If I had an Australian dollar for every online complaint of Mobile myki, the mobile version of Public Transport Victoria’s (PTV) myki transit card in the Melbourne region, I could probably purchase a nice bit of property there. Reddit forums regularly erupt with mobile myki mind melting nonsense, invariably bashing Apple for refusing to put myki in Apple Pay because Apple ‘doesn’t support HCE’ or because they charge a ‘30% commission’. Neither of them true. myki is MIFARE which has never used HCE and Apple Wallet already supports lots of MIFARE transit cards.
The whole HCE thing is a straw man anyway: embedded secure elements (eSE) are standard on NFC smartphone chips these days. The reason why Île-de-France Mobilités (IDFM) chose HCE for Smart Navigo on Android for example, had nothing to do with Android devices lacking an eSE, it was simply that IDFM didn’t want to deal with Android manufacturer ‘gatekeepers’. Imagine the nightmare of asking every Android manufacture to issue firmware updates for older devices to support Calypso on the eSE. There was no chance in hell they would listen or do it for free, so IDFM and Calypso spent a lot of time and money creating a special HCE version of Calypso, that doesn’t support Express Transit Mode, just for Android (but not for Samsung Pay devices which use native eSE and support Express Transit Mode).
Why IDFM and Calyspso did this is all you need to know about the chaotic mess that is Android NFC. When Smart Navigo comes to Apple Wallet later this year, it will run on iPhone 8/Apple Watch 3 and later without a hitch in full Express Transit Mode glory because firmware, eSE and software are upgraded in a single iOS update. That’s the advantage of having a good gatekeeper who’s on the job.
As for the 30% commission straw man, Apple Pay doesn’t ‘charge a commission’ for using transit cards, they only take a negotiated commission when a credit card is used to add money to the transit card. Why PTV and Apple haven’t reached an agreement yet is a mystery, but judging from myki user complaints, the mobile myki backend system might not be up to Apple’s user experience high-bar. And the myki system is about to get much more complicated: PTV is hitting the reset button.
Open loop envy PTV has Opal open loop envy and want EMV contactless cards to replace most of myki. This is certainly doable but there is the issue of the native MIFARE myki already on mobile. Oyster and Opal cards are MIFARE too but those systems added EMV contactless support as the foundation for ‘mobile’, relegating MIFARE as legacy plastic. By doing this they offloaded the card issuing operation to VISA/Mastercard/AMEX card issuers, who already have digital card systems in place and agreements with digital wallet operators. myki having come this far with mobile however is going to be a real juggling act, can PVT, or whoever wins the service contract, keep all the service balls in the air while going forward?
There is also the problem of Express Transit Mode support. Look carefully at Apple Express Transit Mode small print and you’ll notice that mobile EMV and mobile MIFARE transit card Express Transit Mode don’t coexist on the same system. It’s one or the other, never both. I suspect a smart Express Mode that chooses the right transit card for the job depends on smart modern transit gate reader hardware with the latest firmware and updated backend software. Getting the latest, greatest transit gates/readers installed takes time and money. Mostly money. Buckle up myki users, it’s going to be a bumpy ride to mobile transit card nirvana.
iOS 15 Wallet is deceptive. The first impression out of the box is that nothing has changed much. It looks the same, it works the same. It doesn’t help that many of the new features won’t come until later in the iOS 15 life cycle and will be limited to certain users and regions. ID in Wallet for example is only due to launch in eight American states ‘late 2021’. Wallet keys for home only work on A12 Bionic iPhone XS and later while office and hotel key “device requirements may vary by hotel and workplace.” In Japan the iOS 15 Wallet feature section is missing altogether. The fine print reads like Apple is giving itself the biggest set of loophole opt outs ever, as if to say, ‘sorry, better luck later on.’
This is because Wallet key and ID cards are exactly like the Apple Pay launch in 2014 when the contactless payment infrastructure in America at the time was way behind Europe and Japan. The contactless transition has been bumpy, uneven and continues to plod along while stores have been slow getting their act together. Early Apple Pay adopters grew accustomed to hearing that classic gag line at checkout when things didn’t work right: “you’re holding it wrong.”
Wallet keys and ID will see a gradual measured uptake just like Apple Pay payment and transit cards. But unlike payment cards and transit cards, the reader infrastructure side of the equation for digital keys and ID cards is only just beginning. For some people it may be years before they have the opportunity to use digital key with their car, home or apartment. The initial use for Wallet ID, TSA security checks for domestic US air travel, represents only a small subset of a much wider future potential. How long will it be before state government services are fully equipped to read their own digital issue ID? And what about in-app ID checks, there’s huge but undeveloped potential there too.
Apple is leading the digital wallet transition for keys and ID as they did for payments when Apple Pay launched in 2014. Sure, there are others already doing it on a limited scale and Apple may be late to the party, but because Apple takes the time to make complex things easy to use and get it right, eventually it’s everywhere. Even without keys and ID, iOS 15 Wallet offers some deeply useful UI improvements that will remove a lot of frustration for all Wallet users. Let’s take a look.
New Add to Wallet UI The new Add to Wallet screen with card categories is the gateway to new iOS Wallet features, it also solves long standing UI problems that confused users for adding transit cards. The main categories:
Debit or Credit Card Add debit/credit, the same process we’ve had all along.
Transit Card The add Transit Card category is new and lists all available transit cards that support direct Wallet card add and Apple Pay recharge. Transit cards that can only be added and recharged via an app such as Portland HOP and Chicago Ventra are not included. Some transit cards on the list are somewhat deceptive. Hong Kong Octopus and China T-Union cards cannot be added without certain locally issued credit/debit cards but you only get the warning message at the very end of the addition process that aborts it. The only transit cards that anybody from anywhere can add to Wallet are: Suica, PASMO, SmarTrip, Clipper and TAP.
Previous Cards Previous Cards is a new category that appears only when needed. It shows cards, keys and passes that are attached to the user Apple ID but are not currently in Wallet.
The region-free Wallet These seemly mundane UI tweaks are much bigger than they look. Before iOS 15, Wallet did not make a clear distinction between first time card issue (adding a card) and re-adding previous cards that were already attached to the user’s Apple ID. Adding cards to Wallet was also region dependent, that is to say users had to set the iPhone region to match the issuer region to add those cards. This has been a real pain for transit cards: Japan to add Suica, Hong Kong to add Octopus, America to add SmarTrip, Clipper or TAP.
Changing the device region is easy to do, but it’s not intuitive at all and bewildered users. It’s not uncommon for people to think that changing the region messes up the Apple Pay cards they already have making them unusable, or that a certain region setting is required to use a particular card.
Neither is true, but region-dependent Wallet was a big source of confusion that kept people from using great Wallet features and caused support problems, especially for transit card users. Do a Suica search on Apple Support Communities. The number one support issue is: I lost my Suica card, how do I get it back in Wallet?
The new UI fixes this problem by making a clear distinction between removing Wallet cards vs. deleting them. Wallet has a simple rule: removing a card added in Wallet does not delete the card but stores then on iCloud. Cards added in Wallet and keys are hooked into the user’s Apple ID. This is easy to see in Suica App which displays the unique Apple ID/Apple Pay identifier for each Suica card.
The pain point was the inability to see what cards were still attached to their Apple ID sitting on the Apple Pay iCloud server when not in Wallet. Most people assume a card not is Wallet is lost forever, the classic ‘I lost my Suica’ problem described above. This happened all the time in pre-iOS 15 Wallet when the user signed out of Apple ID without realizing it or migrated to a new iPhone without doing Wallet housecleaning on the old device. Removed cards were always parked safely in iCloud but there was no easy way to see them. With Previous Cards and region-free Wallet, you always know where to find your Wallet cards.
Knowing exactly where your Wallet cards are, in Wallet or parked on the server, and how to really truly delete them from the cloud, makes using Apple Pay easier. When users understand that Apple Pay has their back, they trust and use it more. Trust is far more important than technology.
From now on the new rules are: removing a card only removes it from Wallet. Only the extra step of removing a credit/debit card from Previous Cards removes it completely from Apple ID. Stored value cards like Suica can only be deleted with the card issuer app.
ID in Wallet is the biggest new iOS 15 Wallet feature, important enough that Apple announced details and launch states before the September Apple Event, which is unusual for a feature due late 2021 March 2022. The press release clearly explains (but does not show) the exact process for adding and using an ID, and the some security details behind it. Carefully crafted screen images clearly illustrate that ID in Wallet does not show detailed personal information, not even a full name, only the ID elements that will be transmitted by NFC to the TSA reader. Like Apple Pay, users do not need to unlock, show, or hand over their device to present their ID, they simply authorize and hold to the reader.
ID Security and Privacy It looks slick but there are lots of interesting things Apple has not shown yet, like the actual adding process, that will certainly be highlighted at the September Event. Apple is advertising high level security and privacy for ID in Wallet but there are device distinctions security concerned users will want to know about, specifically Secure Intent.
Secure intent, in a very loose sense, is the user action of confirming ‘yes I want this transaction to proceed’ by double pressing a button (Face ID and Apple Watch) or a long press (Touch ID). But there are important differences: by Apple’s official definition, Face ID iPhone and Apple Watch are secure intent devices, Touch ID iPhone is not.
Secure intent provides a way to confirm a user’s intent without any interaction with the operating system or Application Processor. The connection is a physical link—from a physical button to the Secure Enclave…With this link, users can confirm their intent to complete an operation in a way designed such that even software running with root privileges or in the kernel can’t spoof…A double-press on the appropriate button when prompted by the user interface signals confirmation of user intent.
The most secure ID in Wallet secure intent transaction is a double press button authorization action that tells the secure enclave, where your biometrics are stored, to release authentication to the secure element, where your ID credentials are stored, for the transaction magic take place. Apple: “Only after authorizing with Face ID or Touch ID is the requested identity information released from their device, which ensures that just the required information is shared and only the person who added the driver’s license or state ID to the device can present it.” There is no Express Mode for ID card nor would you want there to be.
There is another aspect to consider, one that Apple certainly won’t divulge: who manages and runs the backend centralized mobile ID issue service that plugs into Apple Pay servers. The direct in Wallet ID card add process demonstrates a high level of integration: “Similar to how customers add new credit cards and transit passes to Wallet today, they can simply tap the + button at the top of the screen in Wallet on their iPhone to begin adding their license or ID.”
We can get an idea of what’s involved on the ID backend from the Japanese Ministry of Internal Affairs and Communications (MIC) English PDF document: First SummaryToward the Realization of Electronic Certificates for Smartphones with a diagram of the digital ID system architecture for the Individual Number Card (My Number). MIC are in discussions with Apple to bring the digital My Number ID to Wallet. The Android version is set to launch in 2022.
There has to be a partner service company that sub-contracts mobile ID issue services to participating state governments…somebody that does the heavy lifting of linking various state database servers to provide a centralized card issuing service so that Apple can provide a seamless ID add card experience. But it must be an independent entity that can provide the same set of backend ID issue services to other digital wallet platforms (Google Pay, Samsung Pay, etc.) at some point. Because if it is not an independent entity providing those services, Apple is inviting more claims that Apple Pay is a monopoly. It’s a mystery worth digging into. Nevertheless, Apple is paving the way by integrating ID issue directly in Wallet that eliminates crappy 3rd party apps. It’s a huge effort that hopefully makes digital ID easy, practical and widely used.
Digital Keys and Power Reserve Express Mode Home, office and hotel keys are the first new iOS 15 Wallet feature on launch day. Where is the Add to Wallet Key Card category? There isn’t one. Keys are slightly different and cannot be added (issued for the first time) to Wallet directly because the mobile key issuing company has to confirm user identity before giving the key. The most common way to add keys for the first time is with an app. From the Apple car key support page:
Open the car manufacturer’s app and follow the instructions to set up a key…Depending on your vehicle, you might be able to add car keys from a link that your car maker sends to you in an email or text message, or by following steps on your car’s information display.
Keys removed from Wallet can be re-added quickly via Previous Cards. According to the iOS 15 and watchOS preview page, keys appear to come in 2 basic varieties, sharable and un-sharable, device specs are different depending on the type of key.
Car keys with Ultra Wideband
iPhones and Apple Watches equipped with U1 chip(iPhone 11 • Apple Watch 6 and later)
Car keys (NFC)
iPhone XS • Apple Watch 5 and later
Device requirements may vary by hotel and workplace
All keys work in Express Mode as keys, unlike ID, require Express Mode to be useful. iPhone XS with A12 Bionic powered NFC supports Express Mode Power Reserve, a huge performance difference from previous Apple Silicon. The extra 5 hours of power reserve key access with a drained iPhone battery are crucial and it’s understandable why Apple set iPhone XS as the base iPhone for using car and home keys.
There might be conditions for office and hotel keys depending on the key issuer. In Japan for example iPhone 6s, iPhone 6s Plus, iPhone SE (1st generation) cannot be used for FeliCa based key access, hence the ‘device requirements may vary’ tag.
One more issue here is that mobile key issue is a complex process for hotels, and one assumes offices as well, one that usually requires an app with an account to securely issue a mobile key with set limitations (time, area, etc.).
It’s important to note that issuing digital keys is only one step of the complex process that allows guests to bypass the front desk. Apple’s announcement certainly does not spell the end of the hotel app as we know it…
It’s a big step toward streamlining a process that has, until this point, prevented many guests from using their phone as a digital room key. But, Wallet only solves one segment of the end-to-end operation required to get a guest checked in and room access issued. The bigger issue is connecting identity with access, which requires many more steps beyond issuing a key.
Hyatt Hotel launched Room Keys in Apple Walletin limited locations on December 8 (video). There are a few interesting requirements and other bits. (1) Bingo…reservations must be made in World of Hyatt app and can only be shared with one more device with the same Hyatt account, (2) Room key activated in Apple Wallet after checkin and room assignment, (3) hotel updates or deactivates room key in Wallet remotely, (4) Room key in Apple Wallet is never shared with Apple or stored on Apple servers, (5) The World of Hyatt app is run by ASSA ABLOY Vostio Access Management cloud-based solution. The word ‘sharing’ is never mentioned in the Hyatt announcement or ASSA ABLOY Vostio Access literature. No word what protocol is used but you might remember that ASSA ABLOY and Blackboard use MIFARE for Student ID.
Pairing an identity with access is the core difficulty dealing with digital key issue, sharing keys on different devices is a particularly thorny problem. If I had a crystal ball to read, I might see a future where your ID in Wallet is the only confirmation necessary to add a key directly in Wallet with an email link, no apps. It would be nice if things evolved that way over time. Perhaps that is one of Apple’s long term goals for releasing home-hotel-office keys and ID in the same iOS 15 product cycle.
Wallet expansion and housekeeping The last improvement is that iOS 15 Wallet now holds up to 16 cards. The previous official limit was 12 cards (8 cards for pre-A11 iPhone), though Apple hasn’t mentioned the new limit in any support pages. If you have trouble adding more than 12, remove one taking the total down to 11 cards, then add more cards up to the new limit. The limit is defined as cards that use the secure element for transactions: payment cards, transit cards, keys, and ID. Passes don’t count and used passes are automatically cleared and stored in the new archived passes category. One hopes Wallet will do similar housekeeping for expired hotel keys in a later iOS 15 update.
The expansion seems trivial but 4 more parking spaces in Wallet garage is a godsend not only for card otaku but also for regular users who already have lots of payment and transit cards, it’s easy to hit the limit. The housekeeping changes are appropriate and timely, going forward we’ll all be adding car, home, office, and hotel keys along with our driver’s license to an ever growing Wallet.
UPDATE An earlier edit of this post incorrectly stated that watchOS 8 Wallet did not support hotel and office keys (they were not listed on Apple’s watchOS 8 preview page but mentioned on a separate PR release). Apple PR reached out regarding the error and has been corrected.
Last updated 2021-12-09 (added Hyatt Hotel Wallet key beta test announcement)
In my initial Super Suica coverage I outlined all-in-one possibilities beyond the Suica 2 in 1 Region card program and called it ‘Super Suica’ to capture that idea. Unfortunately, and as Yanik points out, I forgot an important aspect: Suica and sister Transit IC cards all use the same FeliCa technology but have their own data formats. That was an oversight. Nevertheless I think we agree, so I’m retiring Super Suica in favor of Yanik’s Suica ‘all-in-one’ moniker. Here is a grab bag of various pieces that hopefully add up to an quick overview, with Suica all-in-one as a platform of technologies that others can build off of, instead of a specific transit card.
FeliCa Enhancements Since November 2020 we’ve seen a number of FeliCa enhancements: (1) FeliCa Standard SD2, (2)Mobile FeliCa Multiple Secure Element Domainsthat support non-FeliCa protocols and, (3) Mobile FeliCa Ultra Wideband Touchless. The most important of these right now is SD2 because it’s a real shipping product with Extended Overlap Service and Value-Limited Purse Service. TagInfo scans of the newly released totra 2 in 1 Suica Region Affiliate transit card reveal Extended Overlap in action. The card itself shows 2 issue numbers on the back, one from JR East who own the SF (stored fare) purse and one for the region operator who own the overall card. That JR East owns the Suica 2 in 1 card SF and float is…interesting and offers a clue as to what’s going on behind the scenes.
Float Gloat Who owns the SF purse float, how it works on the reader side and as a business model are the big issues. Here’s an example: I suspect SD2 Extended Overlap might also be used in the new Suica-TOICA-ICOCA cross region commuter passes as those cannot be issued on current plastic and require an upgrade trip to the nearest JR station. We won’t know for sure until we get a TagInfo scan of the new physical card but let’s pretend for a bit.
Say a TOICA user purchases a cross region commuter pass from Numazu (TOICA) to Odawara (Suica) for regular non-Shinkansen transit. In this case the cross region solution is easy and acceptable to all JR companies because each transit card issuer owns the SF purse, in this case JR Central. The same applies to JR East when issuing the same commute pass route for Suica. The same scenario would likely be acceptable to all Transit IC companies, sharing a common physical card as a common container for their data, but only if the SF purse ownership was clearly defined as it is in totra Suica so it works on the reader side: this is Suica SF, this is a ICOCA SF, etc., otherwise the reader doesn’t know which one to use.
In other words, let’s 2 in 1 and all-in-one for the shared resources like points, commuter passes and special discount fares for elderly and disabled users, but the SF purse is not shared for 2 in 1 or anything else. Common data format, yes. Common shared SF purse, no. At the end of the day you can’t have a Suica and a PASMO on the same card as the reader won’t know which one to use. We’ll see if Extended Overlap and Value-Limited Purse solves this wanna have cake and eat it too Transit IC dilemma. Sony is now shipping FeliCa Standard SD2 antenna module chips for the reader side of the equation so readers will be getting smarter and evolve too. That’s how I see it for Suica all-in-one, Transit IC and mobile, a gradual evolution.
This has implications for Mobile FeliCa features such as the Japanese Government My Number Digital Card and UWB Touchless digital car keys. Mobile FeliCa 4.0 and later on Pixel devices indicate the ability to upgrade FeliCa JAVA Card applets and even Mobile FeliCa itself. Whether Android device makers will actually use this OTA ability is a mystery. To date the standard industry practice has been if you want new features, you buy a new device.
And then there is Apple. iPhone 7 JP models that support Suica do not support PASMO, UWB is only available on iPhone 11 and later, and so on. There is no guarantee that Apple will update, say iPhone 11 models, for UWB Touchless, Mobile FeliCa My Number Digital cards or even Suica 2 in 1, if and when the format comes to Mobile Suica.
We’ll see what FeliCa Dude has to say about the all-in-one subject, hopefully in a future Reddit post. It may take a while but worth the wait.
UPDATE I’m sticking with Super Suica. Yanik’s All-in-one take is a great name focused on the 2 in 1 card architecture that fits all of Transit IC on a single card. My Super Suica take is a wider set of developing platform initiatives. Yanik’s feedback was valuable in forcing me to review my posts and define Super Suica as a platform, I thank him for it.
The ICOCA IC fare region extensions that went into effect March 13 have opened up some interesting transit possibilities. ICOCA has a 200km travel limit but the exit gate fare is calculated by the shortest route possible. YouTuber yasu who specializes in finding convoluted transit IC travel options, posted a video that details his very long transit from Kyoto to Osaka in three sections as a single trip using Apple Pay Suica.
Yasu points out that this ‘over the limit’ travel is covered in section 16 of the ICOCA terms and conditions and his trip is not breaking the rules. He contacted JR West before the trip and they confirmed this is possible and not breaking the rules, but this kind of loophole can disappear in the wink of an ICOCA system update.
It’s a 40 minute video but has great scenery and JNR era diesel-electrics still in service on the Bantan line with distinctive traction motor sounds, sights and sounds that are disappearing fast, captured like an O. Winton Link recording. The food at Himeji station also looks delicious. If I was still living in the Kansai, I’d gladly spend a day traveling this route on a single ¥570 Apple Pay Suica fare. It would be a fun journey.
UPDATE 4-15: Apple Pay Clipper launched April 15, digital card issue in Wallet and plastic card transfers are supported with matching real-time transit info in Apple Maps. Interesting details: (1) iPhone 8 or later with iOS 14.3, or Apple Watch Series 3 or later with watchOS 7.2 or later, (2) Adult, Youth, Senior, and RTC Clipper cards can be transferred, (3) in order to use Clipper with Apple Pay on SFMTA cable cars and other transit services using handheld card readers, all customers must authenticate with Face ID, Touch ID, or passcode (sounds like those handheld readers need a serious upgrade). Download Clipper App from the App Store.
Apple announced Clipper Card for Apple Pay today on a special page, Apple Pay Express Transit is finally coming to Apple’s San Francisco Bay Area home turf. Clipper is due to launch on Google Pay the same time. There are few details other than it works on all Bay Area transit and since open loop isn’t a thing there, it will be the same MIFARE card on Apple Pay that we saw with SmarTrip, TAP and HOP.
Unfortunately the Apple Pay Clipper image does not show an ‘Add Money’ button, it’s on a reader after all. Apple carefully crafts images to show card features. To me Apple not including an image showing the ‘Add Money’ button could mean that users reload/recharge the Clipper stored fare card balance with an app, like Apple Pay Ventra and Apple Pay HOP, instead of directly in Wallet like Apple Pay SmarTrip.
This could be a problem for Apple Watch users as they would have to use an iPhone Clipper Card app to reload and basically chains Apple Watch to iPhone. A Clipper app doesn’t exist yet but has to be in place on iOS and Android for a mobile Clipper service.
Some transit agencies stupidly keep the recharge backend locked in their app instead of leveraging the convenience of Apple Pay Wallet reload which makes the digital transit card less flexible and useful than it could be.
Let’s hope for the best launch day outcome. Meanwhile Apple Pay Suica remains the first and best implementation of a native mobile transit card on the Apple Pay platform, the best role model for a transit company to follow.
UPDATE 2-23 Good news. Apple Pay Clipper testers report on Reddit that direct Wallet reload/recharge is supported. Apple Watch transit users can rejoice. Both plastic Clipper card transfer and direct Clipper card creation in Wallet are supported and just like Suica transfer, the plastic card cannot be used afterwards. Could be a iOS Clipper app won’t be necessary for basic housekeeping after all.
UPDATE 2-18 There were a number of interesting and thoughtful Twitter threads in connection with the Apple Pay Clipper announcement.
> lordy if only we had suica in north america
>> Imo, successes like Suica is a testament to solving back-end issues (fare integration, product partnerships beyond transit, UX) and using the front-end tech to unleash full potential…Apple/Google Pay for local transit cards in the US is just not that level of breakthrough
> Yeah, exactly; the frontend technology can only be as useful as the backend system allows.
It’s heartening to discover comments that ‘get it’, that is a great mobile transit platform leverages a great front-end to unleash the potential of back-end while adding new services and product partnerships beyond transit. If only North America had Suica indeed, folks would really enjoy Apple Pay Express Transit for purchases too.
I know you’re on the closed loop side of this but imo it depends on relative power of transit vs. credit cards. In Japan CCs are not as popular so Suica was ready to take over contactless (and back integrating into CC top-up. In London both are popular so they got both…but most in US don’t use transit enough to justify a top-up card, so I’d prefer NY’s open loop over SF asking frequent travelers to switch from Clipper to Apple Pay Clipper, despite all the limitations in riding experience.
Popularity doesn’t matter, solutions matter. For years London TfL used EMV open loop in an attempt to get rid of Oyster cards but open-loop cannot replace closed-loop cards, only complement them. So now we have open-loop 2.0: EMV closed-loop cards that hide the slow and dumb limitations of a EMV front-end with a beefed up back-end. This is the Cubic + Mastercard transit solution coming to Cubic managed transit fare systems near you. Enjoy.
You must be logged in to post a comment.