Mobile FeliCa evolution: FeliCa without the FeliCa chip

FeliCa Dude did his usual public service of posting Mobile FeliCa details for the latest Pixel 6 devices. There wasn’t any change from Pixel 5, so no global NFC Pixel for inbound visitors. Nevertheless it’s a good opportunity to review some important recent developments that have taken place behind the scenes on the Android Mobile FeliCa side and examine some possible 2022 scenarios. Things have changed even if most users don’t notice any difference.

The chart outlines Mobile FeliCa on Google Pixel developments based on information from FeliCa Dude’s tweets.

Mobile FeliCa 4.0 (Pixel 4) freed Android device manufacturers from having to use embedded secure element + NFC chips from the FeliCa Networks supply chain. Any FAST certified secure element will do. This development has resulted in a number of inexpensive Osaifu-Keitai SIM-Free smartphones released by Chinese manufacturers recently that are selling well. Hopefully it will have wider implications for inexpensive global NFC Android devices. There are lots of people in Hong Kong who would buy one to use Octopus.

Mobile FeliCa 4.1 (Pixel 5/Pixel 6) introduced multiple secure element domains. This allows the device manufacturer to ‘own’ the eSE and load or delete Java Card applets. FeliCa Dude thinks that multiple secure element domains (MSED) might play a part in the MIC digital My Number Card due to launch on Osaifu Keitai devices in 2022. My Number card uses NFC-B but MSED allows the Mobile FeliCa secure element to host it anyway, an interesting development.

Mobile FeliCa 4.2 or 5.0? The next version of Mobile FeliCa (MF) will hopefully support FeliCa SD2 next generation features that shipped in November 2020, features that power Suica 2 in 1 Region Affiliate Transit Cards (aka Super Suica) which are going wide in March 2022. These cards really need to be on mobile for future MaaS service plans outlined by JR East which cannot happen until SD2 features are added.

The improvements in MF 4.1 certainly give Android device manufacturers the ability to update MF over the air but don’t hold your breath. Standard industry practice to date has been ‘buy a new device to get new features’. Apple has been a little bit better in this regard: MIFARE support was added in iOS 12 for Student ID cards and iOS 15 fixed some Calypso bugs on ‌iPhone‌ XR/XS and ‌iPhone‌ SE.

A FeliCa Dude Reddit post comment regarding Asus smartphones illustrates the pre-MF 4.0 situation: “any phone that lists ‘NFC’ compliance must support Type F (FeliCa), but as there is no Osaifu-Keitai secure element <aka Mobile FeliCa secure element>, you will be limited to reading and potentially charging physical cards: you cannot use the phone as a card itself.” That was then, this is now.

Most people assume FeliCa support requires a Felica chip but this is not true. The evolution of hardware independent Mobile FeliCa is very clear: the ‘FeliCa chip’ from Sony/FeliCa Networks requirement is long dead and gone. Manufacturers like Xiaomi claim they make special models and add FeliCa chips just for the Japanese market, but that’s just marketing BS: they run Mobile FeliCa on the same NXP NFC chipset they sell everywhere. The majority of smartphones supporting FeliCa don’t have a FeliCa chip, everything from EMV to FeliCa and MIFARE runs on any GlobalPlatform certified secure element on any Android device.

Hopefully the sum of recent Mobile FeliCa developments, along with Garmin Suica, Fitbit Suica and built in WearOS Suica showing up in recent developer builds, indicate that FeliCa Osaifu Keitai services will become standard on Android devices as they have been on all iOS and watchOS devices since 2017.

Are Chinese manufactured PAX NFC readers a security risk?

Probably not, but the FBI Raids Chinese Point-of-Sale Giant PAX Technology report from Krebs on Security has some thrilling bits:

“FBI and MI5 are conducting an intensive investigation into PAX,” the source said. “A major US payment processor began asking questions about network packets originating from PAX terminals and were not given any good answers.”

The source said two major financial providers — one in the United States and one in the United Kingdom — had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources.

“My sources say that there is tech proof of the way that the terminals were used in attack ops,” the source said. “The packet sizes don’t match the payment data they should be sending, nor does it correlate with telemetry these devices might display if they were updating their software. PAX is now claiming that the investigation is racially and politically motivated.”

Krebs on Security

FBI, MI5, unnamed sources? Sounds like a spy novel. The original Jacksonville WOKV report is down to earth local news reporting with the official statement from the FBI: “The FBI Jacksonville Division, in partnership with Homeland Security Investigations, Customs and Border Protection, Department of Commerce, and Naval Criminal Investigative Services, and with the support of the Jacksonville Sheriff’s Office, is executing a court-authorized search at this location in furtherance of a federal investigation. We are not aware of any physical threat to the surrounding community related to this search. The investigation remains active and ongoing and no additional information can be confirmed at this time.”

PAX NFC terminals and POS systems support EMV, FeliCa and MIFARE protocols and are used extensively in Japan in nationwide POS systems such as FamiMart and Doutor Coffee chains. However it’s important to remember that each protocol has a hardware certification process, for EMVCo, for FeliCa Networks and for MIFARE. Card companies also have their own hardware security and certification. And even though the story sounds scary, we don’t know what ‘major financial provider’ POS systems are pulling PAX readers*, what hardware models are involved and what kind of POS software they run (provided by PAX? Developed in-house?), or what exactly the FBI are investigating.

That said, this is much more real and interesting than the silly Apple Pay EMV Express Transit VISA security scare story pushed by the BBC, mindlessly repeated by tech sites and dubious ‘security experts’ who scare people into buying their ‘services’. The so-called Apple Pay EMV Express Transit VISA exploit was just a lab experiment, this is happening in the field. The PAX story won’t get much press however because it does’t have ‘Apple Pay’ in the headline. At least not yet…I’m sure some media hack out there will come up with one, something like ‘Apple Pay sends your personal payment data to China’. Only then will people start paying attention.

*UPDATE 2021-11-03
Bloomberg reports FIS Worldpay (also based in Jacksonville next door to PAX…interesting eh?) is pulling PAX NFC readers from client systems and replacing them with Verifone and Ingenico NFC readers. FIS said, “While we have no evidence that data running through PAX POS devices has been compromised, we have been working directly with clients to replace those devices with other options at no cost to them and with as little disruption to their business as possible.” No evidence but Worldpay is replacing PAX readers anyway…based on what exactly, heresy?

PAX NFC readers comprise less than 5% of Worldpay client POS installations so we’re not talking big numbers. Meanwhile PAX has issued a long winded statement (PAX Technology announcement and resumption of trading) addressing and refuting the security risk claims from Krebs and FIS saying it’s only a geolocation feature. We don’t know which PAX reader models are involved but I suspect they are Android based. That’s the problem with all those crappy Android OS based POS+NFC all in one terminals: not only do they have lousy Android performance, they have all the Android security risks too. Dedicated hardware is way better, performance-wise and security-wise.

Apple Pay WAON and nanaco e-Money cards launch in Japan

First announced as ‘coming later this year’ in August, Apple Pay WAON and Apple Pay nanaco launched today October 21 JST. The popular prepaid e-Money cards are two of the last big three holdouts that have been on Osaifu Keitai mobile phones for some time: 2005 for Edy (now Rakuten Edy), 2007 for WAON, 2011 for nanaco. Google Pay support for all three was added in 2018.

Basic features
Apple Pay WAON and nanaco require iPhone 8 or later running iOS 15, Apple Watch 3 or later running watchOS 8 and Apple ID set up for two-factor authentication. The cards are similar to rechargeable Suica and PASMO however there is one important difference: they do not support Express Mode and require Face • Touch ID when making payments. This is because the maximum stored value limits for WAON and nanaco cards is ¥50,000, much higher than the ¥20,000 limit for Suica and PASMO.

Earlier this year I predicted these cards would be added with apps, not directly in Wallet but was only half right. AEON and nanaco released apps today for adding and transferring WAON and nanaco to iOS 15 Wallet that require account registration. However: WAON supports direct Wallet adding without an app, both WAON and nanaco support plastic card transfers directly in Wallet. This direct Wallet support is why the Wallet add card screen has a new e-Money category.

This is big and also an Apple Pay exclusive as plastic transfers are not supported on Osaifu Keitai • Google Pay. Once a physical card has been transferred it cannot be used, just like Suica and PASMO. Mobile card migration from Android devices is also possible via the apps. Card creation is ‘free’ compared to the ¥300 deposit for plastic cards bought at stores but plastic card transfers to Wallet do not refund the deposit, unlike Suica and PASMO that refund the plastic card deposit automatically to the balance.

Remote WAON recharge with Apple Watch Family Sharing
Even so, plastic card transfer is a very important point for younger users (Apple Pay in Japan can be used ages 13 and above) to load cards into iPhone and recharge with cash instead of credit cards. There is a unique feature of Apple Pay WAON when used with Apple Watch Family Sharing: remote recharge. This was demonstrated at the Apple Pay WAON launch media event and appears to be very similar to Apple Pay Family Sharing via Apple Cash using Messages. This is a first and unique to Apple Pay WAON. I’ve pointed out that Suica would greatly benefit from just such a feature.

Users outside of Japan report they can add WAON directly in iOS 15 Wallet with foreign issue credit/debit cards. Overall I’d say WAON delivers a full set of user friendly forward looking features (direct Wallet add, remote recharge) on Apple Pay while nanaco is conservative, lacks focus and vision.

What took so long?
One reason it has taken so long for WAON and nanaco to join Apple Pay despite the ability to do so since the introduction of FeliCa capable iPhone 7 in 2016, is the account creation process for digital wallet cards. Mobile WAON and Mobile nanaco on Android require a cumbersome registration process when adding these cards in Google Pay Wallet. This is something Apple didn’t want to do. Apple certainly had to do a lot of negotiating with AEON and Seven & i Holdings to get them on board with the plan but the benefits are obvious: user privacy when adding WAON, and the huge number of plastic WAON and nanaco cards out there. Those cards finally have a migration path to mobile and it is iPhone.

But why now? The Japanese mobile payments market has been on a migratory path since the release of Apple Pay in 2016 which pulled all the various FeliCa payment threads into one slick and convenient service. This development, plus the VISA JP/SMBC feud with NTT Docomo, created an opening for code payment platforms wannabes with every tom, dick, yoko and harry creating their own ‘〇〇 Pay’ service and app.

Seven & i Holdings crashed and burned with their 7Pay disaster, meanwhile AEON launched AEON Pay code payments in August with the iAEON app that follows the Toyota Wallet model. That model is what every Japanese payment player is aiming for: a virtual financial service account with multiple payment options: NFC payment cards, code payments, reward points and so on, that lock users to their economic zone of choice (Rakuten Point, NTT docomo dPoint, SoftBank PayPay, WAON Point, etc.)

So the old reliable plastic e-Money cards are being repositioned as one payment option of many in sleek modern digital swiss army payment apps. To make this strategy work, the cards needed to be on Apple Pay. Unfortunately the very long delay getting WAON and nanaco on Apple Pay means they are less important now than if they had launched back in 2016 along with Suica. People always lay any delay blame on Apple and transaction fees, but my take is the account sign-up for mobile part and user privacy was the major sticking point. On the nanaco side, the 7pay code payment fiasco was also a major distraction as they planned to ditch the JCB managed nanaco card for their in-house QR.

As always it will be interesting to see how the situation evolves. One thing for sure, it’s only a question of time before the last holdout Rakuten Edy comes to Apple Pay…’if’ is no longer an option.


Apple Pay WAON / nanaco gallery

JR East Eki-Net overview: will mobile ticketing go mainstream with new Eki-Net 2.0 reboot?

Waku-waku for the new Eki-Net? JR East wants to make travel ‘waku-waku’ fun and romantic again like the Showa ‘Full Moon’ campaign era when JR Group ticketing was unified.

One unfortunate legacy of the Japanese National Railways (JNR) breakup and privatization in the late 1980’s was a fragmented ticketing system. The JNR paper ticket system worked very well. I was always impressed how you could go to any JNR Green Window ticket office and the all knowing agent would give expect advice and deftly punch up tickets to anywhere, in any configuration, even covering private rail.

The JR Group model fell apart in the internet era with online ticketing services, Suica and compatible Transit IC cards limited to separate JR Group regions. JR Group ticketing for paper, but not for mobile. What got broken doesn’t get put back together easily though it desperately needs to.

Last weekend the 20 year old JR East Eki-Net online ticket reservation system, older than Suica, got the ‘renewal’ overhaul advertised back in March. The main aims are to reintegrate JR Group tickets into one slick consistent UI instead of a swamp of sub-menus, and integrate JRE POINT that replaces the old cumbersome Eki-Net point system. The overhaul also repositions Eki-Net from a limited ‘nice but I’ll stick with paper’ online purchase option to a standard way that JR East wants people to buy all train tickets, both paper and mobile.

While eTickets have been in place since March 2020, Eki-Net 2 is the first serious step towards eliminating legacy mag-strip paper tickets and drastically reduce the number station ticket offices in favor of online mobile ticketing. The first stop for all JR East ticketing is now Eki-Net instead of lining up at a station ticket window.

There are 2 Eki-Net flavors: (1) the full comprehensive Eki-Net Web version optimized for desktop and smartphones offering mobile tickets, paper tickets, car rentals and tour packages like the classic 2nd honeymoon ‘Full Moon’ campaign for retiree couples, (2) Eki-Net App that only offers JR East eTicket and Ticketless mobile options.

The Eki-Net web site covers every ticketing feature, the mobile app is limited to mobile tickets.

What exactly is mobile ticketing?
To understand the aim of Eki-Net it’s important to know the basic ticketing categories:

  • Suica (Transit IC cards) pays the distance based fare using the Stored Fare (SF),
  • eTickets are cloud account Shinkansen ticket bundles that include the end to end distance fare plus the express • seat reservation charge, they are attached to the Suica or Transit IC card via the card number but do not use SF
  • Ticketless is a mixed mode that combines a cloud account express • seat reservation purchase for regular express train seating used in combination with Suica or Transit IC cards for basic fare.
  • Touch and Go is a ticketless Shinkansen option that uses Suica and Transit IC cards for non-reserved seat Shinkansen travel in a pre-determined area, basically the whole JR East network

What’s new in Eki-Net 2?
Suica plays a central role in Eki-Net mobile ticketing. 2021 is also the 20th anniversary of Suica which has evolved beyond its commuter pass origins to encompass eMoney payments, mobile devices, Transit IC mutual compatibility and more.

In recent years Suica has gained another role as an all purpose mobile transit card hosting Shinkansen eTicket from JR East and SmartEX from JR Central. The challenge facing JR East is migrating the vast array of special ticketing and discount fares schemes from paper to mobile. Let’s take a look at the new banner features advertised for Eki-Net 2 and examine how JR East is doing this.

JRE POINT Integration
The integration of JRE POINT is the biggest new feature and illustrates JR East’s intention. The old Eki-Net point system was scrapped, good thing, there is finally point synergy and compatibility between Suica and Eki-Net. If you have any doubts that JR East is serious about mobile ticketing, take a look at the JRE POINT reward schedule:

Earning JRE POINT in Eki-Net, the VIEW PLUS Gold vs Regular 5% difference is obscene

Online paper ticket purchases give you basically zero points if you buy them with anything other than a JR East VIEW credit card, called ‘VIEW PLUS’ service which adds 3% or 8% more JRE POINT per ticket purchase amount depending on the VIEW card for a total of 5% (Regular VIEW) or 10% (Gold VIEW). JRE POINT can also be used for purchasing mobile only eTicket and Ticketless, and upgrading to Green Car and Gran Class seats. The upgrade exchange rate depends on distance and the train type, the new UI shows users all possible JRE POINT seat upgrades during seat selection.

Using JRE POINT in Eki-Net

Improved UI for web and app
Basically the new design dumps the old way of selecting the JR line or train and streamlines everything into a single station point and date entry screen. Seat selection is the advertised UI improvement and it shows: it is much improved on the web side, discount ticket comparisons are easy to see as are JRE POINT seat upgrades.

QR Codes support for group ticket pickup
A nice paper ticket option so that one person can purchase all tickets and send a QR Code for group members to pick up their tickets at the nearest station kiosk. It’s more convenient and replaces the old insert credit card and enter PIN code method for paper ticket pickup.

Eki-Net ticket discounts
Paper tickets have traditionally been the cheaper option. JR East must offer good discount incentives to drive mobile ticketing uptake. Fortunately the new Eki-Net ‘Tokuda-ne’ discounts offer anywhere from 5% off for same day tickets to 50% off for 20 day advance tickets. Discounts combined with JRE POINT are good but we’ll only find out if they drive mobile ticket uptake when regular train travel returns. While these options have closed the discount gap between mobile and paper somewhat, the majority of discount ticketing is still paper only.

JR-EAST Train Reservation
The international flavor of Eki-Net is called JR-EAST Train Reservation. It’s a completely separate web only multi-lingual service that offers regional passes for inbound tourists that can be purchased online before coming to Japan, or at a passport reading station kiosk. JR-EAST Train Reservation passes are different from the paper only Japan Rail Pass in that a growing number of them can be attached to Suica. New features here include: (1) Expanded multi-language support (2) pass purchases after coming to Japan (3) using Suica to attach eTickets. For the later there is a new user guide and How to register your IC card section. You can use Apple Pay Suica • PASMO by registering the card number, get the number using Suica App or PASMO App.

Weak points and summary
The Eki-Net renewal is big, complex and getting mixed reviews from Japanese users. Some love it, others hate it calling it, ‘an improvement for the worse’. The biggest gripe for many is that only up to 4 Express Train • Shinkansen sections are supported for one trip purchase. If you are traveling from Kagoshima to Aomori, forget Eki-Net and go straight to your local station ticket office for paper tickets.

The iOS Eki-Net App remains a nice idea that needs work. It feels like a thin re-skinned version of the mobile web one without offering any obvious benefit, the Face ID•Touch ID login option still useless as you have to manually login once every 24 hours and complete a picture puzzle. And there is no Apple Pay in-app support.

My biggest gripe is the failure of the JR Group to get their mobile ticketing act together. Sure, we have JR Central EX and JR East eTickets, but these are locked in their respective service regions. This is 2021, JR Group ticketing should be cross compatible, streamlined and mobile ready. It doesn’t matter how great JR East makes Eki-Net, users can travel with just Suica on the Tokaido and Tohoku Shinkansen, but they have to buy 2 tickets using 2 different accounts and billing with 2 different ticketing systems. We should be able to travel anywhere on JR Group lines using one account to buy mobile tickets. In todays scenario this isn’t possible. The unfortunate legacy of the JNR breakup lives on.

‘New Eki-Net’ poster at the local JR East station. The overall impression of Eki-Net 2 is that less about going mobile and more about getting customers out of the ticket office to a station kiosk machine instead.

Reference posts
JRE POINT Beginners Guide
Suica App • PASMO App Guide
Apple Pay Suica Shinkansen

Suit Train Eki-Net

YouTuber Suit Train explains the ticketless Eki-Net way of transit ahead of the June 27 system renewal and great big 70% reduction of station ticket agents and service windows by 2025. There are some interesting bits: credit card only jR East ticket kiosks (1:20 mark), and Eki-Net Shinkansen eTicket purchase and gate entry (3:40~5:15). The whole point of his video is that paper tickets are going away. Nevertheless when a platform escalator stoppage prevents him from making a reserved train…paper tickets come to the rescue.

The entire video is 45 minutes long but everything after the 17:46 mark later is him explaining the details on a white board in his patented spontaneous ‘one take, no overdub’ video style. And even then he still gets 100,000 views in less than 12 hours. Not even out of college he already has a career…and a gold VIEW card.