What does open Apple NFC really mean?

The German law to force Apple to open it’s “NFC chip” is a confusing one. Why does an EU country with one of the lowest cashless usage rates single out one company’s NFC product in a last minute rider to an anti-money laundering bill? That’s not banking policy, it is politics. Details are few but let’s take a look at what it could mean because when it comes to NFC technology, details are everything.

Background stuff
The so called Apple ‘NFC chip’ is not a chip at all but a hardware/software sandwich. The Apple Pay ecosystem as described in iOS Security 12.3 is composed of: Secure Element, NFC Controller, Wallet, Secure Enclave and Apple Pay Servers. On one end is the NFC chip controller front end that handles NFC A-B-F communication but does not process transactions, on the other end there is the Secure Enclave that oversees things by authorizing transactions. The fun stuff happens in the Secure Element middle where the EMV/FeliCa/MIFARE/PBOC transaction technologies perform their magic with Java Card applets.

The A/S Series Secure Enclave and Secure Element are the black box areas of Apple Pay. The iOS Security 12.3 documentation suggests the Secure Element is a separate chip, but Apple’s custom implementation of the FeliCa Secure Element, and the apparent ability of Apple to update Secure Element applets to support new services like MIFARE in iOS 12 suggests something else, but it is anybody’s guess. Apple would like to keep it that way.

So what does ‘open NFC’ really mean?
It’s helpful to look at the issue from the 3 NFC modes: Card Emulation, Read/Write, Peer to Peer.

Peer to Peer
Apple has never used NFC Peer to Peer and I don’t think this is a consideration in the ‘open NFC’ debate.

Read/Write
This was a limitation up until iOS 12, but everything changed when iOS 13 Core NFC gained Read/Write support for NDEF, FeliCa, MIFARE, ISO 7816 and ISO 15693. Developers can do all the NFC Read/Write operations they want to in their apps, I don’t think this is a consideration in the ‘open NFC’ debate.

Card Emulation
Apple limits NFC Card Emulation to Apple Pay Wallet with NDA PASSKit NFC Certificates. This is what the ‘open NFC’ debate is all about. I imagine that German banks and other players want to bypass the PASSKit NFC Certificate controlled Apple Pay ecosystem. Instead, they want open access to the parts they want, like Secure Element, NFC Controller, Secure Enclave, and ignore the parts they don’t want like Wallet and Apple Pay Servers. They want the right to pick and choose.

The success of Apple Pay has been founded on the ease of use and high level of integration from a massive investment in the A/S Series Secure Enclave and other in-house implementations such as global FeliCa, etc. Outside players forcing Apple to open up the Apple Pay ecosystem represent not only a security risk to Apple but also a reduced return on investment. One commentator on MacRumors said it’s like Apple took the time and expense to build a first class restaurant and outsiders are demanding the right to use Apple’s kitchen to cook their own food to serve their own customers in Apple’s restaurant. It’s a fair analogy.

The NDA PASSKit NFC Certificate gate entrance rubs bank players the wrong way as they are used to giving terms, not accepting them. The Swiss TWINT banking and payment app for example is a QR Code based Wallet replacement that wanted the ability to switch NFC off, and got it.

My own WWDC19 Apple Pay Wish List did include a wish for easier NFC Card Emulation, but nothing appeared. It’s certainly in Apple’s best interest to make it as easy as possible for 3rd party developers to add reward cards, passes, ID cards, transit cards, etc. to Wallet. However given that the EU is hardly what I call a level playing field, the fact that bank players and politics go hand in hand in every nation, and the fact we don’t know the technical details of what the German law is asking Apple to do, all we can do is guess. In general, I think Europe will be a long rough ride for Apple Pay. At least until EU bank players get deals they are happy with.

Advertisements

Of Course Apple Pay is Bigger Than In-App Payments! Now that NFC POS systems actually work…in America

It was just a year ago that eMarketer made a big splash on Apple tech news sites with their Starbucks app is bigger than Apple Pay report:

Retailers are increasingly creating their own payment apps, which allow them to capture valuable data about their users. They can also build in rewards and perks to boost customer loyalty,

Starbucks App Leads Mobile Payment Competitors eMarketer.com

This turned out to be bullshit marketing nonsense because as I discovered using Apple Pay in America just when that report hit, the average Apple Pay store checkout experience sucked.

Now eMarketer is saying the same thing: “Apple Pay has benefited from the spread of new point-of-sale (POS) systems that work with the NFC signals Apple Pay runs on.” That work with the NFC signals Apple Pay runs on?! It sounds like eMarketer isn’t exactly sure what NFC is. Why not just say Apple Pay has benefited from the spread of new point of sale (POS) systems that work, yes, actually work now dammit! No more “you’re holding wrong” nonsense.

Duh. Is it just me or does the entire Apple tech news scene fail to see how poorly written and shoddy both eMarketer reports are? They are clickbait disguised as market research, nothing more.

Suica and Octopus Compared

Hong Kong’s Octopus is coming to Apple Pay soon, it shares the same FeliCa technology base with Suica but there are some interesting differences.

Branding
The mobile version of Suica is Mobile Suica across 3 different payment platforms: Osaifu Keitai, Apple Pay and Google Pay. The current mobile version of Octopus is called Smart Octopus in Samsung Pay but it’s not clear yet if the Smart Octopus branding will stay with Samsung Pay or be set free.

Deposits
Mobile Suica does not have deposits. Plastic Suica cards have a ¥500 deposit but is automatically returned to the stored value (SV) balance when transferred to Apple Pay or Google Pay. Octopus has a HK$50 deposit on both plastic and mobile versions. An interesting difference is that the Octopus deposit will be used temporarily if the SV balance is insufficient to pay transit fare at the exit gate.

Stored Value Balance Limits
Suica has a SV balance limit of ¥20,000. Octopus Cards Limited (OCL) just raised the Octopus SV balance limit for cards issued after October 1, 2019 from HK$1,000 to HK$3,000. In JPY this is roughly double the current Suica limit, about ¥40,000 which puts it inline with other Japanese e-money card balance limits like WAON. Suica balance limits will likely be doubled when the next generation ‘Super Suica’ card architecture arrives in April 2021.

Number of Cards
Smart Octopus is limited to a single card per Samsung Pay user account. Mobile Suica/Apple Pay Suica can have the multiple Suica cards up to the device Wallet limit.

Recharge Fees
One of the many innovations that Apple Pay Suica brought was elimination of the annual Mobile Suica ¥1,050 ‘membership fee’, Google Pay got the same deal and Mobile Suica membership fees are disappearing altogether next year. Mobile Suica does not charge any upfront fee for recharges, but Smart Octopus does: 2.5% a pop for the luxury of recharging in Samsung Pay with Visa and Mastercard card brands although Union Pay cards are apparently free.

The differences in this last section are interesting. JR East charges nothing for recharging Mobile Suica, while OCL does for Smart Octopus. Mobile Suica has been around far longer and JR East has many more online services, such as EkiNet, to offset cloud expenses. Smart Octopus only started in December 2017 and the footprint of Samsung Pay devices compared with everything else is probably small and doesn’t drive enough transaction volume to offset Smart Octopus cloud startup costs. Apple Pay will growth the transaction size of Smart Octopus considerably, hopefully enough for OCL to reduce or eliminate the Add Value Service Fee at some point.

I look forward to digging through service details when Octopus finally launches on Apple Pay.

Tokyo Cashless 2020: Blame the Japan Cashless Payments mess on VISA and EMVCo, not FeliCa

1️⃣ Dear JR East, we need a new Suica Charge App
2️⃣ Consumption tax relief with the CASHLESS rebate program
3️⃣ Are Apple Maps and Siri really Apple Pay level ready for the Tokyo Olympics?
4️⃣ > Blame the Japan Cashless Payments mess on VISA and EMVCo, not FeliCa

Tokyo Cashless 2020 is a series covering all things cashless as Japan gears up for the big event. If there is a topic that you’d like covered tweet me @Kanjo


Japanese journalist Akio Iwata just published a piece explaining why VISA has not signed with Apple Pay in Japan. It is paywalled and I have not read it, but Japanese readers noticed similar points in my earlier piece Why Visa refuses to join Apple Pay Japan and tweeted about it. The subject is timely and worth visiting again after the events of the past year.

Some western business journalists and industry pundits look at the Japanese payments market and write about failure: the failure of FeliCa to be universally accepted, the failure of Japanese society to use cashless payments instead of hard cash. It’s a kind of cut and paste narrative construct journalism that you see too much of these days, like the recent Financial Times piece, or worse the NFC TIMES. The narrative is persuasive enough to blind some Japanese journalists as well.

This kind of reporting plays to the expectations of a certain readership, but it completely fails to capture or explain the massive changes happening in Japan right now, set in motion by the arrival of Apple Pay in late 2016. The bulk of the cut and paste argument is that FeliCa failed to take off in Japan and because Japan failed to switch to the EMV ‘world standard’, that’s why we have the current messy situation. End of story. I don’t buy this argument at all.

FeliCa was around long before the EMVCo consortium got it’s NFC act together in the early 2000s. NFC-A is Philips, NFC-B is Motorola, NFC-F is Sony. The ISO/IEC 14443 standard was supposed to include NFC-F but the ISO ultimately decided not to include it. EMVCo created the EMV contactless standard on ISO/IEC 14443 NFC A/B.

With lots of help from JR East, NFC-F was added to the ISO/IEC 10373-6 and GSMA/GCF (Global Certification Forum) TS. 26, TS. 27 specifications. From April 2017 GCF certification for all NFC mobile devices requires NFC-A, NFC-B and NFC-F support.

It is this later development, and especially the fruit of that development, Apple Pay Suica, that I believe is unacceptable to VISA and by extension EMVCo. VISA cooperates with Apple Pay in other countries because it promotes EMV, VISA refuses to cooperate with Apple Pay in Japan because it promotes FeliCa. Instead of promoting bank card use and new services VISA is promoting technology.

I have long suspected that VISA simply does not want anything to do with Apple’s support of the Global NFC standard put in place by the NFC Forum and GSMA/GCF in 2017. It’s not only Apple…VISA refuses to support dual mode (EMV/FeliCa) Docomo iD/NFC for Android Osaifu Keitai users abroad which Mastercard, American Express and JCB do. VISA simply wants to bide time until NFC Pay/EMV contactless support in Japan is everywhere and then simply ignore FeliCa (NFC-F) all together…

Unfortunately this strategy has only accomplished one thing: it provided an opening for QR Code payment system players…

Why Visa refuses to join Apple Pay Japan

My argument is simple. The VISA and EMVCo mindset is stuck in the one size fits all single mode plastic card era. This is easy to understand as the plastic card issuing business is a very lucrative one.

But like all things there is a downside: instead of embracing the full promise of global NFC digital wallets that can match the best NFC technology for the job with multiple mode cards that do everything and ‘just work’ everywhere, we have the contactless payment turf wars which are really just plastic era fighting moved to a digital arena.

Instead of pursuing the advantages of digital wallets that merge the best of native transit cards on the front end with the best of bank cards on the back end, where they perfectly complement each other, we have bank cards fighting to be everything, which they are not and will never be. This is why Apple markets Apple Card as ‘a new kind of credit card, created by Apple, not a bank.’ It’s the reason why Apple Card is Mastercard brand, not VISA.

In Japan specifically we have VISA refusing to join Apple Pay Japan and for the most part Google Pay, and VISA Japan key player Sumitomo Mitsui fighting on and off with Mobile FeliCa key player Docomo. And the result? None of this nonsense helped strengthen VISA Japan’s market position one bit. On the other hand VISA’s arrogance pulled all the other card companies down with it and provided a huge opening for the Japanese QR Code players like PayPay.

When I wrote Why Visa refuses to join Apple Pay Japan the frenzy of Japanese QR Code payments was just getting underway. Over a year later I think this conclusion is stronger than ever and the only one that explains the reality of the current market. VISA may like to think that the Tokyo Olympics is the last great opportunity to finally kill FeliCa. That’s not going to happen.

Only by setting aside the past and embracing the multimode digital future with forward looking cooperation, can VISA (and by extension EMVCo) help bring order to the payments chaos of the Japanese market. Only cooperation can deliver the promise of cashless payments to Japan, and strengthen the long term market opportunities for all players.

The JAPAN CASHLESS Rebate Inflection Point

On the eve of the CASHLESS Rebate program launch I wrote:

Regardless of whether the CASHLESS rebate is ‘a success’ or not, it will be a tipping point. Already I notice a shift in public perception: if a store is cash only, it definitely looks behind the times in the minds of customers. I think that’s the whole point.

Consumption tax, Cashless rebates and Coffee shops

It really doesn’t matter if the CASHLESS Rebate program is a success or a dud. It’s an inflection point tick mark in the mind of Japanese society, the ship of Japan is making a tiny course correction that will veer the vessel off in a very different direction over time. We already have the big changes that the Apple Pay Suica ‘black ship’ brought to Japan since 2016, and that was just the start.

Junya Suzuki, Japan’s top journalist for all thing cashless, posted a new article: The Real Reason for the Cashless Rebate Program. Suzuki san makes the same argument: the Cashless Rebate Program is an inflection point, but with much more detail and depth. It’s a great read and worth a look even just for the pictures and captions.