iPhone NFC misinformation alive and well on reddit

Once in a while I get a surge of traffic from reddit and like to see which post was linked and the attached discussion. This was very hard to do before reddit added comment searches and even so it takes a few days before a new entry shows up in search results. The latest one was about iPhone X and NFC.

Question: What’s the difference between X and XS ? Which is better ? My second question: Recently I bought an X Japanese Version. Is it different from regular X ??

Answer 1: X to XS is Just a small minor cpu upgrade and minor antenna fixes making the iPhone bottom speaker/microphone holes assymetrical, if you bought a X from Japan and are planning to use it for commuting using apple pay there, make sure to check the production date, pre2018 iPhone X has a suica gate problems that got fixed with the Rev B iPhone X. iPhone X suica problem

Answer 2: Also, all Japanese iPhones have a different NFC reader, so they won’t work with non Japanese tap and pay terminals and other NFC points, eg on public transit and similar

Yikes, all the good and bad of reddit in one post. The question is a good one but the good natured answers are equally helpful and utterly misleading.

Answer 1 is a little off in that bad iPhone X NFC was not a Suica problem, NFC was unreliable across the board regardless of type (A-B-F) or protocol (EMV, FeliCa, etc.), with iPhone X NFC crapping out completely later on (after AppleCare expired naturally). The Rev B thing was just my made up name for units manufactured after April 2018 with reliable NFC. And even though most people have moved on to newer iPhone models with much superior NFC performance, the big bad iPhone X NFC problem continues to haunt users. For me, with 3 replacements and a lot of headaches, iPhone X was the worst iPhone ever. iPhone X users deserved a NFC repair program but never got one because at the time Apple Pay Express Transit was only available in Japan. Apple at its Tim Cookian worst.

Answer 2 is completely wrong. The poster has no idea what they are talking about. All iPhone models have the same NFC hardware. It doesn’t matter what country the iPhone was purchased in, it all just works in every Apple Pay supported region for all NFC flavors. That’s the beauty of Apple’s global NFC hardware strategy that began with iPhone 8 along with NFC switching savvy Apple Pay Wallet that Android has yet to match…not even Google Pixel.

iOS 16 Apple Pay and Wallet Fine Print Features

iOS 16 doesn’t have many big new flashy features. There is the Dynamic Island for iPhone 14 Pro, which I would love to have but I’m holding on to my iPhone 13 for another year…or two. Fortunately there are plenty of nice refinements for the rest of us without the latest greatest iPhone hardware, Apple Pay and Wallet are no exception. The full list is on the New features available with iOS 16 page. As usual the iOS 16 and watchOS 9 pages for each country are edited to reflect available, or coming soon, “Key Features and Enhancements” for the region balanced against the full spec USA feature set.

An interesting thing about iOS 16 Apple Pay and Wallet is that not all the listed features apply to regular users…at least not at first. Some are behind the scenes stuff for merchants and developers that will take time to land in our Apple Pay Wallet as features we can use. Let’s take a quick look by breaking down the categories.

1) General improvements (for everybody)
Quick access menu: a handy new shortcut menu for all Wallet cards and passes via tapping the More button. The menu varies according to the card feature set. Transit cards like Suica have the most, payment cards without notifications (all Japanese issue payments cards) have the least. It’s a nice tweak most useful as a fast way to toggle individual card notifications on and off. Zollotech posted a video that covers quick access menus for Apple Card and Apple Cash along with an overview of iOS 16 Apple Pay and Wallet option settings.

Apple Pay Order Tracking: announced at WWDC22, this new Wallet button sitting next to the ‘Add’ button seems like a no-brainer: when I order something with Apple Pay I get automatic tracking…nice but I wonder how it will play out. Apple Store app for example already has robust tracking and accepts Apple Pay, so do a lot of other apps. Will they remove the function from their app, offer choice between in-app or Wallet order tracking, or something else? Either way it will be a while before we see merchant updates.

2) Digital key features (for most markets): iOS 15 was the Apple Pay and Wallet upgrade that set the course for the next few years with keys and ID. The iOS 16 improvements are about making adding a key and family sharing easy. Hotel keys are now sharable like car and home keys, gotta let the kids have access and all…though I suspect office keys remain on the un-sharable list.

Key sharing (coming with an update later this year): in addition to Messages and Mail, 3rd party messaging apps such as What’s App will support key sharing. In Japan the only 3rd party messaging app that matters is Line. iOS 16 looks to be the breakout year for keys in Wallet.

Add keys from Safari: more important that it might seem at first, there are plenty of uses for loading a key into Wallet from a time sensitive Safari web page link instead of the usual time wasting mess of downloading an app, creating an account, making a reservation, etc. You know the drill. Digital key issue remains a complex thing that usually requires an app with an account to securely issue a mobile key remotely with set limitations (time, area, etc.). Hopefully adding keys in Safari gives developers easier service options, but connecting identity with access remains a challenge.

It’s important to note that issuing digital keys is only one step of the complex process that allows guests to bypass the front desk. Apple’s announcement certainly does not spell the end of the hotel app as we know it…

It’s a big step toward streamlining a process that has, until this point, prevented many guests from using their phone as a digital room key. But, Wallet only solves one segment of the end-to-end operation required to get a guest checked in and room access issued. The bigger issue is connecting identity with access, which requires many more steps beyond issuing a key.

How Apple’s Newest Features Will Affect Hotel Check-in

The solution to this is the new iOS 16 ID in Wallet features for apps in the next section.

Multi-stay hotel keys: if you stay in the same hotel chain on your trip that already supports Wallet hotel keys, you might have the opportunity to use this feature where you load one hotel key into Wallet that works across all your reservations. Like order tracking I think this one will take time for the major hotel chains to get onboard, and of course the devil is in the check-in/activation details.

Easy device migration for keys: I assume this refers to the Previous Cards Wallet category that came with iOS 15. The iOS 16 features page text blurb suggests a possible UI tweak, but I don’t have any key to test. We’ll have to wait and see.

3) ID in Wallet features (USA only): the next big step for ID in Wallet after getting them out the door is app support. This is where digital ID moves beyond airport TSA security checks and becomes really useful.

ID cards presented in apps and Verify your identity in apps sound exactly the same so you have to read the fine print carefully. ID cards in apps describes 2 specific pieces of information: identification and age, validated by Face/Touch ID. Taking a wild guess, there are plenty of account registrations that only need to confirm your identity and age as part of a signup process. Digital ID can vastly simplify the process.

Verify identity in apps describes ‘verified information’, i.e. more than just ‘I am this person, I am xx years old’. The iOS 16 pages shows a car rental app confirming a user’s driver license status and driving privileges. This has a lot more use (and abuse) potential. The hotel app and key issue verification problem mentioned earlier is exactly what digital ID in apps can help solve. MaaS apps are another example where verification is essential for offering special discounts for seniors, locals, inbound visitors, etc. Reliable, secure and universal digital ID would solve a lot of service problems, but privacy, how does the app use digital ID information, how long is it stored, etc., is always a concern.

Apple Pay features for merchants and developers: It’s a little strange that Apple is listing Merchant tokens and Multiple merchant support on the feature page. These are backend additions to PassKit and it will take time for merchants and the developers they employ to implement them. Both of these expand the Apple Pay experience. For me merchant tokens is the more powerful feature, one that enable reoccurring and auto-reload payments. It could be a boon for subscription services and much easier auto-recharge in apps and transit cards like Suica and PASMO. Auto-recharge is one of my favorite Apple Pay Suica features and it would be great if JR East freed it from the shackles of Suica App and View Card and added Apple Pay auto-recharge.

4) Apple Pay Services (for the USA): aka longtime USA only services: Apple Cash and Apple Card with the new addition of Apple Pay Later…coming later this year. All of these fall squarely in heavily regulated banking services, so don’t expect them to expand beyond the USA any time soon. The iOS 15.5-ish rebranding of iTunes Pass into Apple Account card, now with Wallet reload in iOS 16, should expand more quickly.

As with all recent iOS releases, the fun features comes later on in the life-cycle. I’ll update this post as with new information as the iOS 16 Apple Pay and Wallet story unfolds. Until then have a happy cashless, er, you know what I mean.


Apple Pay Suica recharge security block

JR East online services (Mobile Suica, JRE POINT, Eki-Net), along with many other online services that have accounts with credit cards, have been inundated with phishing attacks since the Russia-Ukraine situation erupted in February. It has gotten to the point that JRE POINT announced temporary security limitations on July 6: a temporary suspension of JRE POINT service recharge for Mobile Suica (via Suica App) and a 5,000 JRE POINT app barcode use limit per transaction (plastic JRE POINT card use remains unlimited). All JRE POINT services were later restored with new security enhancements.

There is another security limitation Apple Pay Suica users need to be aware of: credit/debit card recharge security block. This does not apply to cash recharge at station kiosks, convenience stores, 7-11 ATM, etc., but it can happen with multiple credit card recharges in a short period of time, i.e. heavy users. Unfortunately JR East does not reveal what conditions trigger a recharge security block that displays an error message: チャージをご利用できない状態です/ Recharge is not available. The Mobile Suica support page specifically states that JR East “cannot inform you about the conditions and contents of restrictions.” User reports suggest a general daily recharge limit between ¥5,000~¥10,000, however I think it also depends on the credit card issuer. My JR East JCB VIEW card for example has never run into any recharge limits in 5 years of heavy recharge use.

Apple Pay Suica recharge security block appears to be somewhat rare, but it is happening more with the recent Mobile Suica phishing attacks. In general Wallet app recharge tends to be more robust than Suica app recharge but security recharge block seems to affect all credit card recharge. The only user recourse appears to be contacting the card issuer or using the Mobile Suica member online Trouble Report Form (Japanese only). No word on Apple Pay PASMO but users should expect the same situation.

Mobile Suica registered account information can only be changed in Suica (iOS) and Mobile Suica (Android) apps by applying for an account update, it cannot be directly changed in the app, it cannot be changed via a web browser. This offers a level of account security but too many people fall for phishing emails. Even my internet savvy partner fell for a Mobile Suica phishing mail and have to get his credit card reissued.

The short term solution for JR East is to implement 2FA across all of their online services with a single login ID credential instead of the multiple service ID account mess we have now…hopefully soon. The longer term solution will be eliminating ID and password login altogether using Passkeys.

Recharge your recharge, the winner/loser debate doesn’t mean jack in the post-Apple Pay Japanese payments market

I love articles like this one. It’s fun examining how the writer, freelancer Meiko Homma, takes old news bits, worn-out arguments and weaves them into a ‘new’ narrative with a titillatingly hot title: “QR Code payments won the cashless race, Suica utterly defeated.”

Her article trots out some QR Code payment usage data from somewhere, the PASPY transit card death saga that illustrates the increasingly difficult challenge of keeping region limited transit IC cards going, the fact that Suica only covers 840 stations out of a total of 1630, all while conveniently ignoring recent important developments like the Suica 2 in 1 Regional Affiliate program, and big updates coming in early 2023: Cloud Suica extensions and the Mobile ICOCA launch.

It has the classic feel of ‘here’s a headline, now write the article’ hack piece passing as industry analysis we have too much of these days. The Yahoo Japan portal site picked it up and the comments section was soon full of wicked fun posts picking apart the weak arguments.

I’ve said it before and say it again: the winner/loser debate doesn’t mean shit in the post-Apple Pay Japanese payments market. PayPay for example, started out as a code payment app but has added FeliCA QUICPay and EMV contactless support along with their PayPay card offering. Just like I predicted, these companies don’t care about payment technology, they just want people to use their services. My partner and I actually see less PayPay use at checkout these days and more Mobile Suica. Why?

The great thing about prepaid eMoney ‘truth in the card’ Suica, PASMO, WAON, Edy, nanaco, is they are like micro bank accounts coupled with the backend recharge flexibility of mobile wallets (Apple Pay, Google Pay, Suica App, etc.). PayPay, au Pay, Line Pay and similar Toyota Wallet knock-off payment apps with Apple Pay Wallet cards, are deployed as mobile recharge conduits that smart users leverage to put money into different eMoney micro bank accounts and get the points or instant cashback rebates they want to get at any given campaign moment. This is where the action is.

And so we have recharge acrobats like Twitter user #1: step 1 recharge PayPay account from Seven Bank account, step 2 move recharge amount from PayPay Money to PayPay Bank, step 3 move recharge from PayPay Bank to Line Pay, in Wallet app recharge Suica with Line Pay card. Or like recharge acrobat Twitter user #2: Sony Bank Wallet to Kyash to Toyota Wallet to Suica.

Phew…none of this involves transfer fees so it’s up to user creativity to come up with the recharge scenario that works best for them. Does it count as PayPay use or Line Pay use or Mobile Suica use? Does it matter?

It’s not about winners or losers, it’s about moving money around. Mobile Suica is extremely useful because of it’s recharge backend flexibility, thanks to Apple Pay and Google Pay (which does not support PASMO yet). This is the case for US citizens working in Japan who get a great return of their Suica or PASMO recharge right now using US issue credit cards because of the exchange rate. This is something visitors to Hong Kong cannot do with Apple Pay Octopus as the OCL recharge backend is far more restrictive than JR East. The biggest gripe users have with Suica is ¥20,000 balance limit.

In the weeks to come we’ll be sure to see hand wringing articles debating the future of Suica, open-loop, etc.,etc., because let’s face it, IT media journalists need something to write about in these challenging times where everything has to be sold as winner/loser, black/white, 0 or 10, and nothing in-between, to get any traction at all. As for me, I think it’s far more interesting, and real, to observe how users are using all these nifty mobile payment tools.

UPDATE 2022-07-04: Thoughts on the KDDI network outage
That was fast. No sooner had the “QR Codes won the mobile payments race” article appeared when major Japanese carrier KDDI experienced a nationwide mobile network meltdown on July 2 JST, lasted a full day with a very slow, still in progress, recovery affecting more than 40 million customers. Suddenly social media channels were full of people complaining that QR Code payments didn’t work, assuming that Mobile Suica and other NFC mobile payments stopped too. Which was not the case though a few fake posts claimed, or just ‘assumed’ people were stranded inside stations. Fortunately there were numerous online articles setting the record straight.

It’s a lesson that people soon forget in our attention span challenged social media era. We saw plenty of QR Code payment downsides in the 2018 Hokkaido Eastern Iburi earthquake that knocked out power and mobile service across Hokkaido. At the time some fake Chinese social media posts claimed AliPay and WeChat pay ‘still worked’ in Hokkaido at the time, of course they did not.

Mobile payment disruptions happen with every natural disaster and war. Good and safe practices don’t come easy when smartphone apps lure us down the easy path without spelling out the risks. It’s a lesson we have to learn again and again, that while network dependent code payment apps have some benefits, they also have limits and security risks. One size does not fit all, NFC and code payments each have their place and role to play in the expanding mobile payments universe. The key is understanding their strengths and weaknesses.

Cashless is fast and convenient? Point app mania reality check

My partner wanted to pick up some cheap t-shirts on bargain sale at Uniqlo yesterday. The Asagaya station building Beans shopping mall has all the latest cashless options but very bad network service so Uniqlo checkout was a comedy routine. First he brought up the Uniqulo app to get Uniqlo points, then I brought up my JRE POINT app to earn JRE POINT, then he finally paid with QR Code dBarai (docomo). But for each app launch and load we had to run to the store entrance to capture enough network connection for the apps codes to load. The staff is very used to this and suggest customers do so when apps didn’t load, patiently folding clothes while they run back and forth. I asked the cashier if this happens all the time. She smiled and nodded. “Cash is probably faster isn’t it?” She smiled and nodded.

Gosh, just when we thought cashless was going to free us from the so called inconvenient drudgery of cash along came smartphone reward point apps that bog down the whole cashless checkout experience, neatly killing off the supposed time saving advantage. You stand in line while the checkout customer fiddles with smartphone, digging around in an app to find the right coupon code thing. You feel smug until it’s your turn and the networks sucks, the discount coupon doesn’t load and bam, you’re holding up the line too. It has gotten to the point where Nikkei XTECH has provided an Apple Pay help article for faster checkout that explains the benefits of using Apple Value Added Services. Will Apple Pay VAS dPoint and Apple Pay VAS PONTA really help us? Probably not as they only work at LAWSON.

There is another checkout trend I see recently. With price increases everywhere people are using cash a lot more, even at places like in-station Beck’s Coffee Shop. Every customer has a Suica but more young people are keeping it in their pocket and plucking down ¥10,000 yen notes for ¥300 ice coffee. Why? I think it’s Kakebo culture at play, it’s easier to budget with cash payments and the small slightly inconvenient physical routines that accompany it. It’s not about doing everything with cash, but good old tsukae-wake compartmentalization helps keep focus and tamps down the impulsiveness when doing everything cashless. Another way of spreading the risk in these uncertain times.