Category: Apple Wallet

WWDC22 Wish List

It is hard to be enthusiastic about this year’s WWDC when Apple’s entire integrated software/hardware business model is coming under attack. With so much distraction these days there’s not much of a wish list, just a few observations for Apple Pay, Apple Maps and Text Layout.

Apple Pay
First up of course, is Apple Pay. After Jennifer Bailey’s WWDC21 appearance where she announced keys and ID for iOS 15 Wallet, and the separate Tap to Pay on iPhone announcement in January, I don’t think Jennifer will be in the WWDC22 keynote. She’s not going to appear just to explain that Apple Pay is not a monopoly, that’s Tim’s job with CEO level pay grade, nor is she doing to appear to just flesh out details of what’s already there. That’s what sessions are for, explaining things that I have been wishing for these past few years: an easier, more open Secure Element Pass certification process and/or new frameworks for developers to access the secure element for payments or use Tap to Pay on iPhone. There needs to a clearer path for developers who want to use the secure element for payments (Wallet) or iPhone as payment terminal (Tap to Pay on iPhone).

Apple needs to open up the NFC/Secure Element Pass certification process or clarify the process

The only possible ‘new’ Apple Pay Wallet feature I can think of is the ‘so long in the works it has gone moldy’ Code Payments. Lurking in the code shadows since iOS 13 or so, it has been around so long that Apple legal inserted official mention in a recent Apple Pay & Privacy web page update: “When you make a payment using a QR code pass in Wallet, your device will present a unique code and share that code with the pass provider to prevent fraud.” If Apple Pay delivers native device generated QR code payments without a network connection, just like all Apple Pay cards to date, it would be quite a coup but by itself, is not worth a Jennifer Bailey appearance. Other future goodies like passport in Wallet or My Number ID in Wallet are too far out to merit mention.

Apple Maps
The only new Apple Maps feature that suggests itself is Indoor Maps for stations. That’s the conclusion I come up after examining the current (February ~ May 2022) backpack image collection in Tokyo, Osaka/Kyoto and Nagoya. It is highly focused on centrally located above ground and underground station areas. Stations like Shinjuku and Tokyo are entirely underground surrounded with extensive maze like malls.

This means Apple image collection backpacks are going inside for the first time. They are either collecting data instead of images, or doing it at pre-arranged times when people are scarce. This is hard to do at a place like Shinjuku station as there are multiple companies collectively managing the entire site (JR East, Odakyu, Keio, Seibu, Tokyo Metropolitan Bureau of Transportation, Tokyo Metro, just to name a few).

So far Apple has only used their image collection in Japan for Look Around, but the current version of Look Around doesn’t make sense for station interiors unless it is heavily modified with augmented reality place labels, directions for exits, transit gates and so on. The Apple indoor maps model for airports and malls is outdated and impossible to retrofit for information dense, tightly packed Japanese stations.

Apple needs come up with something new for indoor station maps to be successful on any level. The current version of AR walking guidance only works outdoors as the camera has to scan and match surrounding building profiles. A hybrid of stored Look Around images and AR walking guides that work indoors and outdoors might be a way forward. Station maps have special needs to seamlessly transition between indoor and outdoor guidance modes as users leave or enter stations on their walking route to the final destination. A new and improved, AR enhanced “Look Around” style indoor map for stations would be far more useful for Japanese iPhone users than airports or shopping malls. If Apple succeeds in delivering new AR enhanced indoor maps that can do this, it could finally set Apple Maps apart from Google Maps in a big way. Nobody does indoor maps well by the way, including Google Maps and Yahoo Japan Maps.

Recent image collection suggests Indoor Station Maps might be coming in iOS 16
Apple backpack Image Collection backpack is mostly focused on station areas

As most readers of this blog already know, I am not optimistic that Apple Maps in Japan can become a top tier digital map service. The local 3rd party map and transit data suppliers that Apple depends on to make up the bulk of the Japanese service are certainly not top tier and old problems remain unfixed. In the case of the main Japanese map data supplier things have deteriorated.

IPC was 100% owned by Pioneer supplying their car navigation system data, but was sold to Polaris Capital Group June 1, 2021 with a new CEO (ex Oracle Japan) named the same day. In January 2022 IPC was renamed GeoTechnologies Inc. Under hedge fund Polaris Capital Group management, GeoTechnologies has been busy inflating the number of cushy company director positions, never a good sign, and pushing out shitty ad-ware apps like Torima. The focus is leveraging assets not building them.

Apple’s Japanese map problem can only be fixed by dumping GeoTechnologies for Zenrin, or Apple mapping all of Japan themselves. Apple is not pursuing either option, the image collection effort in Japan is limited and its use remains restricted to Look Around. Until this changes, expect more of the same old Japanese map problems in iOS 16 and beyond. Apple Maps is a collection of many different service parts. Some evolve and improve, some do not. Let’s hope for a good outcome with the data Apple is collecting for indoor station maps.

Apple Typography TextKit 2 migration
WWDC21 saw the unveiling of TextKit 2, the next generation replacement for the 30 year old TextKit, older than QuickDraw GX even, but much less capable. TextKit 2 marked the start of a long term migration with most of TextKit 2 initially ‘opt in’ for compatibility. We’ll find out how much of TextKit 2 will evolve to default on with an ‘opt out’. There are holes to fill too: the iOS side didn’t get all the TextKit 2 features of macOS such as UITextView (multiline text), some of the planned features like NSTextContainer apparently didn’t make the final cut either. We should get a much more complete package at WWDC22. Once the TextKit 2 transition is complete, I wonder if a Core Text reboot is next.

watchOS 9 Express Cards with Power Reserve?
Mark Gurman reported that watchOS 9 will have “a new low-power mode that is designed to let its smartwatch run some apps and features without using as much battery life.” While this sounds like Express Cards with Power Reserve (transit cards, student ID, hotel-home-car-office keys) and it might even mimic the iPhone feature to some degree, I doubt it will be a full blown version. Power Reserve is a special mode where iOS powers down itself down but leaves the lights on for direct secure element NFC transactions. iOS isn’t involved at all.

Real Power Reserve requires Apple Watch silicon that supports the hardware feature, it cannot be added with a simple software upgrade. Until that happens, a new watchOS 9 low-power mode means that watchOS still babysits Express Cards, but anything that gives us better battery life than what we have now is a good thing.

Enjoy the keynote and have a good WWDC.

Apple Pay Enhanced Fraud Prevention (updated)

Screenshots courtesy of eurozerozero

Apple Wallet VISA card users report receiving ‘Enhanced Fraud Prevention’ notifications today that outline changes how Apple shares ‘fraud prevention assessments’ with payment card networks based on analyzed information from user Apple Pay transactions (purchase amount, currency, date, location, very likely more). The changes seem to apply to web and in-app purchases.

Apple has been doing most of this already. The new Apple Pay and Privacy text expands upon earlier iOS user guide text: If you have Location Services turned on, the location of your iPhone at the time you make a purchase may be sent to Apple and the card issuer to help prevent fraud. Perhaps Apple is changing ‘may be sent’ to ‘will be sent’.

Enhanced Fraud Prevention might cause problems for some Apple Pay users when people start traveling again as in-app purchase is used for adding money to transit cards. There have already been a few very recent and odd, ‘I can’t use my home issued Apple Pay card to recharge PASMO’ complaints on social media from inbound visitors. Until now this kind of thing has been unheard of for Apple Pay Suica•PASMO users. A new complication to keep an eye on going forward. So far Wallet Enhanced Fraud Protection notifications only seem to be going out to VISA card users. Why and why now?

Because it’s starting with VISA with the focus on web and in-app payments, my first thought was this is partly a response to bad publicity from the silly VISA-centric ‘Apple Pay Express Transit has been hacked!‘ story that make the rounds last October. The new Apple Pay and Privacy text outlines how the new policy applies to various Apple Pay operations: adding a card, paying with Apple Pay, using transit cards, etc.

QR Code payments in Wallet are also referenced. The official mention may indicate the long in development feature will finally see light of day, perhaps iOS 15.5, we shall see. The text says, “When you make a payment using a QR code pass in Wallet, your device will present a unique code and share that code with the pass provider to prevent fraud.” If Apple Pay delivers native device generated QR code payments without a network connection, just like all Apple Pay cards to date, it would be quite a coup.

The notification privacy text is worth reading. As of this posting the Apple Pay & Privacy web page has not been updated with Enhanced Fraud Protection information.

2022-04-22 Update
Some clarity on the reasons and timing of Enhanced Fraud Prevention: Wallet notifications went to VISA card users in various Apple Pay regions (US, Japan, Australia and more) the same day Apple switched the Apple Cash card brand from Discover to VISA debit. Kissing the Green Dot Bank/Discover backend goodbye for VISA is the smart thing to do as Apple can finally take Apple Cash international. Enhanced Fraud Prevention had to be in place first for that to happen.

Super Suica Cloud

A Japanese friend once told me that when Suica first came out, young people in Tokyo sent Suica cards to hometown families to use for coming to Tokyo. But parents and grandparents sent them back saying, “we can’t use them,” even when they could use them in their local area.

What they were really saying was, ‘Suica doesn’t get us the same transit perks we do using local paper tickets or mag stripe cards.’ There has long been a huge gap between transit services available in major cities which ‘don’t work’ in one way or another for those in outlying areas.

That’s the challenge facing the Japanese transit IC card system. Being able to use a Suica or ICOCA transit card in the sticks isn’t enough, local region services must be attached to make it worthwhile for people living outside major city areas. Transit IC has to evolve if it is going to be useful in the mobile era with proliferating smartphone payment apps vying for a piece of the national transit pie.

Now that we have a clearer vision of how Suica 2 in 1 Region Affiliate cards address this problem and how they are central to JR East’s MaaS strategy, it’s time to look at evolving JR East cloud services and how they fit into that strategy. There are a number of new cloud service parts that have come on line over the past year, or are coming soon…some visible, some not.

Taken together they comprise what I call ‘Super Suica Cloud’ following my earlier definition of Super Suica: a collection of mobile focused transit and payment infrastructure services that can be shared with or incorporate other company services, or be hosted by JR East for other companies. MaaS is an elastic term that holds a lot of flashy concepts, but I think JR East is aiming for something more low-key but practical, a Japanese Multimodal MaaS if you will.

The immediate concrete end-goals are service expansion with cost reduction; elimination of duplicate or proprietary dedicated infrastructure in favor of open internet cloud technology. With that in place the next goal is tight integration of transit payment services that work everywhere but also deliver tailored services for local regions. Let’s examine the parts.

Mobile Suica
People assume that Mobile Suica does everything mobile, but basically it’s a station kiosk in the sky. Put money in for a transit card, put money in for a recharge, or a commuter pass, a day pass, and so on. Issuing, recharging and managing Suica cards on mobile devices is what Mobile Suica was built for.

As the world’s first mobile transit card service, Mobile Suica has made a lot of progress over the years expanding support to include Android, Apple Pay and wearables, but the work isn’t done until any mobile device from anywhere can add Suica. And since Mobile Suica hosts Mobile PASMO (launched in 2021) and almost certainly the forthcoming Mobile ICOCA (coming early 2023), getting those on an equally wide digital wallet footing is just as important.

As the face of all things Suica on mobile devices, the smartphone app could have many more things plugging into it, like Hong Kong’s Octopus App. So far however, JR East has chosen, wisely in my opinion, to keep it limited to basic housekeeping, breaking out ticketing and MaaS functions to separate apps.

Suica Fare Processing • JESCA Cloud
This is the traditional Suica network system centerpiece that locally processes touch transit stored fare on station gates and touch e-Money payments in stores. The station gate fare side is getting a major new addition in 2023 with a simplified cloud based Suica transit fare network rolling out to 44 Tohoku area JR East stations. This new Cloud Suica area closely aligns with Suica 2 in 1 Region Affiliate cards launching this year.

Cloud Suica 2023 additions (Orange) and Suica 2 in 1 cards below

The store payment side also has a simplified cloud based FeliCa payment network and a name: JESCA-Cloud. System details are vague but Cloud Suica transit fare and JESCA Cloud store payments appear to do the same thing: move transaction processing off local hardware and onto the cloud. Fast processing time is very important at transit gates, Suica tap times are the fastest out there. Those familiar with the Suica system say Cloud Suica will spilt it 50% local processing / 50% cloud processing. Dumber terminals, smarter cloud that still offers great Suica service…we hope.

One difference Cloud Suica has from a similar effort by JR West for ICOCA, is that Cloud Suica supports all the standard Suica features like commuter passes that cloud ICOCA does not. An interesting side note is that JR East hosts the processing for JR Central’s TOICA transit card network, they can certainly put the new Cloud Suica backend to good use expanding TOICA coverage in rural lines like the Minobu line.

ID Port
Comb through recent JR East press releases and you’ll find 3 service announcements built around ID PORT, a “cloud based ID verification solution” from JREM (JR EAST MECHATRONICS CO., LTD), the company that builds Suica infrastructure.

  • Maebashi City TOPIC MaaS service (November 2020): Local MaaS discount services provided by TOPIC that use Suica with My Number card address and age to verify eligibility:
Maebashi City TOPIC MaaS service links Suica and My Number Card to unlock services
(Japanese Railway Engineering January 2022, No.215)
  • Suica Smart-Lock (December 2021): registered Suica card access a variety of access services provided by ALLIGATE:
CyclunePedia bike parking

All of the announcements have 3 components: JR East (Suica), JREM (ID-PORT), 3rd party services attached to Suica using ID-PORT as the system glue. Most of these are either in testing or ‘coming soon’. What is ID-PORT?

ID-PORT is explained on the JREM site, but the first public mention in an NTT Data PDF document from November 2020 is more revealing: “The Open MaaS Platform and supporting Multimodal MaaS”. The JR East Suica MaaS strategy is outlined with various scenarios that indicate ID-PORT is the JREM side with MaaS services on the NTT Data side. In other words a co-venture.

NTT Data Journal: A multi-model open MaaS platform

The job of ID-PORT is that it acts as the middle man ID verification glue linking a registered Suica (or similar Transit IC card) with various 3rd party services such as special ticketing, access and discounts.

The interesting thing about the ID-PORT and NTT Data MaaS platform reveal is that the timing exactly coincides with Sony’s release of FeliCa Standard SD2, the next generation FeliCa architecture used for Suica 2 in 1 cards. One of the little discussed new SD2 features is ‘FeliCa Secure ID’. Here is Sony’s diagram of how it works.

Sony FeliCa Standard SD2 FeliCa Secure ID

Look familiar? Yep, ID-PORT sure looks like FeliCa Secure ID in action. The JREM ID-PORT page is more rounded out, incorporating non-FeliCa ID verification methods like QR and bio-authentication and many different services. ID-PORT has already been added to JESCA-Cloud and CardNet so that linked services are widely available on store payment terminals, not just Suica transit gates. In sum it represents MaaS and Account Based Ticketing in action with ID-PORT at the center.

JREM ID-PORT

MaaS and Account Based Ticketing in action
MaaS and Account Based Ticketing are the new hotness now that people realize open-loop doesn’t solve everything as banks and card companies want us to believe. Fare Payments Platform provider Masabi explains it this way:

Account Based Ticketing (ABT) shifts the fare collection system from being ‘card centric’, meaning the ticket holds the journey information and right to travel, and moves this to the back office. Moving the ticket information to the back office holds a number of benefits. It means passengers no longer need to buy a ticket or understand fares to travel and instead they use a secure token, typically either a contactless bank card, mobile phone or smartcard.

In this scenario FeliCa Secure ID is a secure token, ID-PORT is the secure token platform using the secure token to link ticketing and services together. That sounds nice but when will we see it in action? I think we already are.

Eki-Net 2 Account Based Ticketing
As explained above, ABT attaches tickets from the cloud to a secure token, in this case Suica. By this definition Eki-Net 2 Shinkansen eTickets represent JR East’s first step into ABT ticketing. Eki-Net uses registered accounts and credit cards purchase and attach eTickets to Suica. These eTickets do not use Suica prepaid stored fare nor is any eTicket information written to the Suica card, the eTicket system uses Suica as a secure token. JR Central smart EX is a similar ABT service and let’s not forget the web-only multi-lingual JR-East Train Reservation service that provides some ABT ticketing for inbound visitors.

Will JR East ABT implement the ‘no longer need to buy a ticket’ part of the Masabi ABT vision? I doubt it. Shinkansen eTickets are much lower ABT hurdle: lower passenger volume on far fewer transit gates than regular Suica gates. The complexity of interlocking non-Shinkansen Japanese transit systems and the vast array of fare schedules, such as higher paper fares vs cheaper IC fares, don’t easily straitjacket into an open-loop or ABT fare box, and it doesn’t fit the JR East business model.

Suica 2 in 1 region extras
There are services besides ticketing attached to a ‘secure token’ Suica. One of the important things easy to miss in the Suica 2 in 1 rollout are extra region features not available in regular Suica. Disability Suica cards for example. These are finally due to launch on Suica and PASMO cards in October 2022, but disability Suica 2 in 1 cards are already available in region affiliates.

There are also region affiliate transit points, one of the services that ID-PORT is advertising for JR East MaaS. Transit points all ‘just work’ automatically the same way. Points are earned from recharge and transit use and automatically used as transit fare. The user doesn’t do anything except tap the bus card reader. No registration, no setup. I wish JRE POINT had an option to work this way.

Transit points mimic the scheme of old regional transit mag strip card like Nishitetsu that gave ¥1,100 with a ¥1,000 recharge. Those features were popular (automatic simplicity in action again). PayPay used a similar strategy to quickly build a large customer base but pissed everybody off later as they got big and started changing bonus rate returns like used underwear. That won’t happen with Suica 2 in 1 cards as region transit points are locked in by local government subsidies to the region affiliates.

AOPASS transit points, different regions have different point returns but they all work the same way.

Streamlined simplicity, integration, regionality
Despite the la-la-land promise of MaaS and Account Based Ticketing, the ‘just works’ angle is crucial for people to actually use it. One of the current problems with Mobile Suica, Eki-Net, JRE POINT and the MaaS services JR East advertises is that is each service is a separate app + registration + attach cards process. This needs to be streamlined into a single simple JR East sign-on service option like Sign in with Apple that works across multiple services. I suspect ID-PORT is the glue between Mobile Suica and JRE POINT that keeps those registered services automatically linked even if the Suica ID number changes. A good sign because the JR East cloud needs a lot dynamic linking.

There is also the larger problem of integration outside of JR East, such as the current state of multiple online ticketing services; Eki-Net for JR East, EX for JR Central, Odekake-net for JR West, and so on. It would bet great to have a common app that plugs into every online ticketing service. At the very least JR Group companies need to integrate eTicketing the same way they have always integrated paper ticketing for one stop service in their own apps.

The bigger question is do Super Suica Cloud parts (ID-PORT / Mobile Suica / Cloud Suica) scale beyond JR East to include other JR Group companies (JR West, JR Central, etc.) and potential region affiliates nationwide? If increased services with reduced costs is their MaaS goal, JR East needs to step up to the plate and share. Infrastructure sharing with backend integration is the only way forward for all. Japanese transit has always excelled at physical interconnection, the cloud service side needs the same level of interconnectedness.

There are cultural angles too. Japanese have a passion for hunting down local perks, bargains and discounts. People complain about Eki-Net (deservedly) but they sure scramble and swamp the system getting those time limited discount eTickets like crazy pre-COVID era Black Friday midnight Christmas shopper crowds rushing into the store.

There is also the traditional cultural value of promoting local economies. As the saying goes, cities are only healthy in the long term when local economies are healthy too. If JR East is really serious about promoting regional MaaS, they’ve got to aggressively offer linked services that clearly promote regions. There are many region programs that visitors are simply not aware of. JR East can do a lot simply linking them to discount coupons, limited offer eTickets and such that appeal to the bargain hunter Japanese mind. The key is being creative and nimble like QR payment players.

The JR East MaaS region affiliate strategy was conceived long before the COVID crisis, yet COVID also presents a golden opportunity to invest in regions and promote working remotely. The world has changed and transit has to change too, the biggest risk is doing nothing, staying with the status quo. The emerging Japanese MaaS vision is unique in that Japan has a golden opportunity of leveraging the national Transit IC card standard into something new, taking it into the next era…if old rivalries and sectarian interests don’t get in the way and blow it, that is. Either way the next few years will be a very interesting time for Japanese transit.

Some related posts
Super Suica Reference
Suica 2 in 1 Region Affiliate List
Suica 2 in 1 mobile challenge

Apple Pay Navigo launch in 2023, open loop coming in 2024

After a long, long dance, Île-de-France Mobilités (IDFM) confirmed that Smart Navigo, the Paris region transit card for mobile will come to Apple Pay in 2023. As usual, Le Parisien broke the story (paywall), quickly reported on French Apple centric tech blog iGeneration.

“This time, for sure, it will be done”

After a test phase, in 2022, iPhones and Apple Watches will be able to replace the plastic pass distributed by IDFM (in 2023). “We cannot yet give a precise date, because it depends on the progress of Apple’s developments in Cupertino. But this time, for sure, it will be done, “says Laurent Probst, CEO of Île-de-France Mobilités. The contract is due to be voted on this Thursday at IDFM’s board of directors…

The contract between IDFM and Apple is spread over a period of five years, with a total budget of up to €5 million dedicated to the development of new services. A budget equivalent to that allocated to Android service developments operated by Samsung with IDFM.

Le Parisien

The contract with Apple is due to be approved by IDFM directors the week of February 20, we can thank the 2024 Paris Summer Olympics for breaking the Smart Navigo on Apple Pay logjam. Le Parisien has regularly criticized IDFM’s slow rollout of mobile services: “The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.” A timeline is helpful to understand the stalemate.

  • October 2017: Smart Navigo mobile was announced for 2019 launch. At the time IDFM said, “Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.” In other words, IDFM wants to bypass Apple Pay Wallet and do everything in their own app.
  • September 2019: Smart Navigo launches on smartphones using an Orange SIM card, and on Samsung devices.
  • January 2021: Le Parisien reports that Smart Navigo is coming to Apple Pay. However this turns out to be a false alarm, instead IDFM releases a new version of the ViaNavigo iPhone app with support for adding money to plastic Navigo cards with the iPhone NFC.
  • November 2021: Le Parisien reports that IDFM suddenly terminated their partnership with Orange, IDFM announces a HCE + app strategy for Smart Navigo on Android that will launch in 2022. In other words, IDFM will do everything in their own app.
  • February 2022: Le Parisien reports Smart Navigo on Apple Pay will launch in 2023, IDFM confirms on Twitter and also announces EMV open loop support coming in 2024 in time for the 2024 Paris Summer Olympics.

French journalist Nicolas Lellouche independently confirmed the Apple Pay Navigo 2023 launch directly with IDFM and posted some details. Expect direct adding in Wallet app with Apple Pay recharge, similar to Suica, PASMO, Clipper, TAP and SmarTrip. An updated ViaNavigo app will provide extra features for commuter passes and more service options.

French reaction on Twitter was interesting and varied. People complained about the long lag getting Smart Navigo on iPhone but the equally long delay getting Smart Navigo on all Android devices, not just Samsung Galaxy, is more interesting and revealing. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices. It’s almost like Ferdinand de Lesseps digging a sea level Panama Canal when a lock-and-lake canal was the better technical choice all along.

As for Android Calypso HCE performance vs Apple Pay Navigo Calypso eSE performance, I suspect the network dependent HCE on Android will be problematic. It will certainly be problematic, and challenging, for non-Apple smart wearables. If there is anything the bad user reviews of Suica App tell us, it is that network connections in station areas and on trains are never reliable and Android NFC adds layer upon layer of support complexity. No network = no HCE service, it’s that simple. Apple Pay Navigo will work without a network connection, just like all transit cards on Apple Pay, and will work great on Apple Watch too.

For this reason IDFM has to focus all of their system resources on the much more complex Android launch this year. They could certainly launch Apple Pay Navigo sooner if they really wanted to, but it’s better to do these things one platform at a time.

Related
Contactless Payment Turf Wars: Smart Navigo HCE power play
Smart Navigo reportedly launching on Apple Pay

The mobile wallet chokepoint

I ran across an untidy but interesting Twitter thread that mentioned Apple Pay Suica in the larger context of evolving NFC smartphone services.

Suica (Metro card / digital money in Japan) now lets you transfer the card to Apple Pay. Some thoughts about the future of FOBs, cards, and wallets…You use NFC to transfer your Suica by tapping the card with your iPhone, the same way you’d tap to use Apple Pay.

Devices support some kinds of NFC but not others. Until now, you couldn’t tap to use credit cards — it was blocked by the device.

But this is changing! Apple will support card payments now, in an app that IT will make & provide to vendors. This lets Apple compete in new hardware markets: first phones, now point-of-sale, payments, inventory mgmt, etc.

Physical cards are on the way out. But not everyone is on-board. FOBs, subway cards, ID cards, drivers licenses, and building security cards have been slow adopters of mobile. I’d love to copy my building FOB to my phone 😁 There’s nothing stopping me other than that I can’t.

Apple is moving into those markets….Airports, Driver licenses (in 30 / 50 US states). How far this tech goes & the speed of adoption depends on iOS, Android, and the people at ID / security / FOB / card companies adopting the change. They may need help! And there may be startup potential in that space… if anybody is interested!

Twitter thread

The intention was discussing the implications of Apple’s recent Tap to Pay on iPhone announcement, but it stumbled over a rarely discussed but vital point about the extremely slow migration of various physical card services to mobile devices. Why can’t we just load these in Wallet…all the technology is in place right?

The mobile chokepoint is not technology but the backend systems to seamlessly deliver, verify and securely manage individual ‘card’ services (payment cards, transit cards, ID cards, keys, etc.) in digital wallets. Those systems are not up to the job. You can be sure that Apple wants to get iOS 15 ID in Wallet driver licenses out quickly as possible but corralling all those state run systems into a coherent user friendly whole that holds up to the high expectations and massive base of iPhone users eagerly waiting to use it, is a very big challenge. It’s a similar challenge behind every kind of digital wallet service.

This backend weakness is easy to see with transit cards, there are relatively few on mobile with most of the cards exclusive or limited to certain digital wallets like Apple Pay and Samsung Pay. There are special challenges too as a mobile transit card service hosts all the functions of ye olde station kiosk card machine (card issue, adding money, pass renewal, etc.) and more, on the cloud, pushing it out to apps and connecting to digital wallet platforms like Apple Pay.

Despite the challenges, the rewards for going mobile are clear. If there is one lesson Apple Pay proved in Japan with Suica it is that building a mobile foundation early on is key to future success. Mobile laggards like Hong Kong Octopus have paid a heavy price. Unfortunately for regions where transit is operated as a public service instead of a sustainable business, spending money building transit card mobile service systems is often considered an extravagance.

This is why open loop is popular as means to get out of the plastic smartcard issue business and get mobile transit service for free using EMV contactless VISA-mastercard-AMEX payment networks. Like many things in life, free is never free.

Banks have had an easier path to mobile thanks to the strength of EMV payment networks, but only on the payment transaction end. Mobile card issue is another matter up to individual banks. Look at the Apple Pay participating bank list for the United States. The long list didn’t happen overnight. It has taken years for mobile backend systems to be put in place to make this happen.

It’s all about the backend
A sadly overlooked aspect of the Japanese market is the crazy collection of contactless payment options: Suica, iD, QUICPay, WAON, nanaco, Edy, PayPay, LinePay, dBarai, VISA-mastercard-AMEX Touch payments and more. The reason for this is Japan’s early lead in creating the first mobile payment platform, Osaifu Keitai, in 2004.

Not everybody used Osaifu Keitai early on, but it grew the mobile payments foundation so the market was ready for new mobile payment platforms when Apple Pay launched in 2016. More importantly, the early lead also meant that bank card issuers, payment networks and transit companies had backend systems firmly in place servicing a large installed base of various digital wallet capable handsets (Symbian) and smartphones (Android) that quickly extended to Apple Pay and Google Pay.

The backend flexibility is easy to see on the Mobile Suica page that shows all the different Mobile Suica flavors: Android (Osaifu Keitai), Apple Pay, Google Pay, Rakuten Pay. Mobile Suica is also on Garmin Pay, Fitbit Pay and is coming to Wear OS.

A user is surprised by all the Mobile Suica device choices

Mobile issue and verification
Adding a ‘card’ to a mobile wallet is sometimes called ‘onboarding’, but this is really a banking term: “digital onboarding is an online process to bring in new customers,” as in setting up a payment account and getting an instant issue debit or prepaid card to use in Wallet with an app, or using the app for QR Code payments (like PayPay or Toyota Wallet).

Success or failure for any mobile wallet card service depends on reliability, simplicity and the speed for adding cards and using them. From VISA:

When it comes to digital onboarding, the average amount of time after which customers abandon their application is 14 minutes and 20 seconds. Any longer than this, and 55 percent of customers leave the process.

How to boost your customer’s onboarding experience

There is also context. Futzing for 14 minutes might apply for people setting up a bank app, but a transit app user trying to get through a ticket gate at rush hour is a completely different matter. Judging from the large number of negative Suica App user reviews and complaints on twitter, Japanese transit users probably give it 2 minutes before giving up and calling it all crap. Speed is the key.

How long does it take?
The speed of adding a card to Wallet depends on a number of factors, what kind of wallet service are we dealing with (car key, hotel key, home key, office key, payment, transit, ID), does the user need an account first, can a physical card be transferred, what kind of user verification is required.

User verification with digital credentials is still in its infancy which is why driver’s licenses and state IDs in Apple Wallet is fascinating and important. How does one authenticate their own ID card? Apple explains the process but doesn’t say how long verification takes or reveal backend details:

Similar to how customers add new credit cards and transit passes to Wallet today, they can simply tap the + button at the top of the screen in Wallet on their iPhone to begin adding their license or ID… The customer will then be asked to use their iPhone to scan their physical driver’s license or state ID card and take a selfie, which will be securely provided to the issuing state for verification. As an additional security step, users will also be prompted to complete a series of facial and head movements during the setup process. Once verified by the issuing state, the customer’s ID or driver’s license will be added to Wallet.

The verification process is similar to the recent addition of Mobile Suica student commuter pass purchases where students take a picture of their student ID and upload it. Online verification takes ‘up to 2 business days’ because Mobile Suica has to manually verify the ID information with the school. Hopefully the Face ID setup-like ‘additional security step’ is the magic iPhone ingredient for instant verification by the state issuer. However notice that Apple doesn’t spell out where the face and head movements are stored. Hopefully it will stay in the Secure Enclave and never be stored on a server. We shall see when ID in Wallet launches with the iOS 15.4 update.

As you can see from the table below, the journey from backend system to Wallet varies widely by the type of service. The easier additions are the ones done in Wallet app: card scans for payment cards and ID or simply tapping to add transit cards.

Physical card scans are the primary way to add payment cards but this is changing, apps will replace plastic card scans over time. In Japan there are a growing number of ‘instant issue’ credit/debit digital cards from top tier banks that can only be added to Wallet with an app and account. Digital onboarding is the direction banks are going, where everybody has to go to an app first to add a card to Wallet. This leaves transit cards as the only card that can be added without an app or account.

Who owns the thing in Wallet?
Physical keys, fobs and plastic cards may seem inconvenient at times but they are personal property we carry on our person. One downside of digital wallets is that convenience carries a risk that the thing in Wallet isn’t necessarily ours. What is added with a simple tap can also be taken away by a technical glitch, or in a worst case scenario, without our consent. As backend systems improve and integrate, more services will migrate to our digital wallets. Without doubt much of this will be convenient but read the fine print and always keep your eyes open to the tradeoffs and risks. In other words don’t let your digital wallet be a potential chokepoint of your life.

The digital wallet endgame should never be like this