Real world iOS 14.5 Face ID Unlock with Apple Watch performance

Now that iOS 14.5 is nearing official release, it’s time to check in on how far Unlock with Apple Watch for Face ID with face masks has improved over the beta testing cycle. The good news: Unlock with Apple Watch performance has improved from iOS 14.5 beta 1, the bad news: not so much. It still feels like a stopgap, it fails too often and Apple Music playback still hiccups with every unlock attempt.

I think performance will vary, a lot, depending on the user, the mask and the environment. For some, perhaps the majority, it will be enough. I find it fails me too often on the daily commute and in stores, usually at the very moment I need to launch dPOINT or dPay apps at checkout. I also get the feeling that Apple Watch battery life takes a hit too, but take it with a grain of salt along with my impressions. If it works for you that’s great, but the Unlock with Apple Watch end user experience will be all over the place.

End of the line for Suica and the native Japan Transit IC smartcard standard?

There is a consistent theme among some Japanese tech journalists: the native Japan Transit IC smartcard system is obsolete and destined for that fabled junk heap, the Galapagos island of over-engineered irrelevant Japanese technology. The arguments always boil down to cited higher costs of maintaining the ‘over-spec’ proprietary FeliCa based inflexible transit IC architecture in face of ‘flexible, lower cost’ proprietary EMV contactless bank payment tap cards and smartphone digital wallets used for open loop transit. Is Suica really ‘over-spec’ or is it clever stealth marketing sponsorship from EMVCo members and the bank industry disguised as journalism? Logically the same argument applies to proprietary MIFARE smartcard transit systems as well but is never mentioned, presumably because it was invented in Europe instead of Japan.

Despite all the digital ink on the subject I have yet to see a single article where said costs are actually shown and compared. Smartcard deposit fees are a standard way to offset plastic issue costs and Japanese transit companies like to earn interest off the float of card deposits and unused stored value. But this is never discussed nor the fact that digital wallet issue is free of hardware costs.

Bank payment cards and smartcards have very different business models. EMVCo members and their card issuers can hide associated hardware and licensing costs in bank transaction fees that NXP, FeliCa Networks and other smartcard technology solution providers cannot. Without hard numbers we can only take journalist claims at face value, that transit smartcards are not smart at all, but expensive obstacles to lower cost open loop centralization nirvana.

I don’t buy the ‘one solution fits all’ argument and neither should you. One constant issue in our internet era is that too much centralization is not only a technology monoculture security risk, cloud services fail, and cloud centralization is abused to limit human rights. As speech is censored on SNS platforms and online profiling is used to limit freedom of travel with politically biased no fly lists, it is inevitable that face recognition transit gates will be used to track people and implement ‘no ride’ or ‘limited ride’ policies. These are issues that people must be aware of in the relentless rush towards online centralization of transit payments and services.

Nevertheless there are articles with valid criticisms well worth reading. I ran across one recently by Masanoya Sano on Nikkei that asks a good question: ‘Does taking 14 years to deliver Mobile PASMO mean the transit IC card foundation is crumbling? While I don’t agree with everything Sano san says he makes a good case that Japan Transit IC association members are failing in the face of a hydra-headed crisis: declining population with less ridership, competition from other payment services such as PayPay and EMV based VISA Touch, and ridership killing COVID lockdowns. He argues that transit companies must fix some basic problems if the Japan IC Transit standard is to survive:

  • Increase coverage: get all transit on the Transit IC card service map
  • Go mobile: for all transit cards
  • Improve the transit IC card architecture: improve compatibility and loosen up current restrictions for cross region transit, and the ¥20,000 stored fare limit

I believe most, if not all of these can be addressed with next generation FeliCa + 2 in 1 Suica (aka Super Suica) launching this year and deeper payment infrastructure sharing between transit companies. Nothing is guaranteed of course but here’s a look at each category and possible solutions.

Coverage
The transit IC coverage gap is the biggest failure of Japanese transit companies and there are big gaps. Suica only covers major population areas in Tokyo, Niigata and Sendai, roughly half of the stations on JR East are not wired for Suica. A similar situation applies to the other JR Group companies. JR East has promised to get their entire rail network on Suica with a simplified lower cost cloud based Suica in the 2020 fiscal year ending March 2021 but has yet to announce any details (they are specifically referenced in the new Suica Terms and Conditions effective March 27).

On the plus side JR West is expanding ICOCA coverage with a light rail approach of incorporating NFC readers installed in the train car for tap in/tap out for unmanned stations. No wires. SMBC and VISA use the same strategy for their VISA Touch transit boutique marketing program. It’s a practical low cost strategy for lightly traveled rural lines that reduces the hard wire requirement. Only stations that need it get wired and even those installations can use the lower cost JR East cloud based system.

JR West ICOCA area expansion includes on train NFC readers starting March 13, 2020

All major transit companies need to install these lower cost solutions to fill the transit IC gaps and integrate remaining isolated regions. VISA Touch transit boutiques are marketed as a solution for inbound and casual users, but these EMV only installation leave those transit areas off the transit IC grid for regular users and don’t work for wider area travel.

Mobile
Mobile Suica and Mobile PASMO combined represent 80% of the current transit IC card market. Mobile ICOCA (JR West) is due to launch in 2023. There is no word yet about mobile for TOICA (JR Central), manaca (Nagoya City Transit rail/bus), PiTaPa (Kansai region private rail/bus), Kitaca (JR Hokkaido), Sugoca (JR Kyushu), nimoca (Nishitestsu), Hayaken (Fukuoka City Transit). This is a big challenge but the borrowed Suica infrastructure used for Mobile PASMO is a strategy that can be applied to the other major cards.

Improving Transit IC
JR East is releasing the 2 in 1 Suica card architecture that incorporates new FeliCa OS features the most important being the “2 cards in 1” Extended Overlap Service. New regional transit card using this new FeliCa OS and Suica format are launching this month in Aomori, Iwate and Utsunomiya. The next challenge for JR East is expanding 2 in 1 Suica to existing and important region transit cards inside the JR East transit region such Niigata Kotsu Ryuto and Sendai City Transportation Bureau icsca. The JR Group has cooperated to deliver cross region commuter passes which started in

The ultimate long term success of the Japanese Transit IC systems depends on infrastructure sharing and integration. For this to happen other JR Group companies and private rail outside of the JR East regions have to incorporate the 2 in 1 Suica format and improvements for their own cards and regions. Only when all Transit IC Mutual Use Association members are using the new format can they link and combine services in new ways, and add new features such as raising the stored fare card value above the current ¥20,000 limit.

Will it be enough? I have no idea. Immediately I see problems for the Kansai region PiTaPa card association companies (Hankyu, Hanshin, Keihan, Kintetsu, Nankai) as they have to make fundamental changes to use the new card format. I don’t see a Mobile PiTaPA in its current incarnation and this is why SMBC (who run PiTaPa card accounts) and VISA are targeting the Kansai area for VISA Touch transit: non-JR Kansai transit companies have their backs against the wall and no way easy forward to mobile except for going all in with JR West Mobile ICOCA, or taking what SMBC offers them.

Open Loop competition
Kansai area private rail companies never managed to create the equivalent of PASMO. PiTaPa is a postpay card that has credit card issue checks and cannot be purchased at station kiosks like all other transit cards for casual use. Issue is limited, so Kansai transit companies issue JR West ICOCA commuter passes for people who can’t use credit cards. This is the context surrounding the SMBC VISA Touch transit for Nankai announcement that got lots of press attention as the first major test deployment of open loop on a Japan Transit IC card system.

Junya Suzuki’s latest Pay Attention installment has a deep dive on the VISA Touch Japanese open loop transit system solution powered by QUADRAC Q-CORE server technology. It is the solution also used for the Okinawa Yui Rail monorail fare system that integrates Suica/Transit IC and QR support. He argues that open loop EMV is good enough because, (1) we don’t need the over-spec FeliCa 200 millisecond (ms) transaction speed (it’s actually faster, between 100~150 ms), (2) it has a leg up on future MaaS and cloud integration. Holding onto Suica local transaction performance as ‘faster/better’ is a myth holding back progress.

I have tremendous respect for Suzuki san and his work but his arguments fall down for me here. He completely ignores the white elephant in the room: closed loop is here to stay because the open loop model cannot support all fare options. Even on the open loop systems that he champions, Oyster and Opal for example, closed loop cards are still essential and are transitioning to a closed loop EMV model for digital wallet issue. The only change is the closed loop card transition from MIFARE to EMV because bank partners are running the transit system account system backend instead of the transit company. In other words it has nothing to do with technology at all, it is bank system convenience. Bank convenience is what it all boils down to.

Making the right technology choices are essential in our era of limited resources, ride the right horse and you succeed. I want to believe the cloud holds the promise to extend transit IC to low transit volume rural areas that don’t have it now, but every time I use a slow cloud based stera payment terminal I’m reminded how impractical that approach is for stations with high transit volume.

Does it make cost sense to replace the current transit IC system and re-create it with EMV open loop when Opal, Oyster and OMNY systems will always need closed loop cards? The practical thing is leveraging a good system already in use. Upgrade the Japan Transit IC system we have now, spend precious resources that fix current limitations and extend it with new technologies like UWB Touchless.

The strength and weakness of the Japan Transit IC standard is that it’s not top down but based on mutual cooperation. It’s not one entity but association members have to move forward as if they are one. JR East has been the technology leader and is working to improve and share it at lower cost. 2021 is not the make or break year for Japan Transit IC, but it will be an important and challenging one that will set its future direction.

Related post: The 2 in 1 Suica Region Affiliate Card

The good old Japan Transit IC card mutual use map, all the little one way arrows marked with the ‘IC’ logo pointing outside the main IC area indicate transit system compatibility.

iOS 14.5 Face ID impressions

It was just a year ago when iOS 13.5 introduced a small Face ID UI tweak that bypassed Face ID and went straight to the passcode entry screen but over time I did not find it very useful. Face ID took longer and longer to bring up the passcode entry screen, as if it was trying to look past the mask. While it was good that Apple finally acknowledged Face ID shortcomings with face masks after ignoring complaints from Asian users, it took a health crises to force Apple to do something about it. In the end it didn’t change anything.

And now we have iOS 14.5 with Face ID ‘Unlock with Apple Watch’, another stop-gap until Apple delivers a real solution. It will never work with Apple Pay, which it should not though many will wish for it fumbling with iPhone Face ID authorization in the checkout line. It’s probably most helpful when digging for point reward QR Code apps that don’t use Face ID for sign in. Will it help sell Apple Watches? Perhaps, but it also might dampen future iPhone upgrades with improved Face ID.

Some first impressions…it feels like what it is: a clever hack but a hack nevertheless, to do something Face ID wasn’t designed to do that re-routes the ‘chain of trust’ from one way to two way. This makes things much more complicated. Already there are complaints of Face ID unlock with Apple Watch not working when Apple Pay Octopus users are in transit. I also find it unreliable especially during Suica transit. Overall 1 out of 3 times it strikes out. I know the feature is beta 1, but I already get that iPhone X NFC problem vibe: deep down this feature isn’t going to work reliably…ever.

A mystery message when Face ID unlock with Apple Watch doesn’t work

Reader Question: what’s the point of Apple Pay My Suica?

A reader asked a very good question: what’s the point of an Apple Pay My Suica? Can’t you already migrate a normal ‘unregistered’ Suica to another device if you loose your device?

There are 3 basic Suica plastic card categories: unregistered, registered (My Suica) and commuter. PASMO and all other major Transit IC card are the same. An unregistered Suica card just spits out of the station kiosk after putting money in and you are on your way, but it cannot be replaced or re-issued if lost. Buy a new one, end of story.

With a registered My Suica card, the customer registers a name and other information on the kiosk touchscreen and if the card is lost it can be re-issued for a fee with the original stored balance intact. It’s Suica insurance. Same deal for Commuter Suica which is registered Suica with a commute plan attached.

Mobile Suica uses the same 3 category card model but Apple Pay Suica changed the game considerably. When a user transfers any flavor of plastic Suica to Apple Pay, the card is permanently linked to the user Apple ID. When a user creates a Suica card in Wallet it creates a My Suica card also attached to Apple ID. Apple Pay Suica cards also seem to be ‘ghost’ registered to Mobile Suica even when the user does not have a Mobile Suica account. Only the Apple Pay and Mobile Suica system elves really know what is going on.

The upside for Apple Pay users is that Apple Pay and Mobile Suica preserve Suica card information so the user can safely remove Suica from Wallet, re-add it, or transfer it to another device at any time. It’s free insurance without the hassle of registering a Mobile Suica account. All Suica card types are treated the same. The downside is that if you want to migrate to Android you have to delete your Mobile Suica account and refund the card, then create a new card and Mobile Suica account for Google Pay Suica. It’s the same deal going migrating the other way.

To answer the reader question regarding the point of Apple Pay My Suica, the point is this: commute plans, auto-charge, Green Car seat purchase. The point of Apple Pay Registered PASMO is similar: commute plans and auto-charge. All this is done via Suica App or PASMO App. If you don’t want those extra services, a plain unregistered Suica or PASMO is all you need.

Apple Pay Ventra: the closed loop EMV card

Apple Pay Ventra finally launched October 26, 2020, a very long wait after the March 25, 2019 Apple Event announcement. I wrote about the delay blaming it on open loop when the Washington SmarTrip and LA TAP cards landed on Apple Pay first.

Ventra has a long glitchy open loop history from its debut with the ill-fated Mastercard debit Ventra. Streets Blog had this to say about it in 2017.

Arguably it’s a good thing that the Ventra prepaid debit card is going the way of the dinosaur. The debit card function debuted with a long list of fees that had the potential to siphon of much of the money stored on the card, including:

A $1.50 ATM withdrawal fee
A $2 fee to speak to someone about the retail debit account.
A $6.00 fee for closing out the debit balance
A $2 fee for a paper statement
A $2.95 fee to add money to the debit account using a personal credit card
A $10 per hour fee for “account research’’ to resolve account discrepancies

“These fees were probably not any different than other bank cards offered by Money Network or Meta Bank or other predatory banks,” says Streetsblog Chicago’s Steven Vance, who reported on the issue at the time. “But it was shameful for the CTA to be aligned with that.”

After a backlash, most of these fees were reduced or eliminated, but CTA retail outlets were still allowed to charge Ventra card holders a fee of up to $4.95 to load cash on the debit sides of their cards. So maybe it is for the best that the CTA is getting out of the bank card business.

StreetsBlog Chicago December 2017

Getting Ventra out of the bank card business is easier said than done when the whole system is designed around open loop. Mastercard stopped issuing Ventra branded prepaid debit cards in 2017 but they have managed Ventra account services all this time. The Ventra plastic card is MIFARE DESFire EV1 which fits the standard Cubic Transportation Systems management style: all of the various transit card systems they manage around the world were designed and built with MIFARE stored value cards at the core. These include Chicago Ventra, London Oyster, Sydney Opal, Washington SmarTrip, LA TAP, etc.

An Apple Pay Ventra Wallet screenshot from a Japanese Twitter user revealed a fascinating bit of information. Apple Pay transit cards like Suica, SmarTrip and TAP all show a stored value card balance. Apple Pay Ventra does not, it shows a card number like a Wallet credit card. This means Apple Pay Ventra is a reincarnated Mastercard prepaid debit card, but this time it’s disguised as a mobile transit card with Mastercard running card account services.

Apple Pay Ventra: the closed loop EMV transit card
Tech blog coverage of the Apple Pay Ventra launch only mentioned Express Transit but there are important limitations:

  1. Ventra Card on iPhone 6S and later / Apple Watch Series 1 and later, can only be used on the CTA and Pace bus services, but not Metra or Pace Paratransit. RTA and Student Reduced Fare cards, including U-Pass cards, and free ride Ventra Cards cannot be added to Apple Wallet yet. (from StreetsBlog Chicago)
  2. Direct reload/recharge in Wallet is not supported because the EMV format itself does not support local stored value. You have to reload the card in Ventra App. This really sucks for Apple Watch Ventra users. In the United States only Apple Pay TAP and Apple Pay SmarTrip support Wallet recharge, interestingly those systems are closed loop.

We have the following pieces: open loop, Cubic fare system management, Mastercard managed Ventra account services, MIFARE for plastic cards, EMV for mobile digital cards with a closed reload/recharge model that limits everything from card issue and recharge to Ventra App, and slow tap speeds.

The result is a centralized account processing mishmash of open loop and closed loop parts, ‘heavy’ in every performance aspect that pales in comparison to the local stored value process speed and flexibility of a user friendly Apple Pay Suica•PASMO that works across subway, bus and rail, for both fixed and distance fares.

The mishmash only works for CTA fixed fares and transit fare readers ‘live’ in the system. Distance based METRA fare are outside of the system with one time ticket purchases shown to the train conductor. Because everything is centralized account processing, all Ventra housekeeping must be done in the Ventra app unlike Apple Pay Suica•PASMO users who can live without an app or account: everything from recharge to card creation can be done in Wallet.

Simply put, Apple Pay Ventra is the digital rebirth of the problematic open loop based Mastercard Ventra prepaid debit card that is closed and only works on the Ventra system. The Sydney Opal card is about to enter digital wallet tests with Mastercard running the show with a similar set of Ventra pieces: Mastercard EMV issue for mobile, MIFARE plastic cards, Cubic management, etc. Expect similar results.

EMV transit cards: next installment of the Contactless Payment Turf Wars
If nothing else Apple Pay Ventra reveals how flimsy the ‘open loop is open’ argument really is: the Apple Pay Ventra prepaid debit card as transit card can only be used on the Ventra system. How open is that? All they did was swap MIFARE for EMV, neither of which are open standards. And tap speeds are slower than ever with EMV, aka the supermarket checkout protocol.

It’s fake debate. The real debate is online centralized fare processing where everybody is forced to have a mobile account whether they need it or want it or not, versus offline local fare processing where mobile accounts are optional. Guess which model delivers faster tap speeds while doing a better job of protecting your online privacy.

The lesson here is that when transit agencies let banks and card companies run the transit fare concession, they will never be free of them: there’s just too much private money to be made off of running the backend services attached to public infrastructure. And the bank card industry has no interest in improving their slow EMV supermarket checkout card spec for transit. Nobody in Sydney will bother asking who ends up getting the float interest from Opal cards when Mastercard runs the account backend. Card issuers like it that way.

The only question remaining is this: now that we know the Ventra EMV Mastercard prepaid debit card as mobile digital transit card is same one for mobile Opal…will it be the same for MTA mobile OMNY and TfL mobile Oyster? I suspect so: this is the new Cubic mobile transit card business model with NXP MIFARE the loser in this latest installment of the contactless payment turf wars.

UPDATE

A reader was kind enough to scan his Apple Pay Ventra card with a NFC tag reading app. Results confirmed what I outline above: Apple Pay Ventra is a EMV Mastercard prepaid debit disguised as a transit card. This officially marks a migration away from stored value MIFARE transit cards to stored in the cloud EMV prepaid debit cards for mobile digital transit card systems managed by Cubic.

Specifically it means the local stored value information that was held by the MIFARE plastic card has been migrated to an online Mastercard managed account for Apple Pay Ventra as the EMV credit card format wasn’t designed for local stored value. Just like the title says: Apple Pay Ventra is a closed open loop card.