Apple Pay Enhanced Fraud Prevention (updated)

Apple Wallet VISA card users report receiving ‘Enhanced Fraud Prevention’ notifications today that outline changes how Apple shares ‘fraud prevention assessments’ with payment card networks based on analyzed information from user Apple Pay transactions (purchase amount, currency, date, location, very likely more). The changes seem to apply to web and in-app purchases.

Apple has been doing most of this already. The new Apple Pay and Privacy text expands upon earlier iOS user guide text: If you have Location Services turned on, the location of your iPhone at the time you make a purchase may be sent to Apple and the card issuer to help prevent fraud. Perhaps Apple is changing ‘may be sent’ to ‘will be sent’.

Enhanced Fraud Prevention might cause problems for some Apple Pay users when people start traveling again as in-app purchase is used for adding money to transit cards. There have already been a few very recent and odd, ‘I can’t use my home issued Apple Pay card to recharge PASMO’ complaints on social media from inbound visitors. Until now this kind of thing has been unheard of for Apple Pay Suica•PASMO users. A new complication to keep an eye on going forward. So far Wallet Enhanced Fraud Protection notifications only seem to be going out to VISA card users. Why and why now?

Because it’s starting with VISA with the focus on web and in-app payments, my first thought was this is partly a response to bad publicity from the silly VISA-centric ‘Apple Pay Express Transit has been hacked!‘ story that make the rounds last October. The new Apple Pay and Privacy text outlines how the new policy applies to various Apple Pay operations: adding a card, paying with Apple Pay, using transit cards, etc.

QR Code payments in Wallet are also referenced. The official mention may indicate the long in development feature will finally see light of day, perhaps iOS 15.5, we shall see. The text says, “When you make a payment using a QR code pass in Wallet, your device will present a unique code and share that code with the pass provider to prevent fraud.” If Apple Pay delivers native device generated QR code payments without a network connection, just like all Apple Pay cards to date, it would be quite a coup.

The notification privacy text is worth reading. As of this posting the Apple Pay & Privacy web page has not been updated with Enhanced Fraud Protection information.

2022-04-22 Update
Some clarity on the reasons and timing of Enhanced Fraud Prevention: Wallet notifications went to VISA card users in various Apple Pay regions (US, Japan, Australia and more) the same day Apple switched the Apple Cash card brand from Discover to VISA debit. Kissing the Green Dot Bank/Discover backend goodbye for VISA is the smart thing to do as Apple can finally take Apple Cash international. Enhanced Fraud Prevention had to be in place first for that to happen.

VISA Japan and Apple still at odds over VISA Touch debit cards

Mastercard but no VISA

The April 19 launch of SBI Neobank Mastercard debit card support for Apple Pay was a bit unique: the first time that a plastic issue Japanese debit card came to Apple Pay and the first Apple Pay Japan debit card supporting the FeliCa iD payment network. Another interesting aspect is that only the Mastercard version supports Apple Pay, the VISA version is plastic only with VISA Touch (EMV contactless) support.

There are plenty of bank app issue digital only debit cards from JCB, Mizuho, MUFG and others on Apple Pay. These all work on JCB’s QUICPay (FeliCa) and J/Speedy(EMV) payment networks. Apple Pay Japan supports many different mobile payment network cards thanks to Mobile FeliCa support, by far the largest selection of Apple Pay payment networks in the world: EMV (VISA, Mastercard, AMEX, JCB), iD, QUICPay, Suica, PASMO, nanaco, WAON. But VISA issue debit cards are not supported even though there are many, not a single one on Apple Pay.

Wasn’t this taken care of by the May 2021 Apple and VISA JP agreement? For credit cards yes, one year later they are still at odds over FeliCa support in debit cards. VISA Japan brand debit cards are VISA Touch EMV contactless exclusive, single mode cards. VISA JP credit cards are dual mode EMV/FeliCa for plastic and smartphones, but not debit cards. We don’t know the reason but debit cards deifintely fit the budget customer category while credit cards come with credit checks, perks and card membership fees for upscale cards.

As an easily available budget card, VISA cuts costs by dumping the dual mode EMV/FeliCa IC chip and transaction fees for the convenience of using FeliCa iD/QUICPay payment networks. In other words VISA keeps all transaction fees for themselves while marketing the shit out of VISA Touch as the greatest thing since…whenever.

All of the other card brands in Japan have dual mode NFC as standard. Not VISA, they’re playing the long game of eliminating FeliCa payment network competition. This stupid polarizing single flavor NFC position only served to give QR Code payment networks (PayPay, Line Pay, etc.) a huge opportunity that they smartly played. End result: more payment network competition than ever before.

Apple on the other hand has a very simple rule for all Apple Pay Japanese issue cards: they must support FeliCa and all EMV cards are global NFC dual mode. Was this the price for adding FeliCa support to Apple Pay? Perhaps, I think it’s more to do with the Apple Pay vision of removing complex and confusing hardware choices, the Google Pay Japan mess, for standard ‘just works everywhere’ NFC. Has this been successful? Very...just ask Suica.

USA transit fare system evolution

Reece Martin posted an interesting video, So you built the wrong transit system, that examines the American penchant for building cheap light rail systems that don’t make long term sense. Public transit is a waste of money to Americans with money, so cheap is only way to fund and build public transit infrastructure. The problem is this cheap short term thinking costs more money in the long run. It’s a ‘one size fits all’ mentality.

But as Reece points out, systems can evolve from humble beginnings. Many private Japanese rail lines started out as street trams (that evolved from horse trams) but evolved into the heavy duty regional rail lines we have today. Fare system have evolved too, from paper, to mag strip, to IC smartcard and now mobile devices.

Transit fare systems in America suffer from the same short term cheap thinking, on full display on the MTA OMNY system, the world’s first EMV only open + closed loop fare system. When it’s completed in 2023, barring more delays, MTA will have farmed out every aspect of their fare collection and OMNY transit card issue to banks.

Not to rehash points I already made about OMNY, but Reece’s wrong transit system analogy struck a chord. And unlike rail system evolution, once the transit fare system in locked into the bank payment card infrastructure, from technology (EMV) to payment network processing (VISA, mastercard, AMEX, etc.), it will be extremely difficult, if not impossible to change anything later on.

But why is America so short sighted when it comes to public transit, never investing in a long term self-sustaining viable business model? I ran across an interesting take that explains it neatly. The USA will never have a transit platform business because public transit is a welfare and jobs program, not a self-sustaining business model:

Public transportation in the US is generally very bad and very heavily subsidized. It’s cheap because extremely little service is being run, and the government picks up most of the bill.

Public transportation in the US is less of a way normal people get around, and more of a welfare program and jobs program. Even in places where public transportation is a way normal people get around, e.g., NYC, it is run more like a jobs program than an essential public service.

Reddit user Sassywhat

Open loop fare systems are also vulnerable in new ways nobody predicted: imagine the mess if payment networks go down in a cyberwar, à la the Moscow metro when digital wallets and bank payment card networks were suddenly and omniously turned off. In the case of OMNY where, unlike Moscow metro, everything is EMV payment networked…there is no backup in-house payment settlement system, there is no plan b.

In other words not only is OMNY EMV one size fits all. it’s all or nothing.

Express Transit Chronicles: tight pants and other Face ID fuckups

Express Transit is the best and most natural way of using Apple Pay. It first came to iPhone with Mobile Suica in 2016, expanding incrementally until finally going wide with iOS 15 Wallet. Suica has been around so long in Tokyo that younger generations don’t know anything else, it’s ubiquitous. Used global NFC iPhones and Osaifu Keitai are ubiquitous too so there are a lot more people using Mobile Suica, and complaining about it.

Mobile Suica complaints aren’t a bad thing. All those bad Suica App reviews on the App store and complaints on Twitter mean that people use Mobile Suica enough to download Suica App, register an account, use it, then go online and complain. It’s a gold mine of information, invaluable feedback telling us what trips users up at transit gates, a user base with 15 years of mobile transit experience. Any transit operator looking to implement good mobile transit service would greatly benefit from studying strengths and weaknesses of Mobile Suica, the worlds largest, oldest and most widely used mobile transit card service. Unfortunately nobody bothers to do so.

Tight pants + face masks = Face ID fuckups
As always, most Apple Pay Suica problems boil down to Face ID issues that disable Express Transit. Mobile Suica support even has a dedicated help post it puts out regularly. Face/Touch ID and Express Transit are joined at the hip. When Face/Touch ID is disabled, Express Transit is also disabled, a passcode is required to turn them on again. From the iOS 15 user guide: you must always enter your passcode to unlock your iPhone under the following conditions:

  1. You turn on or restart your iPhone.
  2. You haven’t unlocked your iPhone for more than 48 hours.
  3. You haven’t unlocked your iPhone with the passcode in the last 6.5 days, and you haven’t unlocked it with Face ID or Touch ID in the last 4 hours.
  4. Your iPhone receives a remote lock command.
  5. There are five unsuccessful attempts to unlock your iPhone with Face ID or Touch ID.
  6. An attempt to use Emergency SOS is initiated.
  7. An attempt to view your Medical ID is initiated.

You might think a passcode unlock is always the same, however there are surprisingly different Express Transit results at the gate show in the following video clips.

  • The first video shows Express Transit in normal action when Face ID (or Touch ID) and Express Transit mode are on. This is exactly what Suica users expect at transit gates and store readers. When it doesn’t work like this every single time, they complain.
    The second video shows a passcode request after restarting iPhone (#1), not something that would happen in real world use but I wanted to show the different kinds of passcode requests.
  • The third video is the most common one: the Apple Pay screen appears with a passcode request (#5-five failed Face ID attempts when wearing a face mask), this is exacerbated by Face ID Raise to Wake which is why I recommend that Face ID users turn it off when wearing face masks. There is a similar but separate issue when a user inadvertently pushes the side buttons (#6-emergency SOS • iPhone shut down), this happens more than you might think because side buttons are easily pressed when iPhone is in a tight pants pocket, especially when iPhone is in a case which is pretty much everybody.
  • The last video shows manual Apple Pay card selection and authentication when an Express Transit is not set, this is also how Apple Pay works on open loop transit systems without Express Transit support such as Sydney’s Opal.

An interesting side note about Japanese transit gate reader design UI. The blue light NFC reader hit area not only makes a great big visual target, it tells us the gate is ‘ready and waiting’. Notice how the blue light goes off when the reader is busy with a card transaction, then blinks on again ready and waiting for the next card. Watch the above videos carefully and you’ll notice the blue reader light stays lit with every false read attempt. Only when the correct card is brought up does it blink off and complete the transaction. When there’s a real problem the blue light changes to red.

This is simple, clever and user friendly design as your eyes are naturally focused where your hand is but you don’t see the design anywhere else except the new OMNY system readers. Copying the Japanese gate reader UI design is a smart move by Cubic Transportation Systems and MTA but their LED screen NFC hit area combo design appears to be somewhat fragile. The green ‘GO’ might seem like a nice touch but I suspect it subliminally makes a use wait for it. More feedback isn’t always better. Every millisecond wasted at the transit gate is a bad design choice.


Fixing Face ID
iPhone users in America only became aware of Face ID shortcomings thanks to COVID face mask mandates. Yes Virginia, Face ID sucks with face masks and Express Transit users in New York and London came face to face with issue #5: five successful Face ID attempts disables Face ID and Express Transit. It got so bad that MTA pleaded with Apple to ‘fix Face ID’. Apple dribbled out some Face ID “fixes” that didn’t fix very much.

iOS 13.5 introduced a Face ID with face mask passcode popup tweak that didn’t make passcode entry any easier and certainly didn’t fix Face ID use with a face mask. People quickly forgot about it.

iOS 14.5 introduced Unlock iPhone with Apple Watch that was widely ballyhooed by tech bloggers but real world use was a different story:

I find it fails me too often on the daily commute and in stores, usually at the very moment I need to launch dPOINT or dPay apps at checkout. I also get the feeling that Apple Watch battery life takes a hit too… If it works for you that’s great, but the Unlock with Apple Watch end user experience will be all over the place.

Also telling was that online Face ID/Express Transit complaints continued to grow despite the iOS 14.5 feature. Unlock with Apple Watch is a one trick pony, it unlocks a Face ID iPhone when a mask is detected, nothing more, no Apple Pay, no Face ID fix.

iOS 15.4 introduced Face ID with a mask for iPhone 12 and later. This is the first true fix for using Face ID with face masks, finally doing all the work Face ID does from unlocking iPhone to authenticating Apple Pay and apps. It’s not perfect as it doesn’t fix Face ID for earlier iPhone X-XS-11 models, and there are trade offs as it reduces Face ID security for the convenience of keeping your face mask on. In my experience Face ID with a mask on iPhone 13 Pro is certainly an improvement but slower and less successful than using Face ID without a mask. Face ID with a mask is also somewhat quirky. It doesn’t like strong backlighting, some users report frequent ‘look down’ requests depending on the their type of face and glasses.

Now that Apple has a focused Face ID with face mask roadmap that restores the Face ID Apple Pay experience, we can ignore all that mushy ridiculous Touch ID + Face ID dual biometric iPhone talk. Expect Apple to focus on improving Face ID with a mask performance on legacy Face ID on iPhone 12 and 13 in future iOS updates and delivering phenomenally better Face ID technology in future iPhones.

Super Suica Cloud

A Japanese friend once told me that when Suica first came out, young people in Tokyo sent Suica cards to hometown families to use for coming to Tokyo. But parents and grandparents sent them back saying, “we can’t use them,” even when they could use them in their local area.

What they were really saying was, ‘Suica doesn’t get us the same transit perks we do using local paper tickets or mag stripe cards.’ There has long been a huge gap between transit services available in major cities which ‘don’t work’ in one way or another for those in outlying areas.

That’s the challenge facing the Japanese transit IC card system. Being able to use a Suica or ICOCA transit card in the sticks isn’t enough, local region services must be attached to make it worthwhile for people living outside major city areas. Transit IC has to evolve if it is going to be useful in the mobile era with proliferating smartphone payment apps vying for a piece of the national transit pie.

Now that we have a clearer vision of how Suica 2 in 1 Region Affiliate cards address this problem and how they are central to JR East’s MaaS strategy, it’s time to look at evolving JR East cloud services and how they fit into that strategy. There are a number of new cloud service parts that have come on line over the past year, or are coming soon…some visible, some not.

Taken together they comprise what I call ‘Super Suica Cloud’ following my earlier definition of Super Suica: a collection of mobile focused transit and payment infrastructure services that can be shared with or incorporate other company services, or be hosted by JR East for other companies. MaaS is an elastic term that holds a lot of flashy concepts, but I think JR East is aiming for something more low-key but practical, a Japanese Multimodal MaaS if you will.

The immediate concrete end-goals are service expansion with cost reduction; elimination of duplicate or proprietary dedicated infrastructure in favor of open internet cloud technology. With that in place the next goal is tight integration of transit payment services that work everywhere but also deliver tailored services for local regions. Let’s examine the parts.

Mobile Suica
People assume that Mobile Suica does everything mobile, but basically it’s a station kiosk in the sky. Put money in for a transit card, put money in for a recharge, or a commuter pass, a day pass, and so on. Issuing, recharging and managing Suica cards on mobile devices is what Mobile Suica was built for.

As the world’s first mobile transit card service, Mobile Suica has made a lot of progress over the years expanding support to include Android, Apple Pay and wearables, but the work isn’t done until any mobile device from anywhere can add Suica. And since Mobile Suica hosts Mobile PASMO (launched in 2021) and almost certainly the forthcoming Mobile ICOCA (coming early 2023), getting those on an equally wide digital wallet footing is just as important.

As the face of all things Suica on mobile devices, the smartphone app could have many more things plugging into it, like Hong Kong’s Octopus App. So far however, JR East has chosen, wisely in my opinion, to keep it limited to basic housekeeping, breaking out ticketing and MaaS functions to separate apps.

Suica Fare Processing • JESCA Cloud
This is the traditional Suica network system centerpiece that locally processes touch transit stored fare on station gates and touch e-Money payments in stores. The station gate fare side is getting a major new addition in 2023 with a simplified cloud based Suica transit fare network rolling out to 44 Tohoku area JR East stations. This new Cloud Suica area closely aligns with Suica 2 in 1 Region Affiliate cards launching this year.

Cloud Suica 2023 additions (Orange) and Suica 2 in 1 cards below

The store payment side also has a simplified cloud based FeliCa payment network and a name: JESCA-Cloud. System details are vague but Cloud Suica transit fare and JESCA Cloud store payments appear to do the same thing: move transaction processing off local hardware and onto the cloud. Fast processing time is very important at transit gates, Suica tap times are the fastest out there. Those familiar with the Suica system say Cloud Suica will spilt it 50% local processing / 50% cloud processing. Dumber terminals, smarter cloud that still offers great Suica service…we hope.

One difference Cloud Suica has from a similar effort by JR West for ICOCA, is that Cloud Suica supports all the standard Suica features like commuter passes that cloud ICOCA does not. An interesting side note is that JR East hosts the processing for JR Central’s TOICA transit card network, they can certainly put the new Cloud Suica backend to good use expanding TOICA coverage in rural lines like the Minobu line.

ID Port
Comb through recent JR East press releases and you’ll find 3 service announcements built around ID PORT, a “cloud based ID verification solution” from JREM (JR EAST MECHATRONICS CO., LTD), the company that builds Suica infrastructure.

  • Maebashi City TOPIC MaaS service (November 2020): Local MaaS discount services provided by TOPIC that use Suica with My Number card address and age to verify eligibility:
Maebashi City TOPIC MaaS service links Suica and My Number Card to unlock services
(Japanese Railway Engineering January 2022, No.215)
  • Suica Smart-Lock (December 2021): registered Suica card access a variety of access services provided by ALLIGATE:
CyclunePedia bike parking

All of the announcements have 3 components: JR East (Suica), JREM (ID-PORT), 3rd party services attached to Suica using ID-PORT as the system glue. Most of these are either in testing or ‘coming soon’. What is ID-PORT?

ID-PORT is explained on the JREM site, but the first public mention in an NTT Data PDF document from November 2020 is more revealing: “The Open MaaS Platform and supporting Multimodal MaaS”. The JR East Suica MaaS strategy is outlined with various scenarios that indicate ID-PORT is the JREM side with MaaS services on the NTT Data side. In other words a co-venture.

NTT Data Journal: A multi-model open MaaS platform

The job of ID-PORT is that it acts as the middle man ID verification glue linking a registered Suica (or similar Transit IC card) with various 3rd party services such as special ticketing, access and discounts.

The interesting thing about the ID-PORT and NTT Data MaaS platform reveal is that the timing exactly coincides with Sony’s release of FeliCa Standard SD2, the next generation FeliCa architecture used for Suica 2 in 1 cards. One of the little discussed new SD2 features is ‘FeliCa Secure ID’. Here is Sony’s diagram of how it works.

Sony FeliCa Standard SD2 FeliCa Secure ID

Look familiar? Yep, ID-PORT sure looks like FeliCa Secure ID in action. The JREM ID-PORT page is more rounded out, incorporating non-FeliCa ID verification methods like QR and bio-authentication and many different services. ID-PORT has already been added to JESCA-Cloud and CardNet so that linked services are widely available on store payment terminals, not just Suica transit gates. In sum it represents MaaS and Account Based Ticketing in action with ID-PORT at the center.

JREM ID-PORT

MaaS and Account Based Ticketing in action
MaaS and Account Based Ticketing are the new hotness now that people realize open-loop doesn’t solve everything as banks and card companies want us to believe. Fare Payments Platform provider Masabi explains it this way:

Account Based Ticketing (ABT) shifts the fare collection system from being ‘card centric’, meaning the ticket holds the journey information and right to travel, and moves this to the back office. Moving the ticket information to the back office holds a number of benefits. It means passengers no longer need to buy a ticket or understand fares to travel and instead they use a secure token, typically either a contactless bank card, mobile phone or smartcard.

In this scenario FeliCa Secure ID is a secure token, ID-PORT is the secure token platform using the secure token to link ticketing and services together. That sounds nice but when will we see it in action? I think we already are.

Eki-Net 2 Account Based Ticketing
As explained above, ABT attaches tickets from the cloud to a secure token, in this case Suica. By this definition Eki-Net 2 Shinkansen eTickets represent JR East’s first step into ABT ticketing. Eki-Net uses registered accounts and credit cards purchase and attach eTickets to Suica. These eTickets do not use Suica prepaid stored fare nor is any eTicket information written to the Suica card, the eTicket system uses Suica as a secure token. JR Central smart EX is a similar ABT service and let’s not forget the web-only multi-lingual JR-East Train Reservation service that provides some ABT ticketing for inbound visitors.

Will JR East ABT implement the ‘no longer need to buy a ticket’ part of the Masabi ABT vision? I doubt it. Shinkansen eTickets are much lower ABT hurdle: lower passenger volume on far fewer transit gates than regular Suica gates. The complexity of interlocking non-Shinkansen Japanese transit systems and the vast array of fare schedules, such as higher paper fares vs cheaper IC fares, don’t easily straitjacket into an open-loop or ABT fare box, and it doesn’t fit the JR East business model.

Suica 2 in 1 region extras
There are services besides ticketing attached to a ‘secure token’ Suica. One of the important things easy to miss in the Suica 2 in 1 rollout are extra region features not available in regular Suica. Disability Suica cards for example. These are finally due to launch on Suica and PASMO cards in October 2022, but disability Suica 2 in 1 cards are already available in region affiliates.

There are also region affiliate transit points, one of the services that ID-PORT is advertising for JR East MaaS. Transit points all ‘just work’ automatically the same way. Points are earned from recharge and transit use and automatically used as transit fare. The user doesn’t do anything except tap the bus card reader. No registration, no setup. I wish JRE POINT had an option to work this way.

Transit points mimic the scheme of old regional transit mag strip card like Nishitetsu that gave ¥1,100 with a ¥1,000 recharge. Those features were popular (automatic simplicity in action again). PayPay used a similar strategy to quickly build a large customer base but pissed everybody off later as they got big and started changing bonus rate returns like used underwear. That won’t happen with Suica 2 in 1 cards as region transit points are locked in by local government subsidies to the region affiliates.

Streamlined simplicity, integration, regionality
Despite the la-la-land promise of MaaS and Account Based Ticketing, the ‘just works’ angle is crucial for people to actually use it. One of the current problems with Mobile Suica, Eki-Net, JRE POINT and the MaaS services JR East advertises is that is each service is a separate app + registration + attach cards process. This needs to be streamlined into a single simple JR East sign-on service option like Sign in with Apple that works across multiple services. I suspect ID-PORT is the glue between Mobile Suica and JRE POINT that keeps those registered services automatically linked even if the Suica ID number changes. A good sign because the JR East cloud needs a lot dynamic linking.

There is also the larger problem of integration outside of JR East, such as the current state of multiple online ticketing services; Eki-Net for JR East, EX for JR Central, Odekake-net for JR West, and so on. It would bet great to have a common app that plugs into every online ticketing service. At the very least JR Group companies need to integrate eTicketing the same way they have always integrated paper ticketing for one stop service in their own apps.

The bigger question is do Super Suica Cloud parts (ID-PORT / Mobile Suica / Cloud Suica) scale beyond JR East to include other JR Group companies (JR West, JR Central, etc.) and potential region affiliates nationwide? If increased services with reduced costs is their MaaS goal, JR East needs to step up to the plate and share. Infrastructure sharing with backend integration is the only way forward for all. Japanese transit has always excelled at physical interconnection, the cloud service side needs the same level of interconnectedness.

There are cultural angles too. Japanese have a passion for hunting down local perks, bargains and discounts. People complain about Eki-Net (deservedly) but they sure scramble and swamp the system getting those time limited discount eTickets like crazy pre-COVID era Black Friday midnight Christmas shopper crowds rushing into the store.

There is also the traditional cultural value of promoting local economies. As the saying goes, cities are only healthy in the long term when local economies are healthy too. If JR East is really serious about promoting regional MaaS, they’ve got to aggressively offer linked services that clearly promote regions. There are many region programs that visitors are simply not aware of. JR East can do a lot simply linking them to discount coupons, limited offer eTickets and such that appeal to the bargain hunter Japanese mind. The key is being creative and nimble like QR payment players.

The JR East MaaS region affiliate strategy was conceived long before the COVID crisis, yet COVID also presents a golden opportunity to invest in regions and promote working remotely. The world has changed and transit has to change too, the biggest risk is doing nothing, staying with the status quo. The emerging Japanese MaaS vision is unique in that Japan has a golden opportunity of leveraging the national Transit IC card standard into something new, taking it into the next era…if old rivalries and sectarian interests don’t get in the way and blow it, that is. Either way the next few years will be a very interesting time for Japanese transit.


Some related posts
Super Suica Reference
Suica 2 in 1 Region Affiliate List
Suica 2 in 1 mobile challenge