I’ve said it before and say it again: the winner/loser debate doesn’t mean shit in the post-Apple Pay Japanese payments market. PayPay for example, started out as a code payment app but has added FeliCA QUICPay and EMV contactless support along with their PayPay card offering. Just like I predicted, these companies don’t care about payment technology, they just want people to use their services. My partner and I actually see less PayPay use at checkout these days and more Mobile Suica. Why?
The great thing about prepaid eMoney ‘truth in the card’ Suica, PASMO, WAON, Edy, nanaco, is the backend recharge flexibility on the mobile side (Apple Pay, Google Pay, Suica App, etc.). PayPay, au Pay, Line Pay and similar Toyota Wallet knock-off payment apps with Apple Pay Wallet cards, are deployed as mobile recharge conduits that smart users leverage to get the points or instant cashback rebates they want to get at any given campaign moment. This is where the action is.
And so we have recharge acrobats like Twitter user #1: step 1 recharge PayPay account from Seven Bank account, step 2 move recharge amount from PayPay Money to PayPay Bank, step 3 move recharge from PayPay Bank to Line Pay, in Wallet app recharge Suica with Line Pay card. Or like recharge acrobat Twitter user #2: Sony Bank Wallet to Kyash to Toyota Wallet to Suica.
Phew…none of this involves transfer fees so it’s up to user creativity to come up with the recharge scenario that works best for them. Does it count as PayPay use or Line Pay use or Mobile Suica use? Does it matter?
It’s not about winners or losers, it’s about moving money around. Mobile Suica is extremely useful because of it’s recharge backend flexibility, thanks to Apple Pay and Google Pay (which does not support PASMO yet). This is the case for US citizens working in Japan who get a great return of their Suica or PASMO recharge right now using US issue credit cards because of the exchange rate. This is something visitors to Hong Kong cannot do with Apple Pay Octopus as the OCL recharge backend is far more restrictive than JR East. The biggest gripe users have with Suica is ¥20,000 balance limit.
In the weeks to come we’ll be sure to see hand wringing articles debating the future of Suica, open-loop, etc.,etc., because let’s face it, IT media journalists need something to write about in these challenging times where everything has to be sold as winner/loser, black/white, 0 or 10, and nothing in-between, to get any traction at all. As for me, I think it’s far more interesting, and real, to observe how users are using all these nifty mobile payment tools.
iOS 15 added big new features to Wallet, expanding digital keys from cars to include home, office and hotels and ID in Wallet driver licenses for the first time. There were smaller but important UI changes too. A new add card screen offered new categories making is easy to add transit cards regardless of the device region and quickly re-add previous Wallet items from iCloud. iOS 15 was all about Wallet to the extent that Apple now advertises it as a separate thing from Apple Pay with a separate web page, and even referred to Apple Pay as “one of the most important areas of Wallet” in the WWDC keynote. Very interesting.
iOS 16 moves the focus back to Apple Pay and making digital payments more useful, practical and universal. The WWDC22 Keynote announced Apple Pay Later, in-app ID card verification and key sharing. Apple Pay Later is one aspect of several new Apple Pay functions unveiled in the What’s new in Apple Pay and Wallet session.
Multi-merchant payments: In our online world we can never be sure how many sub-merchants are involved when we order something and how our card information is shared. In multi-merchant Apple Pay, multiple payment tokens are issued for each merchant in the same transaction, preserving user privacy, with the iOS 16 Apple Pay paysheet showing a breakdown of each sub-merchant charge. This feature works mostly on the backend, but showcases how smartly the Apple Pay Wallet team design features to ‘just work’ securely for merchants and customers.
Automatic Payments My favorite iOS 16 feature as it addresses a lot of interesting use cases, much more than just Apple Pay Later installments which fall under:
Reoccurring payments, which include things like installments and subscriptions, basically any regularly scheduled payment. With the recent Starbucks Japan price increases, I decided to sign up for the new JR East Beck’s Coffee Shop subscription plan. Up to 3 cups a day for ¥2,800 a month. A pretty good deal for commuters like me. The Beck’s subscription service is subcontracted out to an interesting online business venture company called Favy that uses Sign in with Apple to create an account. Payment however is manual credit card entry with the onerous, ubiquitous 3D Secure sign-in. Pass issue and serving size selection (M=¥50, L=¥100 extra) is done in Safari. It works well enough, but canceling or getting payment details is a real Safari expedition. It would be a much better, and faster, customer experience doing it all in Apple Pay.
Automatic Reload: this is the real money feature for me because it plays on the classic snag of using Apple Pay Suica…recharge. All pre-paid cards are a catch-22. Japanese users love them because they like the “I know how much money I’m adding to my card” aspect of manual recharge, but there’s the inevitable, you know you forgot about it, bing-bong ‘please recharge’ transit gate alarm when Suica balance is short.
JR East offers Suica Auto-Charge (auto-reload) as a feature of their VIEW card. The auto-charge option works great with Apple Pay Suica but like all transit card auto-charge, it is tethered to the transit gate NFC system. This means the users gets instant, seamless auto-charge but only on the operator’s transit gates. Suica auto-charge does not work outside of the Suica and PASMO transit gates, not at store terminals, not in other transit card regions like JR West ICOCA. This limitation is a big customer complaint, I and many others would love Apple Pay Suica auto-charge to work everywhere.
Apple Pay automatic reload takes care of this problem very nicely. Suica would recharge anywhere because the card balance ‘trigger’ and reload process is done via Apple Pay instead of JR East transit gates and the Suica system. JR East could keep auto-charge exclusive to their VIEW cards as they do now or easily, selectively expand it. Either way they would greatly increase the usefulness of VIEW and Suica by supporting the new Apple Pay automatic reload feature. The possibilities are are pretty exciting.
Order tracking Another very useful feature I think people will love using. The addition of QR/barcodes in the Apple Pay sheet is a first and will greatly shorten the order pickup~delivery process. The best use case of Apple Pay and bar codes that I can think of.
ID verification in apps This is where ID in Wallet gets real. Wallet app has TSA airport checkpoint verification built-in but that’s not going to help all the government issuing agencies, not to mention software developers, around the world who want to implement digital ID verification to unlock various digital services.
JR East for example has centered their whole Super Suica MaaS Cloud initiative around ID PORT and the ability to match various region or age based services (discounts, special fares, etc.). In other words JR East and their sub-merchant or local government agency want to know where I live and how old I am. This is all provided on the Japanese government My Number digital identity card launching later this year on Android, and Apple Wallet later on. But I don’t want my personal details going everywhere. If the MaaS campaign app or website only needs to know that I live in Tokyo and am over 60, that’s the only info I want to give them. This is what the new PassKit ID request APIs in iOS 16 do: give apps only the information they need to perform a verification for a service and nothing more.
And then there’s Tap to Pay on iPhone. It’s really not an Apple Pay function to me because it turns iPhone into a very handy and portable NFC payment terminal, but it makes sense branding wise. Just say Apple Pay for making…and accepting payments. Anywhere the merchant has their payment provider POS app and a network connection, they are ready to go. This is big. Apple has lined up an impressive number payment providers in a very short time who are happy to leave all the hardware certification and secure element management to Apple and focus on software. I can practically feel the intense interest from Japan where local payment providers would love to leverage the global NFC capable iPhone for seamless EMV and FeliCa payment services. It could be an interesting Apple Pay year.
(The) Digital Markets Act will…require companies designated as gatekeepers to ensure effective interoperability with hardware and software features they use themselves in their ecosystems. This includes access to NFC for mobile payments.
Today’s case addresses a conduct by Apple that has been ongoing since Apple Pay was first rolled out in 2015 <sic, 2014 actually>. This conduct may have distorted competition on the mobile wallets market in Europe. It prevented emergence of new and innovative competition that could have challenged Apple.
Both pieces miss important context surrounding the debate however…and with this issue context is all, especially how Apple Pay is playing out in other global markets. Most of what follows I’ve covered in earlier posts but hope to pull the various issues together in one post. Yet again, we kickoff with an updated Apple Pay diagram.
The so called Apple ‘NFC chip’ is not a chip at all but a hardware/software sandwich. The Apple Pay ecosystem described in iOS Security is a collection of tightly integrated polished pieces: Secure Element, Secure Enclave, NFC Controller, Wallet and Apple Pay Servers, all wrapped into a slick, easy to use UI with a final security wall of ‘secure intent’, a double-click side button hot-wired to the Secure Element. This approach has been so successful that people divide mobile payments history into pre-Apple Pay and post-Apple Pay eras.
Apple Pay has a very simple rule: any card that loads a Java Card applet into their embedded secure element (eSE) has to reside in Wallet app. The maximum number depends on how many Java Card applets it can hold at any one time, the previous limit was 12, the iOS 15 Wallet limit is 16 cards. Developers have two ways to access iPhone NFC: 1) Core NFC framework for NFC operations that don’t use the secure element, 2) Secure Element pass certificates for NFC operations that need secure element transactions (payments, keys, ID, passes). Any developer who wants to run applets in the eSE has to apply for a PassKit NFC/Secure Element Pass Certificate. This is covered by NDA but a company called PassKit (not Apple) gives us an idea what Apple’s Secure Element Pass guidelines are:
Apple care a great deal about the user experience. Before granting NFC certificate access they will ensure that you have the necessary hardware, software and capabilities to develop or deploy an ecosystem that is going to deliver an experience consistent with their guidelines.
The end to end user experience, the whole reason behind the success of Apple Pay. But this gatekeeping is what riles banks and financial service providers who want to load their applets into the secure element without the Apple Pay gatekeeping, without the Apple Pay ecosystem and without the Apple Pay commission. They want to do their own transactions with their own app for free. This is what the EU Commission means when Vestager says: “Evidence on our file indicates that some developers did not go ahead with their plans as they were not able to to (sic) reach iPhone users.” It should read: when they were not able to reach iPhone users for free. Either the developer didn’t apply for a Secure Element Pass, didn’t pass the certification process, balked at Apple’s certification conditions, or couldn’t agree on Apple Pay commission rates.
Secure element gatekeeping is not new, it is an essential part of the secure element system:
A Secure Element (SE) is a microprocessor chip which can store sensitive data and run secure apps such as payment. It acts as a vault, protecting what’s inside the SE (applications and data) from malware attacks that are typical in the host (i.e. the device operating system). Secure Elements handle all sorts of applications that are vital to our modern digital lives…
Mobile Payments Here, the Secure Element securely stores card/cardholder data and manages the reading of encrypted data. During a payment transaction it acts like a contactless payment card using industry standard technology to help authorize a transaction. The Secure Element could either be embedded in the phone or embedded in your SIM card.
Lifecycle management It’s crucial that SE-embedded devices are secure throughout their lifecycle. That’s why Secure Elements need to have an end-to-end security strategy. It’s no use developing a robust security solution for a device which becomes obsolete after a period of use. This is why Secured Elements can be updated continuously to counter new threats.
Few people, especially a PayPal or EU Commission vice president, discuss the crucial secure element lifecycle management aspect. It’s not convenient for them to say the secure element ‘gatekeeper’ is responsible for keeping it secure. Far more convenient for their arguments to omit this, portray gatekeeping as unnecessary and gatekeepers as evil. In the end however, Apple has to maintain secure element updates from the various licensed secure element providers (EMV,FeliCa Networks, MIFARE, and so on) if secure payments are going to work at all This is what people who say, ‘it’s my device, we should be able to use NFC how we want,’ do not understand.
People also forget that nothing is free, you get what you pay for. With Apple Pay as gatekeeper, users get simplicity, innovation and feature updates. Simplicity: users get NFC they can use out of the box without Android-like NFC complexity such as secure element positions and obscure express mode settings.
Innovation: Apple Pay has features like Global NFC. iPhone and Apple Watch are the only smart devices that come with FeliCa built in as standard to use in Hong Kong or Japan, while Android limits functionality by market region. It’s astounding that Android, not even Google Pixel Android, has matched this basic functionality yet. We’re seeing more innovation as Ultra Wide Band (UWB) extends Wallet functionality to include ‘Touchless’ car keys and eventually, UWB enhanced automatic card selection as you approach the reader; more helpful than you might think.
Japan is key to understanding what’s really going on in the Apple Pay monopoly debate. Japan was the first market with an established mobile payment platform in place, long before mobile EMV contactless payments took off in Europe. iPhone also has a much larger marketshare in Japan than it does in Europe. It’s a shame people pass up the opportunity to learn from the successes and failures here.
So what’s the EU Committee vision for ‘open NFC’? I think it’s a rehash of the secure element wars when carriers locked mobile payment services to SIM contracts. In 2013 Google incorporated SimplyTapp HCE (Host Card Emulation ‘secure element in the cloud’) technology as a NFC ‘workaround’ to ‘free’ NFC from the evil clutches of mobile carriers. Sound familiar? Android NFC has never been right since.
How little things change, swap ‘evil mobile carriers’ for ‘evil Apple’ and you have the same self serving ‘open’ vs ‘closed’ NFC chip nonsense that people are debating today. FeliCa Dude, the ultimate industry insider who has experienced it all, said it best: ‘It’s all eSE or nothing now.’
And yet we now have Île-de-France Mobilités (IDFM) turning back the clock, circumventing the eSE on NFC equipped Android devices and going all in with HCE for IDFM’s Smart Navigo service for Android. To me this says all you need to know what European priorities are regarding the ‘open NFC’ model: eliminate eSE gatekeepers by forcing the less secure network dependent HCE as a required option. Good luck with that. From a transit perspective, based on Mobile Suica user experiences, I don’t think HCE Smart Navigo will be a smooth ride.
The EU Committee ‘open NFC’ vision might look ideal…to Apple Pay competitors. Regular users however, will have to deal with the ugly reality of multiple NFC apps, multiple NFC secure element modes and clashing updates that cancel out NFC services. Apple Silicon eSE space is limited to 16 cards. If that sounds like a lot now, wait until you have credit cards, transit cards, home, car and office keys and ID installed along with ‘open’ NFC apps wanting their own eSE space too. Services will be squeezed out forcing the user to intervene. If the EU Committee thinks this environment fosters competition and innovation while growing mobile payment use, dream on.
Japanese tech journalist Junya Suzuki has covered NFC mobile payment developments in Europe, America and Japan for over 2 decades. He doesn’t think the EU is playing an even hand here, in his opinion Samsung and Huawei would never face the scrutiny that Apple now faces. In typical European cultural fashion, EU motives pay lip service to fair open markets while playing an underhanded game of chess to make Apple do what EU banking interests want Apple to do. In other words, a double standard.
What does Apple need to do? I’ve always said that Apple needs to make the Secure Element Pass application process as transparent as possible. Keeping the blackbox NDA process as it is now makes Apple Pay a target, increasingly difficult to defend the status quo. Secure Element access on the level of Core NFC is a long shot, the very definition of a secure element means there has to be a developer certification process similar to EMVCo, FeliCa Networks, MIFARE, Calypso Networks Association, etc., that protects the privacy and business interests of all parties. But it would be great if there is a middle way where Apple can securely open things up for iPhone as a digital wallet, and iPhone as a payment terminal. We’ll see if Apple has anything to say about the subject at WWDC22.
Recommended reading: Ruimin Yang’s wonderfully detailed analysis, “Apple Pay monopoly, are we really comparing ‘Apples’ with ‘Apples?“outlines the entire Apple Pay system architecture, how it compares to other digital wallet platforms, (Google Pay, Samsung Pay) and what ‘open vs closed’ means in the ‘Apple Pay is a monopoly’ debate.
The April 19 launch of SBI Neobank Mastercard debit card support for Apple Pay was a bit unique: the first time that a plastic issue Japanese debit card came to Apple Pay and the first Apple Pay Japan debit card supporting the FeliCa iD payment network. Another interesting aspect is that only the Mastercard version supports Apple Pay, the VISA version is plastic only with VISA Touch (EMV contactless) support.
There are plenty of bank app issue digital only debit cards from JCB, Mizuho, MUFG and others on Apple Pay. These all work on JCB’s QUICPay (FeliCa) and J/Speedy(EMV) payment networks. Apple Pay Japan supports many different mobile payment network cards thanks to Mobile FeliCa support, by far the largest selection of Apple Pay payment networks in the world: EMV (VISA, Mastercard, AMEX, JCB), iD, QUICPay, Suica, PASMO, nanaco, WAON. But VISA issue debit cards are not supported even though there are many, not a single one on Apple Pay.
Wasn’t this taken care of by the May 2021 Apple and VISA JP agreement? For credit cards yes, one year later they are still at odds over FeliCa support in debit cards. VISA Japan brand debit cards are VISA Touch EMV contactless exclusive, single mode cards. VISA JP credit cards are dual mode EMV/FeliCa for plastic and smartphones, but not debit cards. We don’t know the reason but debit cards deifintely fit the budget customer category while credit cards come with credit checks, perks and card membership fees for upscale cards.
As an easily available budget card, VISA cuts costs by dumping the dual mode EMV/FeliCa IC chip and transaction fees for the convenience of using FeliCa iD/QUICPay payment networks. In other words VISA keeps all transaction fees for themselves while marketing the shit out of VISA Touch as the greatest thing since…whenever.
All of the other card brands in Japan have dual mode NFC as standard. Not VISA, they’re playing the long game of eliminating FeliCa payment network competition. This stupid polarizing single flavor NFC position only served to give QR Code payment networks (PayPay, Line Pay, etc.) a huge opportunity that they smartly played. End result: more payment network competition than ever before.
Apple on the other hand has a very simple rule for all Apple Pay Japanese issue cards: they must support FeliCa and all EMV cards are global NFC dual mode. Was this the price for adding FeliCa support to Apple Pay? Perhaps, I think it’s more to do with the Apple Pay vision of removing complex and confusing hardware choices, the Google Pay Japan mess, for standard ‘just works everywhere’ NFC. Has this been successful? Very...just ask Suica.
Suica App user reviews are relentlessly bad, rip after rip of ‘this software sucks’. Never a good thing to say. Here’s the thing however, when you dig into the reviews most of them have little to do Suica App. It’s also really weird that many reviewers/users seem to think they need Suica App for using Suica at the transit gate. They don’t.
Why are people even using Suica App anyway? You don’t need it to add Suica to iPhone, you don’t need it to recharge Suica. All these things can be done in Wallet app. And now that people are working remotely, there is much less demand for purchasing commuter passes, the biggest reason for using Suica App in the first place. But there is one good reason for using Suica App: setting up Auto-Charge. Set that and you’ll never have to use Suica App.
There’s an important difference to know about Auto-Charge vs. regular recharge in Suica app and Wallet app: auto-charge is locally processed via the transit gate Suica NFC reader. It’s instantaneous and doesn’t care about your iPhone network connection.
Wallet and Suica app recharge are processed via the iPhone (or Apple Watch) network connection. Apple Pay talks with iCloud and Mobile Suica, the transaction is processed online and relayed back to Apple Pay, the recharge amount is added to Suica card. Many network hoops.
There is a message the Mobile Suica twitter account puts out regularly: make sure your smartphone has a robust network connection and don’t use free WiFi when recharging Suica or using Suica App. A bad WiFi connection fools Suica App users into thinking their iPhone is connected to the internet when it is not. This is a particular problem with carrier Wi-Fi SIM auto-connect that bypasses a solid 4G/5G connection and automatically connects to an extremely unstable or overloaded carrier WiFi instead. WiFi on trains and in stations is never reliable and should be turned off when using recharging Suica in Wallet or using Suica App.
Which brings us to an interesting Suica App user review titled “It’s a real urban legend” which explains all the crap talk about Mobile Suica boils down to people trying to recharge at rush hour in transit gate areas with a crapped out carrier or free WiFi connection…the perfect Suica App killer situation. The reviewer recommends “recharge in a calm place at calm time,” to which I heartily agree. Or better yet, ditch network recharge altogether and use Suica NFC Auto-Charge. It will never fail you.