Goodbye FeliCa Octopus, save the last tap for me

In the 2019 Apple Pay Octopus saga one thing was clear: Octopus was living on borrowed time. On the eve of the Apple Pay Octopus launch I wrote:

Octopus Cards Limited (OCL) has been slow extending the service to include mobile. Instead of putting early effort into digital wallet support for Apple Pay/Google Pay/Samsung Pay, OCL wasted time and resources developing the niche Mobile SIM product which didn’t pan out. This lag coupled with the rise of AliPay and WeChat Pay QR Code payment empires put enormous pressure on OCL to do something…

With so much traffic and business from the mainland, OCL owner MTR is looking to add QR Code Open Loop transit support (paywalled link) at some point. There is also the pressure of creating a Greater Bay Area transit card, and pressure from credit cards and banks. Every player wants a piece of the action…MTR gates will eventually look like the ones in Guangzhou with PBOC/FeliCa/QR Code readers supporting Octopus, China T-Union, AliPay/WeChat Pay…At which point I say OCL doesn’t have a viable transit platform business anymore.

Mainland China dumped the MIFARE based Beijing and Shanghai cards for their own slower PBOC 2.3/3.0 China T-Union standard, I don’t think it’s a stretch to see the same thing happening to Hong Kong Octopus at some point…Supporters will undoubtably point out the technical merits of China using a single transit standard but that’s just a red herring. The deciding factors will be good old money and politics: is it more profitable to keep Octopus in place or junk it in favor of QR and China T-Union, and who benefits from it all?

Out of Time

I thought the success of Apple Pay Octopus bought it some time, but on August 28 the South China Morning Post published a story where OCL CEO Sunny Cheung says they will join the China T-Union initiative for seamless transit integration between Hong Kong and China. He to goes out of his way a few times to say how ‘old’ NFC technology is:

Cheung said internet users’ criticism of Octopus being a tech laggard died down in June after people were allowed to add their Octopus account to Apple Wallet on their iPhones. Cheung, who admitted he was stung by the criticism, regarded Octopus’ breakthrough on the iPhone as one of the best times of his stint with the company. “This was one of my biggest challenges,” he said. “The breakthrough helped refresh Octopus’ image even though it is still using NFC technology.”

From Hong Kong’s Octopus aims to spread tentacles with contactless card for paying fares in mainland China

I guess Sunny thinks that QR Codes are cutting edge. He is retiring and doesn’t have to deal with the fallout of his misguided OCL management or care about criticism anymore.

Octopus can certainly be ‘dual mode’ with separate NFC A + CYN China T-Union purse and NFC F + HKD Octopus purse in one card, if OCL comes up with a new card architecture. But that’s an expensive undertaking when mainland China has been ruthlessly weeding out all MIFARE and FeliCa transit cards and replacing them with the slower PBOC 2.0/3.0 China T-Union standard, aka the supermarket checkout spec. It’s only a matter of time before Octopus gets the same brain lobotomy.

There is also the plastic card issue business angle to consider. Read FeliCa Dude’s Octopus on iPhone 7 post paying special attention to the Octopus plastic card issue steps he outlines. I’m sure the Hong Kong powers that be don’t want that profitable franchise to stay with Sony forever. They will work to keep it local which is exactly what the China T-Union PBOC 2.0 spec allows OCL to do.

We all know at this point that ‘one country two systems’ is just an illusion. It may not come soon but as transit gates and store readers are gradually replaced with newer models over the next few years, those models will all have dual mode support. And when the time is ready, OCL will turn off FeliCa. Until then, enjoy it while it lasts.

The Apple Pay Octopus Inbound Gouge

Good old William S. Burroughs hit the nail on the head explaining what the title of Naked Lunch really meant: that awkward frozen moment when everybody in the restaurant sees exactly what is on their fork. iOS developers staring at the thing stuck on the tip of the App Store fork don’t like what they see: an Apple platform that’s supposed to be a level playing field, where the reality is that Apple plays favorites and cuts side deals, a losing game of lowering standards.

People far smarter than me already editorialized Tim Cook’s opening statement at the Congressional antitrust hearing. I won’t go into it here except to say, what did they expect? The whole affair, on all sides, was a bad lip read parody, an awkward Handsome Anthony moment without the humor.

Octopus Cards Limited (OCL) released an iOS Octopus app for tourists last week that perfectly illustrates what’s at stake in Apple’s losing game of lowering standards. The long delayed Apple Pay Octopus launch in June was very successful but OCL shut inbound visitors out by limiting the Apple Pay Octopus service to Hong Kong issue bank payment cards.

This is something that Apple Pay Suica has never done. All Apple Pay cards and iPhone users from around the world are welcome to use Suica. This is why Suica remains the gold standard of what a transit card on mobile should be.

Instead of following the Suica example, OCL took the low road for inbound iPhone users. Octopus Tourist app adds an Octopus card to Apple Pay Wallet with a non-Hong Kong issue card. However the currency charged to the users Apple Pay cannot be in local HKD currency. OCL forces users to choose another currency as the default currency for the life of the card. This adds an invisible surcharge over local currency transactions, 4% or more on average, which is OCL taking their cut.

This is called forced Dynamic Currency Conversion (DCC) and is a credit card compliance violation. Visa, Mastercard and all stipulate that merchants cannot impose any requirements on the cardholder to use a non-local currency. Why OCL is so brazenly breaking these rules, and why Apple is allowing this level of gouging in a major app from a major Apple Pay payment provider is not good at all. As FeliCa Dude says, “Apple should swiftly rebuke this kind of grasping banditry lest it poison their platform.”

If Apple does nothing, I think we have the answer Tim Cook didn’t give at the Congressional hearings, and many more embarrassing awful Handsome Anthony moments to follow. Okaaaay?

One week in

Apple Pay Octopus has been in service for a week so I asked for some Apple Watch field impressions on Twitter. Overall, users seem pretty impressed:

I am using it daily and it is really out of this world. I use it on my watch and now I can literally go out for a jog or hike with just wearing the watch.

It works perfectly on my AW so far. But from I’ve heard on LIHKG, there some users facing the difficulties on the express mode. Mostly are requiring passcode when going through the gate.

It’s mostly positive. However there’re times where the reader isn’t sensitive enough and need to linger the watch longer. Also going to work first thing in the morning but forgetting to enter pass code in the apple watch is frustrating since it doesn’t inform you need to unlock.

Been using AW Octopus everyday. Use cases include MTR, tram, ferry, 7-11, eating meals at all sorts of restaurants like Tai Hing, Ki’s Roasted Goose, Pret etc. Octopus on Apple Pay drastically improved HK’s cashless experience. It’s definitely okay for me to go out with only AW. Not even with my phone. Feels really good. The speed of payment is also very remarkable. However, the reader in Tai Hing seems to need an extra second to detect my AW, not sure why. Plus AW users might want to wear it on the right wrist, which makes passing MTR gates easier.

Using it everywhere. All good and same speed as physical card, expect bus and some small shops were like a heartbeat slower. Also twice there was no “ping” confirmation sound. Tried AW on my right for mtr, its only good for that, imo left is more comfy for other occasions…

… after so many years of waiting, finally an apple pay suica experience in HK.

You can follow the Twitter thread here. I have noticed a few small gate lag hiccups on my Apple Watch Suica since upgrading to watchOS 6.2.5/6.2.6. The lag is especially noticeable if a workout is in progress. The passcode request at the gate could indicate that Express Transit is deactivated somewhere along the way, either by a loose band activating the wrist detector into thinking Apple Watch was taken off the wrist, or it could be something else.

My Apple Watch insisted that I create a 6 digit passcode recently and disabled the 4 digit passcode option for a few days. Who knows, the passcode requests that some HK users are seeing could be a watchOS bug or an Octopus reader side issue that can be addressed with a firmware update.

Apple Watch is still prone to OS version performance issues that disappeared from iPhone with A12 Bionic and Express Transit with power reserve. Apple Pay transactions on A12 Bionic and later bypass most of the iOS layer and are directly handled in the A12/A13 Bionic Secure Enclave and Secure Element. It makes a big performance difference for Suica and Octopus.

Hopefully the next watchOS update will improve Suica and Octopus performance. Better yet let’s hope that Apple Watch 6 introduces a Apple S6 chip with Express Transit with power reserve. That would solve the watchOS version NFC performance issues for good, just like it did for iPhone.

A12/A13 Bionic makes a big difference in NFC performance,

Next Up for Octopus: Google Pay or Garmin Pay?

Apple Pay Octopus launch day was a big success, so successful that Octopus apologized for their servers buckling under the demand. What’s next for Octopus, Google Pay? There are some possibilities but when it comes to Android there is the matter of the Secure Element (SE), where it resides and what transaction protocols are supported.

From the NFC hardware angle everything has been ready to go on all smartphone hardware for years, NFC A-B-F is required for NFC certification. The problem has been on the SE side, the black box where all the transaction magic happens. From Global Platform the SE certification organization:

A SE is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (for example cryptographic keys) in accordance with the rules and security requirements set by well-identified trusted authorities.

There are different form factors of SE: embedded and integrated SEs, SIM/UICC, smart microSD as well as smart cards. SEs exist in different form factors to address the requirements of different business implementations and market needs.

Global Platform Introduction to Secure Elements

SE Wars and Google HCE ‘SE Pie in the Sky’
In the pre-Apple Pay mobile carrier hardware era, carriers used SE SIM or embedded Secure Elements (eSE) + SIM combos that chained customers to service contracts for the privilege of using mobile payments. This is the classic Osaifu-Keitai textbook maneuver pioneered by NTT Docomo: leave those pesky SIM Free whiners in the cold world of plastic cards and hard cash, or crippled digital wallets until they give up and buy an overpriced carrier SIM. This brain dead approach is one reason why Mobile FeliCa ended up being ridiculed as ‘galapagos technology’ even though everybody copied it with inferior crappy me-too products.

This carrier SE hostage situation, i.e. the Mobile Wallet SE Wars, led Apple and Google to follow different strategies to address the problem.

The Apple Pay Way
Apple’s answer of course was Apple Pay. A unique in house strategy of putting a Global Platform certified Secure Element in their A Series/S Series chips then building it out from there. Most eSE go on the NFC controller, but doing it the Apple in-house way has advantages over a NFC chip vendor bundle: control of the eSE applets and ability to update them and the Apple eSE for new protocols in iOS updates. We saw this in action with the addition of FeliCa in 2016, PBOC in 2017 and MIFARE in 2018. We may even see the addition of Ultra Wideband (UWB) Touchless in iOS 14.

What iOS 14 could look like with QR and UWB support

The Google Pay Way
Google’s answer to the carrier owned SE problem was the more convoluted evolution from Google Wallet (2011) to Android Pay (2015) and finally Google Pay (2018). Google first salvo was Host Card Emulation (HCE): “NFC card emulation without a secure element” hosted on Google’s cloud. Later on Google attempted to do the same for FeliCa with HCE-F.

But then something happened that put an end to all this: Google decided to get into the hardware business. And now we have Google Pay and Google Pixel with it’s own embedded Secure Element (eSE). With Pixel, Google decided they didn’t want to be the Secure Element cloud provider for every Android OEM out there especially when the Chinese OEMS are all rolling their own eSE based digital wallet services anyway, completely ignoring HCE. Sure, HCE/HCE-F is still there in the Android developer documentation but it’s a dying vestigial relic of the SE wars.

But Google Pixel depends on vendor bundled eSE + NFC controllers and the Osaifu Keitai software stack. This makes global NFC support more complicated because Google doesn’t ‘own’ the eSE and the software stack, at least not in the Apple sense of making their own all in one design. This is one reason why Pixel 3/4 only support FeliCa in Japanese models even though all worldwide models have the same NFC A-B-F hardware.

The end result of all this is the Android market is a very fragmented landscape, there are no global NFC Android smartphones: a device that supports EMV, FeliCa, MIFARE, PBOC out of the box in one globally available package.

Google Pay Octopus and the Android Global NFC Installed Base
Back to our original question, can Google Pay Octopus happen? We already have Google Pay Suica right? Let’s assume that Octopus Cards Limited (OCL) has everything in place for it to happen. Here we run into the problem just described: there are’t any global NFC Android smartphones available globally. Samsung sells them in Japan and Hong Kong, Google only sells them in Japan along with Huawei, Oppo, Sharp, etc.

For OCL this means the potential Google Pay installed base that can support Hong Kong Octopus consists of Samsung Galaxy smartphones that are already using Smart Octopus in Samsung Pay; not exactly a mouth watering business opportunity worth the support expense. Even if Google Pixel 5 goes deep instead of cheap, Hong Kong would have a potential Octopus non-Samsung Android device, but that’s only one new device not an installed base. I only see Google Pay Octopus happening if Google localizes all the necessary Osaifu Keitai software and foots the entire support expense.

There is a way forward however for OCL: Garmin Pay Suica. The same Garmin APAC models that support Suica can also support Octopus, the recharge backend is entirely Google Pay. Garmin smartwatches work with any Android 5 and higher smartphone, a much larger installed base that bypasses the fragmented Android problem. Garmin Pay Octopus would offer Android users a way in, who want to use Octopus on a mobile device but who don’t want to use Samsung or Apple devices.

The conclusion: forget Google Pay Octopus for the time being. Hong Kong is a golden opportunity for Gamin Pay Octopus….if Garmin can get Garmin Pay clearance from Hong Kong authorities and banks, and cut a deal with OCL. It’s certainly in Octopus’ best interest for OCL to help turn the negotiation wheels. It’s also in Google’s interest as Google Pay would supply the recharge backend as it does for Garmin Suica. Big hurdles all, but I hope it happens.

If you need to enter your passcode

A reader asked me about using face masks with Express Transit. The great thing about Express Transit with Suica and Octopus is that the user doesn’t need Face ID or Touch ID to use transit or buy stuff. It’s very convenient to have, especially in our face mask era. iOS 13.5 added a small Face ID tweak for easier passcode entry when wearing a face mask. It helps with the basic unlock but for me regular Apple Pay authentication is still a pain.

The reader wanted to know if the iOS 13.5 Face ID tweak affected Express Transit. It does not. You don’t need Face ID to use Apple Pay Express Transit. But Face ID needs to be ‘on’ in order for Express Transit to work and finding the right information on Apple support pages is a little confusing. The reference page you want is If Face ID isn’t working on your iPhone or iPad Pro>If you need to enter your passcode:

The key sentences are outlined in red. Wearing a face mask is not a problem with Express Transit and Face ID turned on. However, “five unsuccessful attempts to match a face,” turns off Face ID and Express Transit. You need to enter your passcode to turn on Face ID and Express Transit again.

Unfortunately turning off Face ID wearing a face mask with five unsuccessful attempts without realizing it is easy to do and trips up a lot of Express Transit users who are not aware of it. That’s why I suggest turning off the ‘Raise to Wake’ option in Settings > Display & Brightness. Doing so reduces the chance of ‘five strikes’ and makes Face ID with face mask life a little easier.