter plan purchases and other Suica app features.

The update is a security update with no new features. The JR East notice does not specify any details other than: “please update for better security”


What Happens When You Quit iTunes Match for Apple Music

iTunes Matched Out

I signed on with iTunes Match the day it became available in Japan on May 2, 2014 then signed on with Apple Music when it went live in 2015. With all the startup bugs and teething pains of iCloud Music Library I kept both services running, but over time it settled down enough that I considered dropping iTunes Match. Serenity Caldwell’s iMore piece Do I still need iTunes Match if I have Apple Music? sez Apple Music does it all so I let my iTunes Match subscription expire. It did not go well.


  • No Longer Available: 121 tracks in iTunes that were previously iTunes Matched showed on iOS but could not be played. iCloud Music Library Status in iTunes incorrectly listed them as No Longer Available without an iCloud icon
  • No iCloud Status: 426 tracks in iTunes that were previously iTunes Matched showed on iOS and could be played. iCloud Music Library Status in iTunes incorrectly lists them blank when they should be listed as Matched
  • Incorrect iCloud Status: the vast majority of tracks (more than 1,000) in iTunes that were previously iTunes Matched showed on iOS and could be played. iCloud Music Library Status in iTunes incorrectly lists them as Apple Music when they should be listed as Matched


  • No Longer Available: I deleted the 121 tracks in iTunes, dragged the files out of the Trash, and added them back to iTunes. Warning: do not delete using “Remove Download” which instantly vaporizes local music files into oblivion instead of Trash, use the delete key instead.
  • No iCloud Status: They play on my iPhone, left as is
  • Incorrect iCloud Status: They play on my iPhone, left as is

iCloud Music Library is supposed to be seamless but 3 years after the Apple Music launch the seams still show between the iTunes Store and Apple Music catalogs. They don’t always match up. The transition to Apple Music match should not be a problem if you do not have a large library of iTunes Match curated music. If you have a large iTunes Match library of carefully curated content however, prepare yourself for some iCloud Music Library downtime and cleanup as you transition to Apple Music match.

If you have a cataloging fetish, keep your iTunes Match subscription and your sanity.

Revision B iPhone X Production Tally Update

Some Japanese readers used Obon vacation time to exchange their iPhone X Suica problem units at the Apple Genius Bar and report that their iPhone X NFC problems are fixed now. I copied the updated iPhone X production tally from the iPhone X Suica Problem Exchange Guide.

As you can see below, the reader feedback iPhone X production tally suggests Apple made production changes in April 2018 that fixed iPhone X NFC hardware issues. I call these NFC error free units Revision B iPhone X. Readers report that Rev-B iPhone X NFC performance is substantially better and immediately noticeable.

To me the case is clear: all iPhone X production before April 2018 is suspect. If you have any iPhone X NFC performance issues get a Rev-B iPhone X with an exchange at the Genius Bar. As one reader points out Apple Support staff never heard of the of the iPhone X Suica problem but that is the script Apple Support staff have to stick to.

An engineering source said, “I suspect that there are also equally frustrated engineers within Apple who know what the problem is but are being controlled by the marketing spin machine.”

Reader Feedback iPhone X Production Tally (as of 8-17-2018)

2017 Production week ? (October) 3 bad units/factory code (?)
2017 Production week 41 (October) 2 bad units/factory code (F2,?)
2017 Production week 42 (October) 5 bad units/factory codes (F1,F2,DN,?)
2017 Production week 43 (October) 2 bad units/factory code (F2, DN)
2017 Production week 50 (December) 1 bad unit/factory code (G6)
2017 Production week 51 (December) 1 bad unit/factory code (FK)

2018 Production week 1 (January): 1 bad unit/factory code (?)
2018 Production week 3 (January): 1 bad unit/factory code (F1)

2018 Production week 15 (April): 1 good unit/1 bad unit/factory code (GH)**
2018 Production week 18 (May): 1 good unit/factory code (G6)
2018 Production week 20 (May): 2 good units/factory codes (DN,FZ)
2018 Production week 24 (June): 1 good unit/factory code (?)
2018 Production week 25 (June): 1 good unit/factory code (?)
2018 Production week 27 (July): 1 good unit/factory code (GH)
2018 Production week 28 (July): 1 good unit/factory code (GH)

**Week 15 2018 appears to be the Revision B iPhone X switchover production period

Contactless Payments White Paper

The Secure Technology Alliance White Paper Contactless Payments: Proposed Implementation Recommendations is an interesting read, not only for what it says but for finding out what’s on the collective mind of the credit card industry.

Here is a quick summary…
<with comments>

About the Secure Technology Alliance
The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT)

<forget all the other shit, Secure Technology Alliance is a credit card EMV promotion society>

2.2 Contactless Acceptance Terminal Considerations
Contactless payments are not new. Contactless payments relying on magnetic stripe data (MSD) have been available since 2005. However, as the U.S. transitions to EMV, some payment networks are no longer recommending contactless MSD solutions. Moreover, some EMV contactless cards are being deployed without contactless MSD support, which can cause interoperability issues or cause a transaction to be terminated and processed using the EMV chip or magnetic stripe.

<contactless MSD is a crappy half-assed stopgap standing in the way of progress that nobody uses except Samsung Pay, get rid of it already>

2.2.4 Recommendations Figure 1. Enabling a Contactless Terminal at the Checkout

• Contactless terminals should be customer-facing

• Customers should not need to tell cashiers how they intend to pay
<in a perfect world NFC is EMV contactless exclusively without complications from annoying FeliCa or MIFARE and credit card companies are the de facto treasury departments for all advanced nations of the world>

• The contactless terminal should always be switched on and ready to use; the cashier should not need to switch it on
<WTF, this is a recommendation?>

• The cashier should not need to enter the amount twice; the amount should be automatically displayed on the terminal

<oh I get it now, we’re talking about American cash register infrastructure>

2.3 Cardholder Experience: Different Contactless Form Factors
When performing contactless transactions, consumers already use a variety of form factors—contactless cards, mobile wallets on phones, wearables (such as watches, rings, or key fobs)—and there may be additional options in the future. While the “tapping” procedure to initiate the transaction should be the same regardless of form factor, other consumer behavior may not be consistent, especially when using a wallet on a mobile phone.

<I see, smartphone wallets with their own secure authentication are a problem, contactless credit card things with 4 PINs and meaningless terminal signatures are not a problem>

Transactions initiated using a mobile phone involve a two-step process: first, the wallet is activated (using an authentication method such as a biometric,4 PIN, or pattern); second, the phone is placed in proximity to the POS device for the contactless read.

Generally, however, the authentication mechanism used as the cardholder verification method (CVM) will be the consumer device cardholder verification method (CDCVM). CDCVM uses a mobile phone’s passcode or biometric user authentication to verify the cardholder for a payment transaction, removing the need for the cardholder to enter a PIN or provide a signature. Such use can result in an inconsistent consumer experience; sometimes a cardholder may be required to provide a PIN or signature on the terminal (for example, if the contactless terminal does not support CDCVM) and sometimes no verification will be required. However, as consumers become more familiar with the process and as older terminal functionality is replaced with newer technology, there should be fewer inconsistencies. In addition, note that, at this time, some networks may not support CDCVM with their U.S. common debit AID, which may result in inconsistent consumer experience for debit transactions.

 <blah, blah, blah, in other words credit card companies and payment networks will do as little as possible to clean up their own mess and blame somebody else for their problems, what else is new>

3.3 Contactless POS Infrastructure and Acceptance
Contactless acceptance is a major trend globally, with a significant percentage of POS terminals supporting contactless. The following are some key published market statistics:
• According to Juniper Research18 (Figure 5, Figure 6), 31.6% of all terminals in service in North America are contactless; North America accounts for 19.6% of the global installed base of contactless POS terminals.
• Visa has reported that, as of September 2017, 40% of U.S. face-to-face Visa transactions today occur at contactless-enabled locations, that a growing percentage of merchants are enabling contactless.

<wait a minute, what about that North America 19.6% figure? Contactless POS Terminals in Service as a Proportion of All POS Terminals: Asia: 43.6%, Western Europe: 14.3%, North America: 19.6%, we don’t want to talk about context here do we? Too embarrassing>

And the grand finale:

3.5 Open Loop Contactless Payments in Transit
Transit agencies are moving, or considering moving, to open payments with next generation fare payment systems—that is, credit and debit payments made using contactless EMV devices at transit points of entry (e.g., at fare gates, on buses)— to supplement traditional closed-loop acceptance. As noted in Section 2.5, consumer use of contactless payments for transit can help drive incremental transactions and top-of-wallet status for cards. Issuers contemplating transit as a factor in their contactless decisions should be aware that the specific timing for implementing transit open payments within a given region can have some uncertainty. In addition to the schedule impact of procurement and implementation timeframes, issuers should note that transit agencies interested in open payments may also consider the current state of contactless issuance and other relevant factors in their decision- making process.
Other relevant considerations include the following:
• As the market for open payments in transit is still emerging, the content of the authorization/settlement messages sent from different agency back-end systems may not be consistent.
• Transit merchants may require functionality that addresses transaction times and risk, such as offline data authentication (ODA) and/or deferred (or delayed) authorization.

<translation: credit card companies are falling over each other to get into transit and sucker convince transit operators into junking closed ticketing systems. Credit card companies have no interest in ticketing infrastructure outside of skimming their take. Let transit operators spend tax payer money doing all the back-end work and dealing with problems. Let them deal with transit user ire over slow EMV contactless transactions at overcrowded transit gates or when credit cards are de-activated in mid transit.>

What a sweet deal.

NFC Logos

Quick, which one of these logos is the NFC logo?

NFC Related Logos

#2 is the NFC Forum logo for NFC certified devices. #1 is the EMV contactless acceptance mark found on payment terminals. #3 is the FeliCa mobile contactless mark. EMV contactless actually has two logos, one for the reader (left) and one that goes on the card (right):

For most people EMV logos are NFC. EMV logos are functional and do the job but my personal preference is for the older slightly more abstract FeliCa mark used on both readers and smartphones. However, it’s easy to see that both EMV contactless and FeliCa acceptance marks suffer from similar flaws: both were created in the ‘contactless is a plastic card’ era and show their age. As different contactless payment form factors blossom and evolve plastic cards will become quaint relics, still around but not used that much. Card and thumb icons will look like a horse and buggy to future generations.

That’s always the challenge when designing function marks and icons: trying to anticipate what can change and what remains the same. Once a design choice is made, everybody has to live with it for a very long time.