Contactless Payments White Paper

The Secure Technology Alliance White Paper Contactless Payments: Proposed Implementation Recommendations is an interesting read, not only for what it says but for finding out what’s on the collective mind of the credit card industry.

Here is a quick summary…
<with comments>

About the Secure Technology Alliance
The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT)

<forget all the other shit, Secure Technology Alliance is a credit card EMV promotion society>

2.2 Contactless Acceptance Terminal Considerations
Contactless payments are not new. Contactless payments relying on magnetic stripe data (MSD) have been available since 2005. However, as the U.S. transitions to EMV, some payment networks are no longer recommending contactless MSD solutions. Moreover, some EMV contactless cards are being deployed without contactless MSD support, which can cause interoperability issues or cause a transaction to be terminated and processed using the EMV chip or magnetic stripe.

<contactless MSD is a crappy half-assed stopgap standing in the way of progress that nobody uses except Samsung Pay, get rid of it already>

2.2.4 Recommendations Figure 1. Enabling a Contactless Terminal at the Checkout

• Contactless terminals should be customer-facing
<duh>

• Customers should not need to tell cashiers how they intend to pay
<in a perfect world NFC is EMV contactless exclusively without complications from annoying FeliCa or MIFARE and credit card companies are the de facto treasury departments for all advanced nations of the world>

• The contactless terminal should always be switched on and ready to use; the cashier should not need to switch it on
<WTF, this is a recommendation?>

• The cashier should not need to enter the amount twice; the amount should be automatically displayed on the terminal

<oh I get it now, we’re talking about American cash register infrastructure>

2.3 Cardholder Experience: Different Contactless Form Factors
When performing contactless transactions, consumers already use a variety of form factors—contactless cards, mobile wallets on phones, wearables (such as watches, rings, or key fobs)—and there may be additional options in the future. While the “tapping” procedure to initiate the transaction should be the same regardless of form factor, other consumer behavior may not be consistent, especially when using a wallet on a mobile phone.

<I see, smartphone wallets with their own secure authentication are a problem, contactless credit card things with 4 PINs and meaningless terminal signatures are not a problem>

Transactions initiated using a mobile phone involve a two-step process: first, the wallet is activated (using an authentication method such as a biometric,4 PIN, or pattern); second, the phone is placed in proximity to the POS device for the contactless read.

Generally, however, the authentication mechanism used as the cardholder verification method (CVM) will be the consumer device cardholder verification method (CDCVM). CDCVM uses a mobile phone’s passcode or biometric user authentication to verify the cardholder for a payment transaction, removing the need for the cardholder to enter a PIN or provide a signature. Such use can result in an inconsistent consumer experience; sometimes a cardholder may be required to provide a PIN or signature on the terminal (for example, if the contactless terminal does not support CDCVM) and sometimes no verification will be required. However, as consumers become more familiar with the process and as older terminal functionality is replaced with newer technology, there should be fewer inconsistencies. In addition, note that, at this time, some networks may not support CDCVM with their U.S. common debit AID, which may result in inconsistent consumer experience for debit transactions.

 <blah, blah, blah, in other words credit card companies and payment networks will do as little as possible to clean up their own mess and blame somebody else for their problems, what else is new>

3.3 Contactless POS Infrastructure and Acceptance
Contactless acceptance is a major trend globally, with a significant percentage of POS terminals supporting contactless. The following are some key published market statistics:
• According to Juniper Research18 (Figure 5, Figure 6), 31.6% of all terminals in service in North America are contactless; North America accounts for 19.6% of the global installed base of contactless POS terminals.
• Visa has reported that, as of September 2017, 40% of U.S. face-to-face Visa transactions today occur at contactless-enabled locations, that a growing percentage of merchants are enabling contactless.

<wait a minute, what about that North America 19.6% figure? Contactless POS Terminals in Service as a Proportion of All POS Terminals: Asia: 43.6%, Western Europe: 14.3%, North America: 19.6%, we don’t want to talk about context here do we? Too embarrassing>

And the grand finale:

3.5 Open Loop Contactless Payments in Transit
Transit agencies are moving, or considering moving, to open payments with next generation fare payment systems—that is, credit and debit payments made using contactless EMV devices at transit points of entry (e.g., at fare gates, on buses)— to supplement traditional closed-loop acceptance. As noted in Section 2.5, consumer use of contactless payments for transit can help drive incremental transactions and top-of-wallet status for cards. Issuers contemplating transit as a factor in their contactless decisions should be aware that the specific timing for implementing transit open payments within a given region can have some uncertainty. In addition to the schedule impact of procurement and implementation timeframes, issuers should note that transit agencies interested in open payments may also consider the current state of contactless issuance and other relevant factors in their decision- making process.
Other relevant considerations include the following:
• As the market for open payments in transit is still emerging, the content of the authorization/settlement messages sent from different agency back-end systems may not be consistent.
• Transit merchants may require functionality that addresses transaction times and risk, such as offline data authentication (ODA) and/or deferred (or delayed) authorization.

<translation: credit card companies are falling over each other to get into transit and sucker convince transit operators into junking closed ticketing systems. Credit card companies have no interest in ticketing infrastructure outside of skimming their take. Let transit operators spend tax payer money doing all the back-end work and dealing with problems. Let them deal with transit user ire over slow EMV contactless transactions at overcrowded transit gates or when credit cards are de-activated in mid transit.>

What a sweet deal.

Advertisements

Value Capture and the Ecosystem of Transit Payment Platforms

AppleInsider Daniel Eran Dilger’s very long editorial Apple Services and the ecosystem of value capture has an interesting bit at the beginning:

The term Value Capture applies to rail and transit operators that are given the rights to develop the land around their stations. America’s intercontinental train routes were developed by railroads that were deeded land along their planned rail lines. These plots were then sold off or developed, capturing some of the value added by the fact that that land was adjacent to the transportation service the railroad had built and was operating.

Today, while most of America’s current transit systems (from Amtrak to BART) are now on the brink of failure and are often in worse shape than what you find in third world countries—despite the high tax subsidies paid to sustain them—there are many examples around the world of public and private transit operators performing extremely well simply because they were given the rights to develop the land around their stations, leading to extremely lucrative revenue sources that sustain their operations and growth while they provide efficient transportation services to the public.

Dilger goes on to explain value capture in the App Store ecosystem but misses important transit connections with Apple Pay:

The most successful value capture transit model in the world is the Suica Transit Platform business model on full display at  Tokyo Station. The shopping experience both inside and outside the transit gate is mind-boggling (the Drip Mania coffee softcream is to die for if you can find it) as is the cash flow. If JR East offered business tours in English the waiting lines would look like the lines at Tokyo Comic Con. It’s very strange that other transit agencies around the world, ahem in the west, ignore studying the Suica Transit Platform business model.

Tokyo Station is the Suica card epicenter for transit (regular trains, Shinkansen, buses), shopping, and other services like vending machines and coin lockers. You can buy Shinkansen tickets on the go on your smartphone. Every single store register has a Suica reader and the payment choice is either cash or plastic credit cards but contactless payment is strictly Suica. That is not a problem because Inbound Apple Pay users can join the Suica fun.

There has been a lot of overblown media hand wringing that Japanese contactless payments usage rates are far below what they are in China and Korea, and the Japanese government hopes to raise contactless payment usage rates to 40% by 2025 over the current 20% rate. This “problem” is remarkably easy to fix: create an open shared mobile transit cloud infrastructure that follows the Japanese Transit IC Card Interoperability model. Get the big Japanese transit cards on mobile that unlock the commuter pass and loyalty point goodies associated with the plastic IC cards, and the problem is solved. It’s that simple.

If that cannot be accomplished the Japanese government could talk JR East into hosting everybody else’s transit card on the Mobile Suica cloud with agreeable terms for big and small players. A concept just like the recently released Apple Pay Mizuho Suica. With all the important transit cards on mobile wallet platforms, contactless payment usage rates in Japan would quickly skyrocket beyond 40%. I guarantee it.

 

MIFARE and Taiwan Transit Coming with iOS 12 Apple Pay?

It’s interesting how different story threads weave together. Taiwan has been running a huge “come visit Taiwan” campaign in Japan the past year or so. Even Mastercard Japan has been in the game highlighting how easy it is for Japanese iPhone users to use Apple Pay when visiting Taiwan. It’s probably the only credit card ad out there that promotes iPhone Apple Pay NFC switching.

I had just run across a Japanese notice put out by the Taiwanese Representative Office in Tokyo announcing that EasyCard and iPass will accept credit card recharge starting in October when a reader contacted me with some interesting NFC switching related EasyCard and iPass tech information: Tokens use FeliCa while IC cards use MIFARE, the NFC chips support both NFC-A and NFC-F as required by NFC certification.

What does it all mean and why is EasyCard and iPass credit card recharge starting in October? The timing certainly fits well with a new Apple iPhone Event but could mean nothing since the announcement is for plastic credit card recharge at a kiosk. From a system standpoint it could mean that Taiwan is getting ready to put EasyCard and iPass on Apple Pay Transit as credit card recharge needs to be in place before hosting a transit card system on a mobile wallet platform.

EasyCard/iPass Apple Pay Transit support requires MIFARE middleware and MIFARE has been a major missing piece so far in Apple Pay. Having that in the iOS 12 official release would open up Apple Pay Transit for native EasyCard and iPass card support. Support for MIFARE transit card systems in Korea, UK, Australia and North America would also be possible but requires the cooperation of local transit operators.

Apple Pay support of EasyCard and iPass would be great not only for iPhone users in Taiwan but a boon for inbound visitors too just like it is for inbound Apple Pay Suica users.

 

Apple Pay Predicted to Account for Half of Mobile Wallet Users by 2020

Must be a slow news day: market research blah coughed up by Juniper Research is mindlessly regurgitated by MacRumors and AppleInsider. Free advertising for Juniper Research, you go Juniper Research.

To save you the trouble of clicking click bait here is a summary, >with comments:

  • Contactless payments will exceed the $1 trillion mark for the first time in 2018, a year earlier than previously anticipated by Juniper.
    >That’s still small
  • “We believe that growth over the next 5 years will continue to be dominated by offerings from the major OEM players.”
    >Duh
  • Contactless card payments are the strongest across Far East & China and Rest of Asia Pacific.
    >Double Duh and ‘Far East’ is a quaint stupid UK expression that should be shot
  • Contactless Ticketing Gains Traction: Beyond in-store payments, the research forecasts rapid growth in contactless ticketing
    >Japanese IC transit card daily transactions (transit & e-money) top 7 million most of it still plastic
  • Juniper forecasts nearly 10 billion mobile contactless ticketing transactions, ie tickets purchased or validated, by 2022, with North America dominating the sector, followed by the Far East & China.
    >Oh boy, here it comes

Back in March I wrote:

One thing is clear: for smartphones more so than it was with plastic smartcards, transit is the golden uptake path for contactless payments but the combination is most successful when a transit platform matches up with a smartphone one.

Credit card companies are falling over each other to leverage EMV contactless to take control of transit ticketing away from transit agencies. It’s a classic “give us your money and we will save you money,” scam. As I have said many times EMV contactless sucks at transit. Singapore transit users are complaining of fried plastic contactless credit cards and of card issuers deactivating cards mid-transit for being over limit. This is the price for letting credit card companies manage transit ticketing.

The real fun will start when transit agencies wake up to discover they sold their souls to the credit card industry: transit agencies don’t decide who and who does not ride, the credit companies do.

Good luck to the New York Subway system as they phase out the trusty Closed Loop MetroCard system for a Frankenstein Open Loop mish-mash of EMV contactless and QR Codes. The dream of a transit payment platform for the great New York Subway remains a pipe dream.

Oh and one more thing, if Apple divorces Apple Watch from iPhone and allows direct Apple Pay card loading, Apple Pay will rule the world.

New York Subway Contactless Gate
Japanese IT Journalist Junya Suzuki photo of new contactless transit gate in New York

Dead HCE-F, Global NFC ≠ Global FeliCa, and Other NFC Confusion

Apple Pay Stacks Explained
A simplified look at the major parts of a NFC contactless payment system like Apple Pay

NFC is a confusing name. It’s an upside down umbrella that catches every single naming convention connected with it: Type A, Type F, EMV, FeliCa, MIFARE, etc.  There are also all those smartphone platform and credit card company brand names built on NFC technology: Apple Pay, Google Pay, NFC Pay, Mastercard Contactless, etc. Companies have greatly added to the confusion changing brand names on a whim: Visa PayWave is now Visa Contactless, Google Pay was Android Pay and Google Wallet before that.

The confusion is perfectly captured by the ever-growing collection of acceptance marks cluttering up Japanese cash register counters.

How do you keep it straight? It helps to remember that NFC is just hardware.

NFC Certification = Global NFC
NFC-A and NFC-F support is required for NFC Forum certification for a device. NFC means NFC-A + NFC-F. NFC-B is optional. All NFC smart devices are Global NFC devices capable of supporting all NFC based payment systems. The street reality is they don’t because smart device manufacturers pick and choose what middleware they support. Everybody supports EMV but manufacturers pick and choose different middleware stacks for different models and different countries.

Global NFC ≠ Global FeliCa
Google’s Pixel 2 a perfect example of a Global NFC device that doesn’t do FeliCa because Google did not choose to license FeliCa middleware. Google also muddied the Android water considerably with the Google Pay Japan rollout that proves HCE-F is dead: Google Pay Japan is just an alternative front end sprinkled on top of existing Osaifu-Keitai middleware. We’ll see what Google cooks up for Pixel 3 but I suspect Google wants to have cake and eat it too: something like Real Google Pay for Pixel 3, Google Pay Lite for everybody else.

Apple on the other hand sells Global FeliCa iPhone 8, iPhone X and Apple Watch 3 worldwide. Inbound visitors to Japan with those devices can add a Suica card with all the benefits to Apple Pay. Inbound Android users are left in the cold feeling confused which is a shame.

It would be much better for customers if smart device manufacturers bundled all the major middleware stacks (EMV, FeliCa, MIFARE, China Transit, CEPAS) and simply called it Global NFC. Real Global NFC.

Until the industry does a better job of integrating NFC hardware and the various middleware pieces into a virtual whole, NFC confusion will continue to be a problem.