Contactless Payments White Paper

The Secure Technology Alliance White Paper Contactless Payments: Proposed Implementation Recommendations is an interesting read, not only for what it says but for finding out what’s on the collective mind of the credit card industry.

Here is a quick summary…
<with comments>

About the Secure Technology Alliance
The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT)

<forget all the other shit, Secure Technology Alliance is a credit card EMV promotion society>

2.2 Contactless Acceptance Terminal Considerations
Contactless payments are not new. Contactless payments relying on magnetic stripe data (MSD) have been available since 2005. However, as the U.S. transitions to EMV, some payment networks are no longer recommending contactless MSD solutions. Moreover, some EMV contactless cards are being deployed without contactless MSD support, which can cause interoperability issues or cause a transaction to be terminated and processed using the EMV chip or magnetic stripe.

<contactless MSD is a crappy half-assed stopgap standing in the way of progress that nobody uses except Samsung Pay, get rid of it already>

2.2.4 Recommendations Figure 1. Enabling a Contactless Terminal at the Checkout

• Contactless terminals should be customer-facing

• Customers should not need to tell cashiers how they intend to pay
<in a perfect world NFC is EMV contactless exclusively without complications from annoying FeliCa or MIFARE and credit card companies are the de facto treasury departments for all advanced nations of the world>

• The contactless terminal should always be switched on and ready to use; the cashier should not need to switch it on
<WTF, this is a recommendation?>

• The cashier should not need to enter the amount twice; the amount should be automatically displayed on the terminal

<oh I get it now, we’re talking about American cash register infrastructure>

2.3 Cardholder Experience: Different Contactless Form Factors
When performing contactless transactions, consumers already use a variety of form factors—contactless cards, mobile wallets on phones, wearables (such as watches, rings, or key fobs)—and there may be additional options in the future. While the “tapping” procedure to initiate the transaction should be the same regardless of form factor, other consumer behavior may not be consistent, especially when using a wallet on a mobile phone.

<I see, smartphone wallets with their own secure authentication are a problem, contactless credit card things with 4 PINs and meaningless terminal signatures are not a problem>

Transactions initiated using a mobile phone involve a two-step process: first, the wallet is activated (using an authentication method such as a biometric,4 PIN, or pattern); second, the phone is placed in proximity to the POS device for the contactless read.

Generally, however, the authentication mechanism used as the cardholder verification method (CVM) will be the consumer device cardholder verification method (CDCVM). CDCVM uses a mobile phone’s passcode or biometric user authentication to verify the cardholder for a payment transaction, removing the need for the cardholder to enter a PIN or provide a signature. Such use can result in an inconsistent consumer experience; sometimes a cardholder may be required to provide a PIN or signature on the terminal (for example, if the contactless terminal does not support CDCVM) and sometimes no verification will be required. However, as consumers become more familiar with the process and as older terminal functionality is replaced with newer technology, there should be fewer inconsistencies. In addition, note that, at this time, some networks may not support CDCVM with their U.S. common debit AID, which may result in inconsistent consumer experience for debit transactions.

 <blah, blah, blah, in other words credit card companies and payment networks will do as little as possible to clean up their own mess and blame somebody else for their problems, what else is new>

3.3 Contactless POS Infrastructure and Acceptance
Contactless acceptance is a major trend globally, with a significant percentage of POS terminals supporting contactless. The following are some key published market statistics:
• According to Juniper Research18 (Figure 5, Figure 6), 31.6% of all terminals in service in North America are contactless; North America accounts for 19.6% of the global installed base of contactless POS terminals.
• Visa has reported that, as of September 2017, 40% of U.S. face-to-face Visa transactions today occur at contactless-enabled locations, that a growing percentage of merchants are enabling contactless.

<wait a minute, what about that North America 19.6% figure? Contactless POS Terminals in Service as a Proportion of All POS Terminals: Asia: 43.6%, Western Europe: 14.3%, North America: 19.6%, we don’t want to talk about context here do we? Too embarrassing>

And the grand finale:

3.5 Open Loop Contactless Payments in Transit
Transit agencies are moving, or considering moving, to open payments with next generation fare payment systems—that is, credit and debit payments made using contactless EMV devices at transit points of entry (e.g., at fare gates, on buses)— to supplement traditional closed-loop acceptance. As noted in Section 2.5, consumer use of contactless payments for transit can help drive incremental transactions and top-of-wallet status for cards. Issuers contemplating transit as a factor in their contactless decisions should be aware that the specific timing for implementing transit open payments within a given region can have some uncertainty. In addition to the schedule impact of procurement and implementation timeframes, issuers should note that transit agencies interested in open payments may also consider the current state of contactless issuance and other relevant factors in their decision- making process.
Other relevant considerations include the following:
• As the market for open payments in transit is still emerging, the content of the authorization/settlement messages sent from different agency back-end systems may not be consistent.
• Transit merchants may require functionality that addresses transaction times and risk, such as offline data authentication (ODA) and/or deferred (or delayed) authorization.

<translation: credit card companies are falling over each other to get into transit and sucker convince transit operators into junking closed ticketing systems. Credit card companies have no interest in ticketing infrastructure outside of skimming their take. Let transit operators spend tax payer money doing all the back-end work and dealing with problems. Let them deal with transit user ire over slow EMV contactless transactions at overcrowded transit gates or when credit cards are de-activated in mid transit.>

What a sweet deal.


What the Hell is VISA Up To in Japan?

VISA is the least consumer friendly card company in Japan. Period. Mastercard, American Express and JCB are making it easy for Japanese customers to use their cards in mobile wallets (Apple Pay, Osaifu Keitai) both domestically and abroad with NFC Switching. NFC certification requires both NFC-A and NFC-F. Smartphones can do it all, how nice.

Except VISA does not want to play nice, they want to play market politics. Witness VISA’s latest boneheaded move reported by Masakazu Tatara on his excellent EPayments JP site: Visa is pulling the plug on Mobile Visa payWave (NFC-A EMV contactless). The last holdout is Sumitomo Mitsui who will terminate service at the end of December 2018. VISA on the iD and QUICPay (NFC-F FeliCa) contactless payment networks remains in place as does plastic card payWave.

As Tatara san asks, what is VISA up to? His quick review of the Mobile VISA payWave spec is helpful and remarkably similar to the Mobile FeliCa spec.

The secure methods for storing Mobile VISA payWave transaction information are:

  1. A mobile device with an Embedded Secure Element (eSE)
  2. HCE (Host Card Emulation in the cloud)
  3. A “Mobile eSE” SWP SIM
  4. A NFC Contactless Payment Sticker

As Tatara san explains, it is the #3 SIM card option that is really being phased out.  #1 includes Apple Pay and Osaifu Keitai devices. The recently released Google Pay Japan is simply an alternative Osaifu Keitai front end that entirely dispenses with the dead HCE-F. As if this was confusing enough, VISA Japan has not signed on with Apple Pay Japan or Google Pay Japan, nor is VISA payWave compatible with the Osaifu Keitai standard. This leaves #2 and #4 as the only real Mobile VISA payWave Japan options going forward. Good luck with that.

Japanese media has speculated that the Sumitomo Mitsu and Mizuho financial groups want to promote QR Code contactless payments over NFC and the death of Mobile VISA payWave proves that QR is winning the contactless payment turf war. Don’t believe it.

In Japan, aka the contactless payment turf war epicenter, the battle line is stored value vs. credit card with stored value cards the clear winner. This week’s Mizuho Suica announcement is proof of that. There isn’t any money for Japanese merchant support of EMV contactless because most inbound tourist business is mainland Chinese who only want to use QR code contactless AliPay and WePay which Japanese will never use.

So where is VISA going in the Japan market? One guess: the success of Apple Pay Suica and the release of the Global FeliCa iPhone/Apple Watch has VISA at a momentary standstill. Because if Google follows Apple’s lead and releases a Global FeliCa Pixel 3 with NFC switching, things will get very interesting. The more Global FeliCa becomes a ho-hum checkbox feature with every smart device, the more VISA Japan will have to play nice with Apple Pay and Google Pay or risk being shoved aside.

Which brings us back to FeliCa again. To outsiders it looks like the Japanese contactless payments market goes round and round, but it doesn’t. VISA Japan goes round and round playing market politics never moving forward, and that does damage. Last month I wrote:

It would be much better for customers if smart device manufacturers bundled all the major middleware stacks (EMV, FeliCa, MIFARE, China Transit, CEPAS) and simply called it Global NFC. Real Global NFC.

Until the industry does a better job of integrating NFC hardware and the various middleware pieces into a virtual whole, NFC confusion will continue to be a problem.

It would be much better for customers if the credit card industry stopped the contactless payment turf wars and started delivering solutions that help customers instead of sowing confusion.

UPDATE: a reader reports says that payWave on SIM cards is pretty much dead everywhere because the “secure element wars are over.” That’s interesting in light of Huawei offering FeliCa Osaifu Keitai service via Docomo with a SIM card. But that is a Docomo thing more than a Huawei thing.

The Big Implications of Apple Pay Mizuho Suica Branding

Apple Pay Branding Model
A diagram of how Mizuho plugs into Suica and how it could work with branding schemes like PASMO

Mizuho Suica for Apple Pay raises questions and fascinating possibilities way beyond yesterday’s announcement. Why now and why only Apple Pay? Is this the first of many Suica branded cards coming to Apple Pay?

The announcement was short, small and caught Japanese IT journalists off guard. Nobody anticipated Apple Pay Suica branding just appearing and working with a wallet app update. It’s slick and in true Apple fashion ‘just works’, but journalists missed important points with huge ramifications:

  • Mizuho Suica only exists as a virtual card hosted on the Mobile Suica Cloud, there is no plastic equivalent
  • DNP provides the Mizuho Wallet app backend

Put together this means the Apple Pay Suica branding vehicle is complete and ready to roll. Almost exactly the model outlined earlier.

The only remaining question is how many other transit companies and banks are going to get on? It’s tempting to think that with another Apple Event approaching, Suica’s eight sisters will join the Apple Pay branding parade: PASMO, ICOCA, TOICA, manaca, Kitaka, SUGOCA, HAYAKAKEN, nimoca. That’s probably a long shot but the vehicle is ready and waiting if they decide to join and time is running out if other transit areas want to benefit from the flood of inbound visitors anticipated for the 2020 Tokyo Olympics.

The Apple Pay Japan strategy of focusing on the stored value Suica transit card more than credit cards has been a tremendous success. Transit truly is the golden uptake path for contactless payments, exactly as the recent and widely regurgitated Juniper Research piece pointed out but everybody seemed to miss that point.

None of the other Japanese transit cards are on mobile but everybody building their own cloud infrastructure is out of the question. If JR East, DNP and Apple can coax the other Japanese transit cards to join the Suica branding scheme that finally offers commuter plans and more for everywhere and not just Tokyo, Apple Pay will easily become the de facto mobile wallet for Japan.

UPDATE 1: the Apple Pay Suica branding program is underway, sources say ‘stay tuned’ for more Apple Pay Japan payments and apps in the near future, September and October are the usual suspects.

UPDATE 2: I think one reason why Japanese journalists missed the virtual only Mizuho Suica point is because the Android Mizuho Wallet App release earlier this year also had virtual cards with one very important difference. Android Mizuho Wallet creates virtual Mizuho QUICPay JCB Debit cards not Suica. Mizuho Debit cards are hosted on the Mizuho system just like their credit cards. Virtual Suica branded cards are hosted on the JR East Mobile Suica Cloud, a completely different system with completely different implications.

UPDATE 3: I hate the blog title and am utterly clueless trying to find a better one that exactly captures why this is an important development.

Apple Pay Predicted to Account for Half of Mobile Wallet Users by 2020

Must be a slow news day: market research blah coughed up by Juniper Research is mindlessly regurgitated by MacRumors and AppleInsider. Free advertising for Juniper Research, you go Juniper Research.

To save you the trouble of clicking click bait here is a summary, >with comments:

  • Contactless payments will exceed the $1 trillion mark for the first time in 2018, a year earlier than previously anticipated by Juniper.
    >That’s still small
  • “We believe that growth over the next 5 years will continue to be dominated by offerings from the major OEM players.”
  • Contactless card payments are the strongest across Far East & China and Rest of Asia Pacific.
    >Double Duh and ‘Far East’ is a quaint stupid UK expression that should be shot
  • Contactless Ticketing Gains Traction: Beyond in-store payments, the research forecasts rapid growth in contactless ticketing
    >Japanese IC transit card daily transactions (transit & e-money) top 7 million most of it still plastic
  • Juniper forecasts nearly 10 billion mobile contactless ticketing transactions, ie tickets purchased or validated, by 2022, with North America dominating the sector, followed by the Far East & China.
    >Oh boy, here it comes

Back in March I wrote:

One thing is clear: for smartphones more so than it was with plastic smartcards, transit is the golden uptake path for contactless payments but the combination is most successful when a transit platform matches up with a smartphone one.

Credit card companies are falling over each other to leverage EMV contactless to take control of transit ticketing away from transit agencies. It’s a classic “give us your money and we will save you money,” scam. As I have said many times EMV contactless sucks at transit. Singapore transit users are complaining of fried plastic contactless credit cards and of card issuers deactivating cards mid-transit for being over limit. This is the price for letting credit card companies manage transit ticketing.

The real fun will start when transit agencies wake up to discover they sold their souls to the credit card industry: transit agencies don’t decide who and who does not ride, the credit companies do.

Good luck to the New York Subway system as they phase out the trusty Closed Loop MetroCard system for a Frankenstein Open Loop mish-mash of EMV contactless and QR Codes. The dream of a transit payment platform for the great New York Subway remains a pipe dream.

Oh and one more thing, if Apple divorces Apple Watch from iPhone and allows direct Apple Pay card loading, Apple Pay will rule the world.

New York Subway Contactless Gate
Japanese IT Journalist Junya Suzuki photo of new contactless transit gate in New York

iPhone X Suica Problem Q&A Exchange Guide

Q: What is the iPhone X Suica NFC Problem?
A: It’s a iPhone X NFC problem that causes reader errors and double reads on transit gates or store readers on a regular basis. See for yourself here.

Q: Is it a big problem?
A: Yahoo Japan and Google Japan Search Suggestions related to the iPhone X Suica problem are highly ranked which tells you that lots of people in Japan are searching the topic.

Q: Is it a software or a hardware problem and can it be fixed?
A: Evidence is building that it’s a hardware problem that affects all iPhone X production before April 2018.
It appears that Apple made production changes in April 2018 that fixed iPhone X NFC hardware issues. I call these NFC error free units Revision B iPhone X. Japanese readers report that Revision B iPhone X NFC performance is substantially better than problem units and immediately noticeable.

Reader Feedback iPhone X Production Tally (as of 8-16-2018)

Unidentified Production Week iPhone X ‘Day 1’ bad units: 2

2017 Production week ? (October) 1 bad unit/factory code (?)
2017 Production week 41 (October) 2 bad units/factory code (F2,?)
2017 Production week 42 (October) 5 bad units/factory codes (F1,F2,DN,?)
2017 Production week 43 (October) 2 bad units/factory code (F2, DN)
2017 Production week 50 (December) 1 bad unit/factory code (G6)
2017 Production week 51 (December) 1 bad unit/factory code (FK)

2018 Production week 1 (January): 1 bad unit/factory code (?)
2018 Production week 3 (January): 1 bad unit/factory code (F1)

2018 Production week 15 (April): 1 good unit/1 bad unit/factory code (GH)
2018 Production week 18 (May): 1 good unit/factory code (G6)
2018 Production week 20 (May): 2 good units/factory codes (DN,FZ)
2018 Production week 24 (June): 1 good unit/factory code (?)
2018 Production week 25 (June): 1 good unit/factory code (?)

Q: Why is it a problem with iPhone X and not iPhone 8?
A:  Both iPhone models use the same NFC chip. It could be an RF routing issue on the X motherboard, which is considerably more complex than 8, an antenna specification problem, an interaction with other components on the device. Only Apple Engineers know the answer.

Q: Is this only a problem in Japan?
A: No, there are reader reports of the same iPhone X problems with China Express Transit cards, readers in America with iPhone X USA models report experiencing the same level of errors and double reads but were unaware of the problem until they saw my posts. I also experience regular errors and double reads with my January 2018 manufacture iPhone X Suica Problem unit using Apple Pay in America so yes: I believe the NFC problem is an issue with all iPhone X production for all models before April 2018.

Q: Why is it that iPhone X users outside of Japan are unaware of the problem?
A: It boils down to using Apple Pay for transit. It’s easy to catch the problem in the high performance, high usage Suica environment in Japan. It’s much harder to catch the problem with regular low performance cash register Apple Pay use outside of Japan.

The Replacement Challenge
Q: How do know if I have a problem iPhone X unit?
A: If you use Apple Pay regularly on your iPhone X and experience reader errors and double reads on a regular basis check the manufacture date by pasting your iPhone X serial number here. If the manufacture date is before April 2018 you have a NFC problem iPhone X unit.

Q: How do I exchange my problem iPhone X unit for a Revision B iPhone X?
A: Apple Support does not acknowledge the iPhone X Suica problem or any NFC problem so getting an exchange takes time, patience and tenacity. You have to rely on your judgement because exchanging your iPhone X for NFC issues with Apple Support isn’t easy, though it is getting easier to exchange it in Japan.

First of all Apple Support needs a solid reason: “I keep getting reader errors when using Apple Pay on my iPhone X,” or something similar. Apple Support will then take you through a laundry list of things to do, you can save time doing these before contacting Apple:

  • Reset All Settings
  • Reset Network Settings
  • Delete/re-add Suica card or credit cards in Apple Pay Wallet
  • Apple ID Sign Out/Sign In
  • iPhone X wipe and restore

Be patient. Explain that you have tried all of these but they did not solve your iPhone X NFC issues. Apple Support will also explain that there is no guarantee exchanging iPhone X will solve the problem. Again be patient, confirm that you understand this but want an exchange iPhone X unit.

If all goes well Apple Support will setup a Genius Bar appointment to exchange your iPhone X. At the Genius Bar the Apple Genius will test your iPhone X NFC hardware and tell you the hardware test shows no problem. Keep saying that you want to exchange your iPhone X anyway.

Before exchanging your iPhone X tell the Genius that you want to check the serial number of the exchange unit. Enter that serial number here to confirm the exchange unit was manufactured after April 2018. If so all should be good.

Note: Apple Support does not stock all international iPhone X models, be sure to confirm if your model is available when exchanging outside of your home country.

Q: Will Apple issue an exchange program for the iPhone X Suica NFC Problem like they did for the iPhone throttling issue?
A: I don’t think so. It took Apple 7 months into iPhone X production to fix the NFC problem. That’s a lot of iPhone X units to replace. I suspect Apple does not want to take that step unless there is enough bad press to force the issue.

Also: Apple Pay usage rates are not that high. People don’t get passionately upset with poor NFC performance as they do with things like battery performance and throttling. In the demanding Japanese transit environment people expect an expensive device to work correctly and Apple to fix it when it does not. I do too. Users and the tech press outside of Japan seem much more willing to give Apple a pass on the iPhone X NFC issue.

If iPhone X users and the tech media made a big stink like the battery throttling issue Apple would do something, but I don’t see that happening. Apple will probably try to quietly ride the issue out as the public attention focuses on new iPhone models.