In the Apple Pay monopoly debate context is everything

John Gruber did everyone a favor outlining some of the stakes at play in the remarkably glib, “Remarks by Executive Vice-President Vestager on the Statement of Objections sent to Apple over practices regarding Apple Pay.” The objections are annoyingly vague and refuse to specify how Apple Pay stifled competition and innovation:

(The) Digital Markets Act will…require companies designated as gatekeepers to ensure effective interoperability with hardware and software features they use themselves in their ecosystems. This includes access to NFC for mobile payments.

Today’s case addresses a conduct by Apple that has been ongoing since Apple Pay was first rolled out in 2015 <sic, 2014 actually>. This conduct may have distorted competition on the mobile wallets market in Europe. It prevented emergence of new and innovative competition that could have challenged Apple.

Mark Gurman and Jillian Deutsch at Bloomberg also did everybody a favor unmasking PayPal as one of the instigators behind the EU Commission Apple Pay investigation. Yes, that PayPal…the financial service that snuffs out user accounts whose politics they don’t like, or worse just seizes their money.

Both pieces miss important context surrounding the debate however…and with this issue context is all, especially how Apple Pay is playing out in other global markets. Most of what follows I’ve covered in earlier posts but hope to pull the various issues together in one post. Yet again, we kickoff with an updated Apple Pay diagram.

‘Open’ NFC, gatekeepers and secure element wars
Europe has been calling Apple Pay unfair since the very beginning, with many EU member banks holding out as long as they could. German banks only joined Apple Pay in December 2018 when Vestager was already actively seeking Apple Pay complaints. Less than a year later Germany passed a bill to force Apple to ‘open’ their NFC chip. Australian banks tried the same in 2017.

The so called Apple ‘NFC chip’ is not a chip at all but a hardware/software sandwich. The Apple Pay ecosystem described in iOS Security is a collection of tightly integrated polished pieces: Secure Element, Secure Enclave, NFC Controller, Wallet and Apple Pay Servers, all wrapped into a slick, easy to use UI with a final security wall of ‘secure intent’, a double-click side button hot-wired to the Secure Element. This approach has been so successful that people divide mobile payments history into pre-Apple Pay and post-Apple Pay eras.

NFC has been on Android far longer than iPhone, and ‘open NFC’ at that, but is far less successful capturing mobile payment users than Apple Pay. This is because Android device manufactures made the classic mistake of taking the ‘let’s take awesome NFC technology and figure out how we’re going to market it’ approach. Jennifer Bailey’s Apple Pay team choose the hyper focused Steve Jobs approach of starting with the customer experience and building backwards while asking: “what incredible benefits can we give the customer, where can we take the customer?” That choice made all the difference.

Apple Pay has a very simple rule: any card that loads a Java Card applet into their embedded secure element (eSE) has to reside in Wallet app. The maximum number depends on how many Java Card applets it can hold at any one time, the previous limit was 12, the iOS 15 Wallet limit is 16 cards. Developers have two ways to access iPhone NFC: 1) Core NFC framework for NFC operations that don’t use the secure element, 2) Secure Element pass certificates for NFC operations that need secure element transactions (payments, keys, ID, passes). Any developer who wants to run applets in the eSE has to apply for a PassKit NFC/Secure Element Pass Certificate. This is covered by NDA but a company called PassKit (not Apple) gives us an idea what Apple’s Secure Element Pass guidelines are:

Apple care a great deal about the user experience. Before granting NFC certificate access they will ensure that you have the necessary hardware, software and capabilities to develop or deploy an ecosystem that is going to deliver an experience consistent with their guidelines.

The end to end user experience, the whole reason behind the success of Apple Pay. But this gatekeeping is what riles banks and financial service providers who want to load their applets into the secure element without the Apple Pay gatekeeping, without the Apple Pay ecosystem and without the Apple Pay commission. They want to do their own transactions with their own app for free. This is what the EU Commission means when Vestager says: “Evidence on our file indicates that some developers did not go ahead with their plans as they were not able to to (sic) reach iPhone users.” It should read: when they were not able to reach iPhone users for free. Either the developer didn’t apply for a Secure Element Pass, didn’t pass the certification process, balked at Apple’s certification conditions, or couldn’t agree on Apple Pay commission rates.

Secure element gatekeeping is not new, it is an essential part of the secure element system:

A Secure Element (SE) is a microprocessor chip which can store sensitive data and run secure apps such as payment. It acts as a vault, protecting what’s inside the SE (applications and data) from malware attacks that are typical in the host (i.e. the device operating system). Secure Elements handle all sorts of applications that are vital to our modern digital lives…

Mobile Payments
Here, the Secure Element securely stores card/cardholder data and manages the reading of encrypted data. During a payment transaction it acts like a contactless payment card using industry standard technology to help authorize a transaction. The Secure Element could either be embedded in the phone or embedded in your SIM card.

Lifecycle management
It’s crucial that SE-embedded devices are secure throughout their lifecycle. That’s why Secure Elements need to have an end-to-end security strategy. It’s no use developing a robust security solution for a device which becomes obsolete after a period of use. This is why Secured Elements can be updated continuously to counter new threats.

What is a secure element?

Few people, especially a PayPal or EU Commission vice president, discuss the crucial secure element lifecycle management aspect. It’s not convenient for them to say the secure element ‘gatekeeper’ is responsible for keeping it secure. Far more convenient for their arguments to omit this, portray gatekeeping as unnecessary and gatekeepers as evil. In the end however, Apple has to maintain secure element updates from the various licensed secure element providers (EMV,FeliCa Networks, MIFARE, and so on) if secure payments are going to work at all This is what people who say, ‘it’s my device, we should be able to use NFC how we want,’ do not understand.

People also forget that nothing is free, you get what you pay for. With Apple Pay as gatekeeper, users get simplicity, innovation and feature updates. Simplicity: users get NFC they can use out of the box without Android-like NFC complexity such as secure element positions and obscure express mode settings.

Innovation: Apple Pay has features like Global NFC. iPhone and Apple Watch are the only smart devices that come with FeliCa built in as standard to use in Hong Kong or Japan, while Android limits functionality by market region. It’s astounding that Android, not even Google Pixel Android, has matched this basic functionality yet. We’re seeing more innovation as Ultra Wide Band (UWB) extends Wallet functionality to include ‘Touchless’ car keys and eventually, UWB enhanced automatic card selection as you approach the reader; more helpful than you might think.

Feature updates that, ‘just work’: the recent seamless Apple Cash switch from Discover to VISA, PBOC 2.0 flavored China T-Union transit cards, MIFARE Student ID, or the addition of in-app purchases and dual mode NFC for Japanese VISA card users when VISA JP finally buried the hatchet with Apple.

And the lesson? Apple Pay changed everything in the Japanese payments market, a catalyst that opened up competition and payment choices, for everybody. All boats rose together. It’s one of the most vibrant payment markets that Apple Pay operates in.

Japan is key to understanding what’s really going on in the Apple Pay monopoly debate. Japan was the first market with an established mobile payment platform in place, long before mobile EMV contactless payments took off in Europe. iPhone also has a much larger marketshare in Japan than it does in Europe. It’s a shame people pass up the opportunity to learn from the successes and failures here.

So what’s the EU Committee vision for ‘open NFC’? I think it’s a rehash of the secure element wars when carriers locked mobile payment services to SIM contracts. In 2013 Google incorporated SimplyTapp HCE (Host Card Emulation ‘secure element in the cloud’) technology as a NFC ‘workaround’ to ‘free’ NFC from the evil clutches of mobile carriers. Sound familiar? Android NFC has never been right since.

How little things change, swap ‘evil mobile carriers’ for ‘evil Apple’ and you have the same self serving ‘open’ vs ‘closed’ NFC chip nonsense that people are debating today. FeliCa Dude, the ultimate industry insider who has experienced it all, said it best: ‘It’s all eSE or nothing now.’

And yet we now have Île-de-France Mobilités (IDFM) turning back the clock, circumventing the eSE on NFC equipped Android devices and going all in with HCE for IDFM’s Smart Navigo service for Android. To me this says all you need to know what European priorities are regarding the ‘open NFC’ model: eliminate eSE gatekeepers by forcing the less secure network dependent HCE as a required option. Good luck with that. From a transit perspective, based on Mobile Suica user experiences, I don’t think HCE Smart Navigo will be a smooth ride.

The EU Committee ‘open NFC’ vision might look ideal…to Apple Pay competitors. Regular users however, will have to deal with the ugly reality of multiple NFC apps, multiple NFC secure element modes and clashing updates that cancel out NFC services. Apple Silicon eSE space is limited to 16 cards. If that sounds like a lot now, wait until you have credit cards, transit cards, home, car and office keys and ID installed along with ‘open’ NFC apps wanting their own eSE space too. Services will be squeezed out forcing the user to intervene. If the EU Committee thinks this environment fosters competition and innovation while growing mobile payment use, dream on.

Japanese tech journalist Junya Suzuki has covered NFC mobile payment developments in Europe, America and Japan for over 2 decades. He doesn’t think the EU is playing an even hand here, in his opinion Samsung and Huawei would never face the scrutiny that Apple now faces. In typical European cultural fashion, EU motives pay lip service to fair open markets while playing an underhanded game of chess to make Apple do what EU banking interests want Apple to do. In other words, a double standard.

What does Apple need to do?
I’ve always said that Apple needs to make the Secure Element Pass application process as transparent as possible. Keeping the blackbox NDA process as it is now makes Apple Pay a target, increasingly difficult to defend the status quo. Secure Element access on the level of Core NFC is a long shot, the very definition of a secure element means there has to be a developer certification process similar to EMVCo, FeliCa Networks, MIFARE, Calypso Networks Association, etc., that protects the privacy and business interests of all parties. But it would be great if there is a middle way where Apple can securely open things up for iPhone as a digital wallet, and iPhone as a payment terminal. We’ll see if Apple has anything to say about the subject at WWDC22.


Recommended reading: Ruimin Yang’s wonderfully detailed analysis, “Apple Pay monopoly, are we really comparing ‘Apples’ with ‘Apples?“outlines the entire Apple Pay system architecture, how it compares to other digital wallet platforms, (Google Pay, Samsung Pay) and what ‘open vs closed’ means in the ‘Apple Pay is a monopoly’ debate.

How much will Smart Navigo HCE suck?

It’s interesting parsing app reviews that say ‘this app sucks’. How does it suck and why? As I’ve said before, the overwhelming negative App Store reviews for Suica App are less about the app and more about lousy carrier auto-connect • free WiFi connections messing with the Mobile Suica recharge function. Most users see Suica App as the software that controls everything Mobile Suica AND iPhone NFC hardware. It does not of course but people dump all blame on Suica App anyway.

It’s a complete mystery why people even bother using Suica App when so much Mobile Suica functionality is built in Apple Pay Wallet right out of the box. Nevertheless it’s safe to conclude that Suica App user angst is network related. People assume the WiFi and cellular icons at the top of the iPhone screen indicate a healthy internet connection, which they decidedly do not.

Most of what Mobile Suica does is done without an internet connection. The only time it needs one is recharge time with a credit card in Apple Pay Wallet app or Suica App. All that complaining over one Mobile Suica feature however, tells us something important about WiFi and cellular internet connections in station areas and on trains: they suck. Despite ubiquitous cellular and WiFi coverage, reliable internet is notoriously fickle in those famously busy Japanese train stations. This is the real reason behind all those ‘this app sucks’ Suica App reviews.

Which brings us to Smart Navigo, the Île-de-France Mobilités (IDFM) Paris region transit card for mobile that is going wide on Android smartphones this year. IDFM has spent a lot of time and expense working with Calypso Networks Association (CNA), the transaction tech used for Navigo, to implement the less secure network dependent Calypso HCE ‘cloud’ secure element approach as the default mobile transit tech for Android devices in 2022.

It is very unusual that IDFM chose HCE as their go to mobile strategy on Android when the more secure hardware embedded secure element (eSE) is standard on all smartphone NFC devices, and does the job without internet connections. HCE is very different from eSE in that both NFC smartphone and the reader need a connection to talk with a server. HCE was also conceived for leisurely supermarket checkout, not the challenging transit enviroment. How does Calypso HCE compare to the network-less eSE experience? CNA says:

For security reasons, transactions using the personalization key or the load key are not possible through the NFC interface, and must be done with a secure connection to a server.

Only the Calypso debit key is stored in the HCE application for validation on entrance and control during travel, coupled with a mechanism of renewal of the Calypso Serial Number (CSN) to mitigate the risk of fraud : a part of the CSN contains date and time of validity of the debit key which shall be checked by the terminals.

Thales says: poor mobile network coverage can make HCE services inaccessible. In short no internet connection, no mobile transit service. Let’s compare the basic mobile transit card features of Mobile Suica with Calypso HCE:

It’s too bad IDFM didn’t study Mobile Suica shortcomings, they could have learned a few things. Most certainly they understand HCE shortcomings but chose it anyway for unknown (political?) reasons. Right out of the gate Smart Navigo HCE won’t support power reserve NFC transactions even on Android devices that support it for regular eSE NFC. In total, there are 6 core Smart Navigo features that are internet connection dependent vs 1 Mobile Suica feature. 6 more things to complain about when they don’t work…in other words the Smart Navigo HCE suck index is 6 times greater than Mobile Suica. If Suica App is anything to go by, there are going to be a lot of bad Google Play reviews for the HCE version of the Île-de-France Mobilités App.

iPhone and Apple Watch users can be thankful that Apple Pay Navigo will use eSE (as Samsung Pay Navigo already does), and avoid most of this mess when the service launches in 2023, matching the Mobile Suica experience, feature for feature.

Apple Pay Navigo launch in 2023, open loop coming in 2024

After a long, long dance, Île-de-France Mobilités (IDFM) confirmed that Smart Navigo, the Paris region transit card for mobile will come to Apple Pay in 2023. As usual, Le Parisien broke the story (paywall), quickly reported on French Apple centric tech blog iGeneration.

“This time, for sure, it will be done”

After a test phase, in 2022, iPhones and Apple Watches will be able to replace the plastic pass distributed by IDFM (in 2023). “We cannot yet give a precise date, because it depends on the progress of Apple’s developments in Cupertino. But this time, for sure, it will be done, “says Laurent Probst, CEO of Île-de-France Mobilités. The contract is due to be voted on this Thursday at IDFM’s board of directors…

The contract between IDFM and Apple is spread over a period of five years, with a total budget of up to €5 million dedicated to the development of new services. A budget equivalent to that allocated to Android service developments operated by Samsung with IDFM.

Le Parisien

The contract with Apple is due to be approved by IDFM directors the week of February 20, we can thank the 2024 Paris Summer Olympics for breaking the Smart Navigo on Apple Pay logjam. Le Parisien has regularly criticized IDFM’s slow rollout of mobile services: “The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.” A timeline is helpful to understand the stalemate.

  • October 2017: Smart Navigo mobile was announced for 2019 launch. At the time IDFM said, “Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.” In other words, IDFM wants to bypass Apple Pay Wallet and do everything in their own app.
  • September 2019: Smart Navigo launches on smartphones using an Orange SIM card, and on Samsung devices.
  • January 2021: Le Parisien reports that Smart Navigo is coming to Apple Pay. However this turns out to be a false alarm, instead IDFM releases a new version of the ViaNavigo iPhone app with support for adding money to plastic Navigo cards with the iPhone NFC.
  • November 2021: Le Parisien reports that IDFM suddenly terminated their partnership with Orange, IDFM announces a HCE + app strategy for Smart Navigo on Android that will launch in 2022. In other words, IDFM will do everything in their own app.
  • February 2022: Le Parisien reports Smart Navigo on Apple Pay will launch in 2023, IDFM confirms on Twitter and also announces EMV open loop support coming in 2024 in time for the 2024 Paris Summer Olympics.

French journalist Nicolas Lellouche independently confirmed the Apple Pay Navigo 2023 launch directly with IDFM and posted some details. Expect direct adding in Wallet app with Apple Pay recharge, similar to Suica, PASMO, Clipper, TAP and SmarTrip. An updated ViaNavigo app will provide extra features for commuter passes and more service options.

French reaction on Twitter was interesting and varied. People complained about the long lag getting Smart Navigo on iPhone but the equally long delay getting Smart Navigo on all Android devices, not just Samsung Galaxy, is more interesting and revealing. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices. It’s almost like Ferdinand de Lesseps digging a sea level Panama Canal when a lock-and-lake canal was the better technical choice all along.

As for Android Calypso HCE performance vs Apple Pay Navigo Calypso eSE performance, I suspect the network dependent HCE on Android will be problematic. It will certainly be problematic, and challenging, for non-Apple smart wearables. If there is anything the bad user reviews of Suica App tell us, it is that network connections in station areas and on trains are never reliable and Android NFC adds layer upon layer of support complexity. No network = no HCE service, it’s that simple. Apple Pay Navigo will work without a network connection, just like all transit cards on Apple Pay, and will work great on Apple Watch too.

For this reason IDFM has to focus all of their system resources on the much more complex Android launch this year. They could certainly launch Apple Pay Navigo sooner if they really wanted to, but it’s better to do these things one platform at a time.


Related
Contactless Payment Turf Wars: Smart Navigo HCE power play
Smart Navigo reportedly launching on Apple Pay

My Cousin Apple Pay

So the EU is going ahead with ‘open NFC’ antitrust charges against Apple. As posted back in August 2020, the whole open vs closed debate is not easy to define. It’s probably easier to look at it from the simplistic App Store debate of letting developers bypass Apple’s in-app payment mechanism to avoid paying the ‘Apple Tax’, because that’s the box most people will understand.

We’ve already seen banks and Apple chafing over transactions fees on multiple occasions, the latest being ‘Banks Pressuring Visa to Cut Back on Apple Pay Fees‘ because Apple dared release their own credit card under the Mastercard brand via Goldman Sachs. German banks and Australian banks in particular demand the right to use iPhone NFC in their own payment apps instead of Wallet so they can harvest the user data they can’t get via Apple Pay and drop Apple Pay support all together in favor of their own proprietary payment apps (our exclusive card comes with our exclusive app). But there’s an aspect of the ‘open’ argument that will not be discussed by EU regulators, the banks and credit card companies.

I’ve been watching ‘My Cousin Vinny’ a lot recently. I love the courtroom scenes with Joe Pesci’s Vinny character turning the prosecution arguments upside down. There’s a key scene early on when Vinny uses a pack of cards to convince Ralph Macchio’s character to give Vinny a chance to defend him: ‘the prosecutors are gonna show you bricks with solid straight sides and corners, but they’re going to show them in a very special way’ so that judge and jury see bricks instead of playing cards, which is what ‘open NFC’ arguments are: paper card illusions.

NFC is just hardware, it’s worthless without the software protocols that drive it. NFC also has different definitions. The bank industry defines NFC as NFC A-B ISO/IEC 14443. The NFC Forum defines NFC as NFC A-B-F for device certification. On the protocol side the bank industry defines NFC as EMV because this is their industry standard created and managed by EMVCo (Europay-Mastercard-VISA initially, now collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa).

Are EU regulators going to argue that ‘open NFC’ is defined as NFC A-B-F on the hardware side and EMV, MIFARE, FeliCa protocols on the software side? Of course not. They will narrowly define their Vinny brick as NFC A-B and EMV, and maybe Calypso as the transit protocol is used in France for transit. Why would they do that?

It’s very simple. European banking interests don’t want to pay transaction fees to Apple, the Apple Pay tax. They want to cut out the middle man with their own exclusive apps and harvest user data. They don’t want inconvenient questions such as why there are all those different NFC standards and protocols out there, how this came to be and what really constitutes ‘open’. Why did the ISO/IEC Joint Technical Committee choose Phillips NFC-A and Motorola NFC-B while shutting out Sony NFC-F? Was that part of creating an ‘open’ and level NFC playing field on the global marketplace? Of course not, it was about playing favorites while shutting Sony and Japan out of the game. Now they want to do the same to Apple Pay. I still think Junya Suzuki is right: the EU will never demand the same thing of Samsung Pay or Huawei Pay that they are demanding from Apple.

Sawada Sho tweeted a thoughtful question recently regarding the App Store in-app payment controversy. He pointed out that gaming and other platforms charge developers great deal of money for hardware and software access, nobody questions that. Apple offers a lot of access for a very low price, is it fair to demand free passage on the App Store because it is Apple? Sho san thinks the Apple transaction cut is a fair tradeoff. Some tech writers have occasionally asked the same basic question: what’s fair?

EMV, MIFARE and FeliCa all have licensing and certification fees that all customers (developers) pay. Apple has gone to a lot of expense licensing those technologies in addition to licensing a GlobalPlatfrom Secure Element that they build into their own Apple Silicon. Those costs are recouped by Apple Pay transaction fees and fund future developments like digital keys with UWB, ID and other Wallet goodies we’ll get later on in the iOS 15 cycle. I’ve said it before and say it again: Apple took the time and expense to build a first class restaurant and outsiders are demanding the right to use Apple’s kitchen to cook their own food to serve their own customers in Apple’s restaurant.

I guess EU regulators want to give those away free to EU banking interests and let them have their way in the interest of ‘open standards’ that they define and end up protecting the home turf. That sounds like a good deal to me.

Smart Navigo reportedly launching on Apple Pay


Smart Navigo, the Paris~Île-de-France region digital transit card for mobile, currently on Galaxy devices and Android smartphones with Orange SIM cards, is reportedly coming to Apple Pay in February. Although France was an early innovator of NFC on mobile phones, it did not lead to early mobile transit adoption: Smart Navigo launched in September 2019. Apple Pay Navigo would be the first native transit card (closed loop) for Apple Pay in Europe, it would also be the first smart wearable for Navigo users thanks to Apple Watch. The Calypso based Navigo transit card launched in 2001 and had a large upgrade in 2019 to add more transit services and mobile.

Navigo operator Île-de-France Mobilities has reportedly been in talks with Apple ever since Smart Navigo was first announced in 2017. At that time they said:

“Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.

Apple has a uniquely flexible custom embedded Secure Element (eSE) in their A/S Series chips that can be updated to support additional NFC protocols. Calypso is an open protocol that uses NFC-B, it would join the other major Apple Pay protocols, EMV (NFC-A) FeliCa (NFC-F) and MIFARE (NFC-A), that are all proprietary. There isn’t any technical difficulty adding new transit cards. It’s a matter of negotiation and deal making, which can take time.

Apple usually likes to roll out new transit cards following an iOS update. iOS 14.4 would fit a February launch window. There are also reports that Apple Pay Code Payments are working in recent iOS 14.4 internal builds. If all of this pans out, iOS 14.4 could be an important update for Apple Pay users, especially in France.

2021-01-08 UPDATE
01 News reports that iPhone users will be able to reload Navigo cards for day/weekly /monthly passes with an updated ViaNavigo app using NFC starting January 20. This is an important first step of implementing Apple Pay support in advance of the full Apple Pay Navigo service launch due in February and confirms the earlier Le Parisien report. It also follows the 2020 Apple Pay Octopus rollout which saw an updated iOS app with iPhone NFC recharge feature released before the service launch.

2021-01-15 UPDATE
The updated iOS Ile-de-France Mobilités app (previously ViaNavigo) with NFC reload for Navigo cards was released. iPhone 7 and later devices are supported as this follows Core NFC device specs, however iPhone XR/XS support is missing in the initial release and said to be addressed soon. There is also an issue with iPhone SE2 that needs to be restarted to work properly. These issues are fixed in iOS 14.5 and later.

2021-3-15 UPDATE
Apple Pay Navigo is a no-go, for now. Take this tweet with a grain of salt as none of this is confirmed…these things never are:

Navigo on iPhone will only arrive when pay-as-you-go functionality is fully operational (probably because of commission fees if you believe the rumours)… which will only arrive next year (2022) at best, when all exit gates will be equipped with validators