mobile myki madness

If I had an Australian dollar for every online complaint of Mobile myki, the mobile version of Public Transport Victoria’s (PTV) myki transit card in the Melbourne region, I could probably purchase a nice bit of property there. Reddit forums regularly erupt with mobile myki mind melting nonsense, invariably bashing Apple for refusing to put myki in Apple Pay because Apple ‘doesn’t support HCE’ or because they charge a ‘30% commission’. Neither of them true. myki is MIFARE which has never used HCE and Apple Wallet already supports lots of MIFARE transit cards.

The whole HCE thing is a straw man anyway: embedded secure elements (eSE) are standard on NFC smartphone chips these days. The reason why Île-de-France Mobilités (IDFM) chose HCE for Smart Navigo on Android for example, had nothing to do with Android devices lacking an eSE, it was simply that IDFM didn’t want to deal with Android manufacturer ‘gatekeepers’. Imagine the nightmare of asking every Android manufacture to issue firmware updates for older devices to support Calypso on the eSE. There was no chance in hell they would listen or do it for free, so IDFM and Calypso spent a lot of time and money creating a special HCE version of Calypso, that doesn’t support Express Transit Mode, just for Android (but not for Samsung Pay devices which use native eSE and support Express Transit Mode).

Why IDFM and Calyspso did this is all you need to know about the chaotic mess that is Android NFC. When Smart Navigo comes to Apple Wallet later this year, it will run on iPhone 8/Apple Watch 3 and later without a hitch in full Express Transit Mode glory because firmware, eSE and software are upgraded in a single iOS update. That’s the advantage of having a good gatekeeper who’s on the job.

As for the 30% commission straw man, Apple Pay doesn’t ‘charge a commission’ for using transit cards, they only take a negotiated commission when a credit card is used to add money to the transit card. Why PTV and Apple haven’t reached an agreement yet is a mystery, but judging from myki user complaints, the mobile myki backend system might not be up to Apple’s user experience high-bar. And the myki system is about to get much more complicated: PTV is hitting the reset button.

Open loop envy
PTV has Opal open loop envy and want EMV contactless cards to replace most of myki. This is certainly doable but there is the issue of the native MIFARE myki already on mobile. Oyster and Opal cards are MIFARE too but those systems added EMV contactless support as the foundation for ‘mobile’, relegating MIFARE as legacy plastic. By doing this they offloaded the card issuing operation to VISA/Mastercard/AMEX card issuers, who already have digital card systems in place and agreements with digital wallet operators. myki having come this far with mobile however is going to be a real juggling act, can PVT, or whoever wins the service contract, keep all the service balls in the air while going forward?

There is also the problem of Express Transit Mode support. Look carefully at Apple Express Transit Mode small print and you’ll notice that mobile EMV and mobile MIFARE transit card Express Transit Mode don’t coexist on the same system. It’s one or the other, never both. I suspect a smart Express Mode that chooses the right transit card for the job depends on smart modern transit gate reader hardware with the latest firmware and updated backend software. Getting the latest, greatest transit gates/readers installed takes time and money. Mostly money. Buckle up myki users, it’s going to be a bumpy ride to mobile transit card nirvana.


Apple Wallet Express Transit Mode is basically limited to native transit cards

Japan asks Tim Cook for Digital My Number ID Apple Wallet support, Cook hedges with privacy concerns

Tim Cook’s high profile public visit to Japan closed on a high point: a sit-down with Prime Minister Kishida. Media reports of their discussion at the time were vague, as usual, but one item did pop up, PM Kishida asked Tim to get the Digital My Number ID (Individual Number Card) on Apple Wallet. Apple has been ‘in discussions’ with Ministry of Internal Affairs and Communications (MIC) since at least 2020. The Android version of Digital My Number card was due to launch in 2022 but is now set to launch on 2023-05-11, this after many delays.

This is what so many so called “tech reporters” neglect to say when they criticize Apple as being ‘closed’, implying that Apple is causing the launch delay: how can we expect it to work on iPhone Wallet when the MIC can’t even get it working on ‘open’ Osaifu Keitai Android? As previously outlined, I think we can expect Digital My Number in the iOS 17 cycle later (much later) in the cycle rather than launch time, though we could see a mention at the September 2023 Apple Event. Late spring or early summer 2024, say WWDC24, should be the best timing for My Number ID card in Wallet. There is one little problem however…

All bets are off if Japan tries to force Apple into ‘opening’ iPhone to 3rd party app stores; we can forget about My Number ID in Wallet. That’s the card Tim Cook played with PM Kishida at the climax conclusion of his and Greg Joswiak’s week long, hastily cooked, Japan PR tour that smelled of self-interest instead of sincerity. The sudden love-fest visit after years of taking the Japan market for granted was a setup. MacRumors Juli Clover covers the bases of the situation outlined in the Nikkei report who quote the usual unnamed sources. Nikkei’s last big story of 2022 fit nicely with the ‘Apple doesn’t want to put digital My Number ID iPhone’ narrative they pushed throughout the year. It will be interesting watching the choices the Japanese government makes in 2023: digital My Number ID in Wallet, or 3rd party app stores. Apple has made it clear that Japan can’t have it both ways.


Previous coverage: Digital My Number on track for Android 2022 launch, Apple Wallet due in 2023
The Ministry of Internal Affairs and Communications (MIC) digital version of My Number Card (Individual Number Card) is on track to launch in 2022 (October-ish?). The latest MIC Work Group PDF document has a full outline of the digital My Number system and the various services the Japanese government plans to link with it. In late 2020 MIC said they were ‘in discussions’ with Apple to bring digital My Number to Wallet and this has not changed. Nikkei reporter Mayumi Hirosawa saw a chance to grab some eyeballs and published, The My Number iPhone Wall, a typical Nikkei ‘article’ of lazy, subjective, puerile observations angled as big bad Apple, but nothing new.

Meanwhile Yasuhiro Koyama’s online article on Keitai Watch is far more interesting and informative. MIC official Takashi Uekariya, the goto My Number digital guy, says the MIC and Apple are ‘working hard’ to bring digital My Number to Apple Pay Wallet, and that because Apple locks down new iOS features far in advance, timing wise it looks like iOS 17 in fall 2023 is the likely target for My Number on Apple Wallet. It would be nice though if Apple could surprise us later on in the iOS 16 release cycle, always good to raise the bar and deliver above expectations.

Looking at the larger picture, MIC documentation clearly states that My Number digital card requires a GlobalPlatform embedded Secure Element (GPSE) device, and that except for a small amount of SIM Free Android junk, most smartphones sold in Japan (both Apple and Android) are GPSE certified. An interesting sidelight is that ‘FeliCa chip’ Osaifu Keitai Android devices will support My Number NFC-B transactions. Going forward that means nobody in Japan will buy a device without a GPSE that doesn’t support My Number digital card and the associated banking services that will link to it. Kiss HCE goodbye.

Foreign VISA cards blocked for select Japanese in-app and online payments

Notice: latest situation updates here

SoftBank Payments network chart

When foreign issue VISA cards in Wallet stopped working for Apple Pay in-app Suica and PASMO recharge on August 5, the first people to howl in pain were Apple Pay PASMO users who suddenly couldn’t recharge with their Chase Sapphire VISA cards. Chase Sapphire still codes for 3x travel points with a PASMO recharge and long time resident Suica users migrated to PASMO when JR East and VISA shut down 3x travel points in May 2021.

I did the usual duty of talking with Mobile Suica support, official line: there should be no problem, contact the card issuer. I then contacted Wells Fargo card services support, official line: there should be no problem with your VISA, contact the merchant. Entirely expected of course but I did confirm that Mobile Suica transaction attempts were not even showing on the Wells Fago system. They said it seems to be a ‘communications issue’… code word for: something’s not right on the merchant transaction authorization side.

I suspected a larger issue than just Apple Pay and an Android Suica user confirmed the same non-JP VISA problem with Google Pay Suica. I also alerted IT journalist Junya Suzuki who focuses on mobile payments. His first thought was something might be going on with the VISA Japan merchant acquirer side of the payment network. For reference, the merchant acquirer handles transaction authorization from the merchant side, ‘this transaction is clear to send to the card issuer.’ The issuer then clears the transaction with the customer account, ‘this customer is good to pay for this charge.’

Merchant acquirers are very secretive and nobody knows who is the merchant acquirer is for Mobile Suica/Mobile PASMO. Maybe they were tightening online transaction security…or something else. Everything was clear as mud though a well placed source did say this:

An acquirer made the decision stopping handling cards issued in other countries… Another guy suggests Apple or such acquirer may face money laundering issue by registering Apple Pay with pre-paid Visa cards or such.

In addition, that means JRE doesn’t know what’s happening on this problem.

A reader asked me if Japan was banning non-JP VISA cards across the board along with a screenshot of Universal Studios Japan advance ticket sales page with a red colored important notice on the top that said: “We apologize that currently Visa and Mastercard credit cards issued outside Japan are not available until further notice.”

This points to a larger problem than just Mobile Suica and PASMO. The USJ wording also suggests that JTRWeb have their hands tied ‘until further notice’ and echos what JR East PR told Suzuki san about the non-JP VISA recharge problem being beyond their immediate control. Something seems to be happening with the VISA merchant acquirer…but in different highly selective ways. For example why does foreign issue VISA work for Apple Pay in-app purchases with Japanese apps like Starbucks, but not in-app purchase with JR East for Suica recharge?

Security and Apple Pay Enhanced Fraud Prevention
It’s helpful to examine the impact of phishing attacks that hit NTT Docomo, Line Pay, PayPay and other QR code mobile payment services in late 2020, and JR East online services (Mobile Suica, JRE POINT, Eki-Net and VIEW card) in early 2022. Responses to phishing attacks were varied and vague. Companies like to say they value customer security but are short detailing what they’re doing because nitty gritty details hashed out with the card brands and merchant acquirers are secret non-disclosure territory.

Japanese credit card issuers responded by upgrading to EMV 3-D Secure v2 (3-D stands for three domains: merchant/acquirer domain, the issuer domain, and the interoperability domain), for non-digital wallet browser and mobile app payments. EMV 3-D Secure is the EMV e-commerce browser and app authentication tokenization spec with card brands using their own naming and handling the merchant support. It’s important to understand that EMV 3-D Secure has nothing to do with Apple Pay, Google Pay, Samsung Pay and similar digital wallets who have their own tokenization. However, Apple Pay has been making some changes to enhance online and in-app security.

Apple Pay quietly launched Enhanced Fraud Protection in April 2022 when Apple Cash was upgraded from Discover to VISA brand debit card. The updated Apple Pay and Privacy text included a new section:

For cards with certain enhanced fraud prevention, when you attempt an online or in-app transaction, your device will evaluate information about your Apple ID, device, and location if you have enabled Location Services for Wallet, in order to develop on-device fraud prevention assessments. The output of the on-device fraud prevention assessments, but not the underlying data, will be sent to Apple and combined with information Apple knows about your device and account to develop Apple Pay transaction fraud prevention assessments. These transaction fraud prevention assessments may be shared with your payment network, together with a shipping address identifier and IP address if available, in order to prevent fraud at the time of transaction. The shipping address identifier differs per payment network and may be used to confirm whether shipping addresses for different transactions using a particular card on your device are the same in a way that does not reveal the underlying address. You can check whether a card has this enhanced fraud prevention at any time by going to the back of your payment credential in Wallet. To prevent the sharing of fraud prevention assessments with your payment network, you can select another card.

Apple Pay & Privacy

This means that Apple Pay ‘might’ share iPhone/Apple Watch location information when making online or in-app purchases. So far VISA cards are the only ones that have Enhanced Fraud Protection but it doesn’t seem an across the board change for all VISA issue cards and depends on the issuer. My Wells Fargo VISA card for example doesn’t show any sign of enhanced fraud prevention in Wallet app card details.

Does enhanced fraud prevention have anything to do with Apple Pay Suica and PASMO recharge not working for foreign issue VISA? I suspect not but it’s an important background development because: 1) it’s limited to online and in-app purchases, 2) VISA pushed for these ‘fraud prevention assessments’ so they could obtain device location information and more. VISA pushing this agenda could be causing issues on the merchant acquirer side.

The VISA open loop power play
So we circle back to foreign issue VISA use in Japan again. Why are cards cleared for Apple Pay, cards that worked fine until August 5, suddenly not working? JR East support says it’s not o them: all credit and debit cards that support Apple Pay in-app purchase are good to go. They certainly want inbound visitors to use Suica. Evidence points to a transaction authorization change on the VISA merchant acquirer side. Everybody else seems to be doing what they always do.

The timing is perfect however when you also consider that VISA is heavily promoting ‘VISA Touch’ EMV contactless and open loop transit in Japan as a challenge to the home grown FeliCa based Transit IC card system. It’s very convenient for VISA Touch open loop marketing purposes when Apple Pay Suica and PASMO are kneecapped as easy payment and transit options for inbound visitors.

VISA has a history of not playing nice with Japanese stored value cards on mobile. Japanese issue VISA cards didn’t work for Apple Pay in-app purchases and Suica recharge until May 2021, VISA waited 5 years to ‘resolve’ that issue. VISA cards still do not work with Mobile WAON and Mobile nanaco on Android and Apple Pay, they likely never will. My take is that VISA is happy with people buying things with VISA, they are certainly happy with people borrowing money at ATM machines with VISA, but they are not happy with people using VISA to move money into stored value prepaid cards for making payments, earning points, etc., that are not VISA.

One thing is for sure, VISA has played hardball with Apple Pay in the Japanese market before, maybe they are doing so again and refuse to be an ATM-like recharge backend for Japanese e-money cards…unless they also get ATM-like lending rate transaction fees. They certainly want to promote open loop VISA Touch and Stera Transit at the expense Mobile Suica market and mindshare.

Junya Suzuki thinks the VISA merchant acquirers might be coming under pressure from potential money laundering risks. I say bunk, after all we’re only talking a max Suica balance of ¥20,000 here. Whatever the reason let’s hope it is fixed, though I have learned over the years that card brand payment issues are never simple or solved quickly. Time will tell. At the very least we can mark this down as another skirmish in the ongoing digital payment turf wars.


2022-12-03 UPDATE
JR East updated the entire JR East credit card system with a series of special maintenance downtimes in November 2022. The work covered everything connected to credit card purchases: JR East station kiosks, VIEW ATMs, Mobile Suica, Eki-Net, etc.

After the last scheduled overnight maintenance session on November 30~December 1, a few select foreign issue VISA cards started working again for Apple Pay Suica and PASMO recharge but everything stopped again 2022-12-03. The VISA in-app block continues. JR East has also scheduled special Mobile Suica credit card system maintenance for March.

iOS 16 Apple Pay and Wallet Fine Print Features

iOS 16 doesn’t have many big new flashy features. There is the Dynamic Island for iPhone 14 Pro, which I would love to have but I’m holding on to my iPhone 13 for another year…or two. Fortunately there are plenty of nice refinements for the rest of us without the latest greatest iPhone hardware, Apple Pay and Wallet are no exception. The full list is on the New features available with iOS 16 page. As usual the iOS 16 and watchOS 9 pages for each country are edited to reflect available, or coming soon, “Key Features and Enhancements” for the region balanced against the full spec USA feature set.

An interesting thing about iOS 16 Apple Pay and Wallet is that not all the listed features apply to regular users…at least not at first. Some are behind the scenes stuff for merchants and developers that will take time to land in our Apple Pay Wallet as features we can use. Let’s take a quick look by breaking down the categories.

1) General improvements (for everybody)
Quick access menu: a handy new shortcut menu for all Wallet cards and passes via tapping the More button. The menu varies according to the card feature set. Transit cards like Suica have the most, payment cards without notifications (all Japanese issue payments cards) have the least. It’s a nice tweak most useful as a fast way to toggle individual card notifications on and off. Zollotech posted a video that covers quick access menus for Apple Card and Apple Cash along with an overview of iOS 16 Apple Pay and Wallet option settings.

Apple Pay Order Tracking: announced at WWDC22, this new Wallet button sitting next to the ‘Add’ button seems like a no-brainer: when I order something with Apple Pay I get automatic tracking…nice but I wonder how it will play out. Apple Store app for example already has robust tracking and accepts Apple Pay, so do a lot of other apps. Will they remove the function from their app, offer choice between in-app or Wallet order tracking, or something else? Either way it will be a while before we see merchant updates.

2) Digital key features (for most markets): iOS 15 was the Apple Pay and Wallet upgrade that set the course for the next few years with keys and ID. The iOS 16 improvements are about making adding a key and family sharing easy. Hotel keys are now sharable like car and home keys, gotta let the kids have access and all…though I suspect office keys remain on the un-sharable list.

Key sharing (coming with an update later this year): in addition to Messages and Mail, 3rd party messaging apps such as What’s App will support key sharing. In Japan the only 3rd party messaging app that matters is Line. iOS 16 looks to be the breakout year for keys in Wallet.

Add keys from Safari: more important that it might seem at first, there are plenty of uses for loading a key into Wallet from a time sensitive Safari web page link instead of the usual time wasting mess of downloading an app, creating an account, making a reservation, etc. You know the drill. Digital key issue remains a complex thing that usually requires an app with an account to securely issue a mobile key remotely with set limitations (time, area, etc.). Hopefully adding keys in Safari gives developers easier service options, but connecting identity with access remains a challenge.

It’s important to note that issuing digital keys is only one step of the complex process that allows guests to bypass the front desk. Apple’s announcement certainly does not spell the end of the hotel app as we know it…

It’s a big step toward streamlining a process that has, until this point, prevented many guests from using their phone as a digital room key. But, Wallet only solves one segment of the end-to-end operation required to get a guest checked in and room access issued. The bigger issue is connecting identity with access, which requires many more steps beyond issuing a key.

How Apple’s Newest Features Will Affect Hotel Check-in

The solution to this is the new iOS 16 ID in Wallet features for apps in the next section.

Multi-stay hotel keys: if you stay in the same hotel chain on your trip that already supports Wallet hotel keys, you might have the opportunity to use this feature where you load one hotel key into Wallet that works across all your reservations. Like order tracking I think this one will take time for the major hotel chains to get onboard, and of course the devil is in the check-in/activation details.

Easy device migration for keys: I assume this refers to the Previous Cards Wallet category that came with iOS 15. The iOS 16 features page text blurb suggests a possible UI tweak, but I don’t have any key to test. We’ll have to wait and see.

3) ID in Wallet features (USA only): the next big step for ID in Wallet after getting them out the door is app support. This is where digital ID moves beyond airport TSA security checks and becomes really useful.

ID cards presented in apps and Verify your identity in apps sound exactly the same so you have to read the fine print carefully. ID cards in apps describes 2 specific pieces of information: identification and age, validated by Face/Touch ID. Taking a wild guess, there are plenty of account registrations that only need to confirm your identity and age as part of a signup process. Digital ID can vastly simplify the process.

Verify identity in apps describes ‘verified information’, i.e. more than just ‘I am this person, I am xx years old’. The iOS 16 pages shows a car rental app confirming a user’s driver license status and driving privileges. This has a lot more use (and abuse) potential. The hotel app and key issue verification problem mentioned earlier is exactly what digital ID in apps can help solve. MaaS apps are another example where verification is essential for offering special discounts for seniors, locals, inbound visitors, etc. Reliable, secure and universal digital ID would solve a lot of service problems, but privacy, how does the app use digital ID information, how long is it stored, etc., is always a concern.

Apple Pay features for merchants and developers: It’s a little strange that Apple is listing Merchant tokens and Multiple merchant support on the feature page. These are backend additions to PassKit and it will take time for merchants and the developers they employ to implement them. Both of these expand the Apple Pay experience. For me merchant tokens is the more powerful feature, one that enable reoccurring and auto-reload payments. It could be a boon for subscription services and much easier auto-recharge in apps and transit cards like Suica and PASMO. Auto-recharge is one of my favorite Apple Pay Suica features and it would be great if JR East freed it from the shackles of Suica App and View Card and added Apple Pay auto-recharge.

4) Apple Pay Services (for the USA): aka longtime USA only services: Apple Cash and Apple Card with the new addition of Apple Pay Later…coming later this year. All of these fall squarely in heavily regulated banking services, so don’t expect them to expand beyond the USA any time soon. The iOS 15.5-ish rebranding of iTunes Pass into Apple Account card, now with Wallet reload in iOS 16, should expand more quickly.

As with all recent iOS releases, the fun features comes later on in the life-cycle. I’ll update this post as with new information as the iOS 16 Apple Pay and Wallet story unfolds. Until then have a happy cashless, er, you know what I mean.