We all float

The float is essentially double-counted money: a paid sum which, due to delays in processing, appears simultaneously in the accounts of the payer and the payee.

Individuals and companies alike can use float to their advantage, gaining time or earning interest before payment clears their bank.

Investopedia

One of the great tragedies of the NYC MTA is that it’s a too-much-public-not-enough-private transit cash pipe with too much exposure to local NY politics. NYT has a wonderful video on YouTube that explains the critical MTA flaw: politicians cleverly borrow against the MTA cash pipe for pork barrel projects that have little or nothing to do with MTA, but leave it highly leveraged and helpless to fix it’s own problems or invest in infrastructure.

Think of what MTA could really do if it was effectively protected from political interference, with full control of its own money and a Suica-like transit+payment empire, free to use the float of all those MetroCards soon to be OMNY transit cards.

One of the many things never discussed about open loop is who uses the float, but banks hold the money until the user account is settled with the transit company and they take a cut of the fare. It doesn’t take much imagination to see why banks and credit card companies really like promoting open loop.

Closed loop Japanese transit companies don’t talk about the float either but Japan IC Transit cards are like micro bank accounts with unused e-money balance and plastic card deposits sitting in all those Suica, PASMO, ICOCOA, manaca, etc. Japanese transit companies love to put all those micro bank accounts to work earning interest.

Japanese transit companies and Hong Kong Octopus have built those micro bank account transit cards into a very nice transit payment platform business that combines transit, payments and other services attached to the card which means there’s a lot more stored fare floating around than plain old transit-only cards. The addition of digital wallets like Apple Pay Suica and Apple Pay Octopus means there’s ever more e-money moving through those cards with short term parking…more float for transit companies to earn interest.

It’s a wonder why more transit companies haven’t followed the transit payment platform model to capture more business in the digital wallet era, but it’s testament to how little control they have over their own business destiny. Next time when you hear the praises of open loop over closed loop, remember to think about who’s floating in that business arrangement…and who’s not.

Farewell FeliCa Octopus, save the last tap for me

During the 2019 Apple Pay Octopus saga one thing was clear: Octopus was living on borrowed time. On the eve of the Apple Pay Octopus launch:

Octopus Cards Limited (OCL) has been slow extending the service to include mobile. Instead of putting early effort into digital wallet support for Apple Pay/Google Pay/Samsung Pay, OCL wasted time and resources developing the niche Mobile SIM product which didn’t pan out. This lag coupled with the rise of AliPay and WeChat Pay QR Code payment empires put enormous pressure on OCL to do something…

With so much traffic and business from the mainland, OCL owner MTR is looking to add QR Code Open Loop transit support (paywalled link)…MTR gates will eventually look like the ones in Guangzhou with PBOC/FeliCa/QR Code readers supporting Octopus, China T-Union, AliPay/WeChat Pay. At which point I say OCL doesn’t have a viable transit platform business anymore.

I hoped the success of Apple Pay Octopus would buy it time, but on August 28 the South China Morning Post published a story where OCL CEO Sunny Cheung says they will join the China T-Union initiative for seamless transit integration between Hong Kong and China. He to goes out of his way a few times in the interview to say how ‘old’ NFC technology is:

Cheung said internet users’ criticism of Octopus being a tech laggard died down in June after people were allowed to add their Octopus account to Apple Wallet on their iPhones. Cheung, who admitted he was stung by the criticism, regarded Octopus’ breakthrough on the iPhone as one of the best times of his stint with the company. “This was one of my biggest challenges,” he said. “The breakthrough helped refresh Octopus’ image even though it is still using NFC technology.”

Hong Kong’s Octopus aims to spread tentacles with contactless card for paying fares in mainland China

Obviously Sunny thinks that QR Codes are cutting edge. He is retiring and doesn’t care about criticism regarding his ineffectual OCL management, or scalping inbound tourists who want to use Apple Pay Octopus.

Hard Reality
China has ruthlessly weeded out MIFARE and FeliCa transit cards and replaced them with the slower PBOC 2.0/3.0 China T-Union standard, aka the supermarket checkout spec. I think Octopus will eventually get the same China T-Union lobotomy.

Doing so means OCL and China transit authorities can replace or retire the Sold Octopus•Lingnan Pass that is plastic only and covers 20 Greater Bay Area cities. Online information is limited but the current Sold Octopus•Lingnan Pass card appears to be 2 separate chips, a NFC-F FeliCa with HKD e-purse and a NFC-A PBOC Lingnan PASS RMB purse. It’s a plastic era solution that cannot work on digital wallets in its current form.

Octopus could be ‘dual mode’: a single card with separate NFC-A/China T-Union RMB purse and NFC-F/Octopus HKD purse. In this scenario Hong Kong Octopus remains on FeliCa while the rest of China gets the benefit of China T-Union with mobile support. Unfortunately OCL would have to create a new dual mode card architecture that works on digital wallets and have somebody design and fabricate IC chips for plastic issue, an expensive undertaking. It would be great if this could happen but I’m not optimistic.

It’s easier and cheaper to create a single protocol China T-Union PBOC 2.0/3.0 card with separate RMB and HKD currency e-purses that works everywhere, and on mobile, for all mainland transit and for mainlander transit in Hong Kong.

There is also the plastic card issue business angle to consider. Read FeliCa Dude’s Octopus on iPhone 7 post paying special attention to the Octopus plastic card issue steps that he outlines. The Hong Kong powers that be would like that profitable franchise sourced locally or in mainland and not from Sony.

We all know ‘one country two systems’ is an illusion and Hong Kong is quickly being force fitted into China. There are no hold outs. It may take a few years, but as MTR transit gates and OCL store readers are gradually replaced with newer models, those readers will all have dual mode FeliCa/PBOC support. And when everything is ready, MTR and OCL will turn off FeliCa. FeliCa based Octopus has had a great run that influenced transit fare system development around the world. Enjoy it while it lasts.

Update

Jason Tjong tweeted that a dual protocol mode T-Union + FeliCa transit Octopus card is in final testing stages. It will be interesting to see the hardware details. Hard to say what it is at this point, Sold Octopus•Lingnan Pass replacement, Greater Bay Area transit card, something else? But a digital wallet version seems unlikely nevertheless.

One week in

Apple Pay Octopus has been in service for a week so I asked for some Apple Watch field impressions on Twitter. Overall, users seem pretty impressed:

I am using it daily and it is really out of this world. I use it on my watch and now I can literally go out for a jog or hike with just wearing the watch.

It works perfectly on my AW so far. But from I’ve heard on LIHKG, there some users facing the difficulties on the express mode. Mostly are requiring passcode when going through the gate.

It’s mostly positive. However there’re times where the reader isn’t sensitive enough and need to linger the watch longer. Also going to work first thing in the morning but forgetting to enter pass code in the apple watch is frustrating since it doesn’t inform you need to unlock.

Been using AW Octopus everyday. Use cases include MTR, tram, ferry, 7-11, eating meals at all sorts of restaurants like Tai Hing, Ki’s Roasted Goose, Pret etc. Octopus on Apple Pay drastically improved HK’s cashless experience. It’s definitely okay for me to go out with only AW. Not even with my phone. Feels really good. The speed of payment is also very remarkable. However, the reader in Tai Hing seems to need an extra second to detect my AW, not sure why. Plus AW users might want to wear it on the right wrist, which makes passing MTR gates easier.

Using it everywhere. All good and same speed as physical card, expect bus and some small shops were like a heartbeat slower. Also twice there was no “ping” confirmation sound. Tried AW on my right for mtr, its only good for that, imo left is more comfy for other occasions…

… after so many years of waiting, finally an apple pay suica experience in HK.

You can follow the Twitter thread here. I have noticed a few small gate lag hiccups on my Apple Watch Suica since upgrading to watchOS 6.2.5/6.2.6. The lag is especially noticeable if a workout is in progress. The passcode request at the gate could indicate that Express Transit is deactivated somewhere along the way, either by a loose band activating the wrist detector into thinking Apple Watch was taken off the wrist, or it could be something else.

My Apple Watch insisted that I create a 6 digit passcode recently and disabled the 4 digit passcode option for a few days. Who knows, the passcode requests that some HK users are seeing could be a watchOS bug or an Octopus reader side issue that can be addressed with a firmware update.

Apple Watch is still prone to OS version performance issues that disappeared from iPhone with A12 Bionic and Express Transit with power reserve. Apple Pay transactions on A12 Bionic and later bypass most of the iOS layer and are directly handled in the A12/A13 Bionic Secure Enclave and Secure Element. It makes a big performance difference for Suica and Octopus.

Hopefully the next watchOS update will improve Suica and Octopus performance. Better yet let’s hope that Apple Watch 6 introduces a Apple S6 chip with Express Transit with power reserve. That would solve the watchOS version NFC performance issues for good, just like it did for iPhone.

A12/A13 Bionic makes a big difference in NFC performance,

Next Up for Octopus: Google Pay or Garmin Pay? (Updated)

Apple Pay Octopus launch day was a big success, so successful that Octopus apologized for their servers buckling under the demand. What’s next for Octopus, Google Pay? There are some possibilities but when it comes to Android there is the matter of the Secure Element (SE), where it resides and what transaction protocols are supported.

From the NFC hardware angle everything has been ready to go on all smartphone hardware for years, NFC A-B-F is required for NFC certification. The problem has been on the SE side, the black box where all the transaction magic happens. From Global Platform the SE certification organization:

A SE is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (for example cryptographic keys) in accordance with the rules and security requirements set by well-identified trusted authorities.

There are different form factors of SE: embedded and integrated SEs, SIM/UICC, smart microSD as well as smart cards. SEs exist in different form factors to address the requirements of different business implementations and market needs.

Global Platform Introduction to Secure Elements

SE Wars and Google HCE ‘SE Pie in the Sky’
In the pre-Apple Pay mobile carrier hardware era, carriers used SE SIM or embedded Secure Elements (eSE) + SIM combos that chained customers to service contracts for the privilege of using mobile payments. This is the classic Osaifu-Keitai textbook maneuver pioneered by NTT Docomo: leave those pesky SIM Free whiners in the cold world of plastic cards and hard cash, or crippled digital wallets until they give up and buy an overpriced carrier SIM. This brain dead approach is one reason why Mobile FeliCa ended up being ridiculed as ‘galapagos technology’ even though everybody copied it with inferior crappy me-too products.

This carrier SE hostage situation, i.e. the Mobile Wallet SE Wars, led Apple and Google to follow different strategies to address the problem.

The Apple Pay Way
Apple’s answer of course was Apple Pay. A unique in house strategy of putting a Global Platform certified Secure Element in their A Series/S Series chips then building it out from there. Most eSE go on the NFC controller, but doing it the Apple in-house way has advantages over a NFC chip vendor bundle: control of the eSE applets and ability to update them and the Apple eSE for new protocols in iOS updates. We saw this in action with the addition of FeliCa in 2016, PBOC in 2017 and MIFARE in 2018. We may even see the addition of Ultra Wideband (UWB) Touchless in iOS 14.

What iOS 14 could look like with QR and UWB support

The Google Pay Way
Google’s answer to the carrier owned SE problem was the more convoluted evolution from Google Wallet (2011) to Android Pay (2015) and finally Google Pay (2018). Google first salvo was Host Card Emulation (HCE): “NFC card emulation without a secure element” hosted on Google’s cloud. Later on Google attempted to do the same for FeliCa with HCE-F.

But then something happened that put an end to all this: Google decided to get into the hardware business. And now we have Google Pay and Google Pixel with it’s own embedded Secure Element (eSE). With Pixel, Google decided they didn’t want to be the Secure Element cloud provider for every Android OEM out there especially when the Chinese OEMS are all rolling their own eSE based digital wallet services anyway, completely ignoring HCE. Sure, HCE/HCE-F is still there in the Android developer documentation but it’s a dying vestigial relic of the SE wars.

But Google Pixel depends on vendor bundled eSE + NFC controllers and the Osaifu Keitai software stack. This makes global NFC support more complicated because Google doesn’t ‘own’ the eSE and the software stack, at least not in the Apple sense of making their own all in one design. This is one reason why Pixel 3/4 only support FeliCa in Japanese models even though all worldwide models have the same NFC A-B-F hardware.

The end result of all this is the Android market is a very fragmented landscape, there are no global NFC Android smartphones: a device that supports EMV, FeliCa, MIFARE, PBOC out of the box in one globally available package.

Google Pay Octopus and the Android Global NFC Installed Base
Back to our original question, can Google Pay Octopus happen? We already have Google Pay Suica right? Let’s assume that Octopus Cards Limited (OCL) has everything in place for it to happen. Here we run into the problem just described: there are’t any global NFC Android smartphones available globally. Samsung sells them in Japan and Hong Kong, Google only sells them in Japan along with Huawei, Oppo, Sharp, etc.

For OCL this means the potential Google Pay installed base that can support Hong Kong Octopus consists of Samsung Galaxy smartphones that are already using Smart Octopus in Samsung Pay; not exactly a mouth watering business opportunity worth the support expense. Even if Google Pixel 5 goes deep instead of cheap, Hong Kong would have a potential Octopus non-Samsung Android device, but that’s only one new device not an installed base. I only see Google Pay Octopus happening if Google localizes all the necessary Osaifu Keitai software and foots the entire support expense.

There is a way forward however for OCL: Garmin Pay Suica. The same Garmin APAC models that support Suica can also support Octopus, the recharge backend is entirely Google Pay. Garmin smartwatches work with any Android 5 and higher smartphone, a much larger installed base that bypasses the fragmented Android problem. Garmin Pay Octopus would offer Android users a way in, who want to use Octopus on a mobile device but who don’t want to use Samsung or Apple devices.

The conclusion: forget Google Pay Octopus for the time being. Hong Kong is a golden opportunity for Gamin Pay Octopus….if Garmin can get Garmin Pay clearance from Hong Kong authorities and banks, and cut a deal with OCL. It’s certainly in Octopus’ best interest for OCL to help turn the negotiation wheels. It’s also in Google’s interest as Google Pay would supply the recharge backend as it does for Garmin Suica. Big hurdles all, but I hope it happens.


Update

There’s another possibility besides Garmin Pay or Google Pay: Huawei Pay Octopus is said to be launching before the end of 2020. Huawei has shipped FeliCa capable smartphones for the Japan market since June 2018. From a hardware perspective Huawei Pay Octopus support is ready to roll and Huawei has the deep pocket resources to build their own support stack without using Osaifu Keitai apps, just like Apple and Samsung have done. It makes sense in light of Google Pixel refusing to support global NFC, and gives Octopus Cards Limited a second digital wallet platform in the all-over-the-place global NFC support reality of the Android world.

If you need to enter your passcode

A reader asked me about using face masks with Express Transit. The great thing about Express Transit with Suica and Octopus is that the user doesn’t need Face ID or Touch ID to use transit or buy stuff. It’s very convenient to have, especially in our face mask era. iOS 13.5 added a small Face ID tweak for easier passcode entry when wearing a face mask. It helps with the basic unlock but for me regular Apple Pay authentication is still a pain.

The reader wanted to know if the iOS 13.5 Face ID tweak affected Express Transit. It does not. You don’t need Face ID to use Apple Pay Express Transit. But Face ID needs to be ‘on’ in order for Express Transit to work and finding the right information on Apple support pages is a little confusing. The reference page you want is If Face ID isn’t working on your iPhone or iPad Pro>If you need to enter your passcode:

The key sentences are outlined in red. Wearing a face mask is not a problem with Express Transit and Face ID turned on. However, “five unsuccessful attempts to match a face,” turns off Face ID and Express Transit. You need to enter your passcode to turn on Face ID and Express Transit again.

Unfortunately turning off Face ID wearing a face mask with five unsuccessful attempts without realizing it is easy to do and trips up a lot of Express Transit users who are not aware of it. That’s why I suggest turning off the ‘Raise to Wake’ option in Settings > Display & Brightness. Doing so reduces the chance of ‘five strikes’ and makes Face ID with face mask life a little easier.