In a classic, ‘isn’t this how it was supposed to work all along?’ fumble, Docomo is finally doing the right thing by merging the ‘rush rush we have a QR Code payment app too’ dHarai app into a rebranded dHarai iD with, eventually, better Apple Pay/Google Pay iD integration. The first step today is the refreshed Android iD add that merges the Android only dMini card into dHarai (iD). An updated iOS dHarai app will be coming later along with other merged functions.
This announcement would have made a much bigger splash a year ago, but with the Line Pay Yahoo Japan merger taking up everybody’s attention now, it feels like Docomo is fixing a mistake in reaction to the merger, which it is not. In the current Japan cashless payments market frenzy, timing and smart execution is everything, just ask 7pay.
Disclaimer 1: As many regular readers know, I am not a QR Code fan. It’s not the technology so much as the assumption that the central processing model and constant network connections solve everything. When I went to Starbucks today I tried paying with the Starbucks app bar code and got a nice little rude reminder that when one link fails, the whole QR/bar code chain crashes. The WiFi at that particular Starbucks store is not robust and ends up jamming the smartphone 4G pipe because the device thinks there is a good WiFi connection. After 2 attempts without getting a bar code load, the staffer said, “turn off the WiFi.” I gave up and used Apple Pay Suica instead. Done.
Disclaimer 2: As many regular readers may not know, I am not a SoftBank fan. This goes back to the time when SoftBank bought Ziff Davis of which the Seybold Report was part of. SoftBank quickly destroyed the Ziff Davis business by sucking it dry and selling off the zombie for a good price before anyone realized it was dead. I wrote for the Seybold Report at the time. What had been a tightly run ship collapsed into chaos because the parent company starved the subsidiary groups and people didn’t get paid. Later on when I wrote reports for Off The Record Research, I regularly visited a Yahoo Japan source who complained that they could not create good iPhone apps because SoftBank constantly sucked the budgets dry. Later on he quietly told me he could not complain anymore because all the conference rooms were wired and everything was recorded. SoftBank is that kind of company. To me all they ever really do is play one big never ending shell game.
There will be lots of news and discussion in the weeks to follow but it’s important to remember a few essential points.
One: Line Pay and PayPay operations are running in the red, some people estimate PayPay could never turn a profit with its current business model.
Two: neither SoftBank/Yahoo Japan nor NAVER/Line Pay own a real bank. At some point in the cashless payments process, real cash has to change hands. Payment processors without real bank operations have to live with real bank transaction rules and fees, real banks will always have the upper hand. Having a real bank for example, puts Rakuten in a much stronger position than SoftBank. Yahoo Japan does own half of Japan Net Bank but this is a co-venture and Yahoo Japan only runs the internet service side, the other half, the real bank transaction half is owned and run by SMBC. In this arrangement SMBC is calling the shots.
As for me, I have been hanging out on the Girls Channel where Japanese women let down their hair and diss. Japanese women make, or break, products in Japan, especially everything Keitai, not men. Comments on the Line Pay and PayPay merger are very interesting and cutting. They range from “Mercari Pay is disappearing next” to “Hello Rakuten, goodbye Hagebank,” (a diss of bald Masayoshi Son, but also a double entendre for the highly leveraged SoftBank going bust). Day after day it reads like the bloom is off the Line Pay Pay Pay rose and Japanese women who created the first Keitai boom and have money now, are ready to move on. They are in it for the campaigns but not really in it. I’m going to keep hanging out with the girls. It’s a lot more fun and informative than reading the news, and faster too.
Visa offers dual mode plastic cards that have EMV and FeliCa support in one convenient chip package that work in Japan and abroad. However these new plastic and Google Pay cards are limited to the Visa Touch payment network which is slowly growing in Japan but still full of holes. The most useful payment method for these cards will be the reliable old contact one.
Visa Japan’s long term strategy here is to gradually pull out of the FeliCa based iD and QUICPay contactless payment networks and eventually issue everything on their own Visa Touch payment network. Apple Pay FeliCa support will never sit well with Visa Japan, but now with the Google Pay move we know what Apple Pay has to do to host new Visa card products.
Unfortunately Visa has focused on big marketing pushes like the Tokyo Olympics instead of a consistent and focused drive to build contactless payment support and customer awareness that benefits all players. In a payment market already flooded with payment network logos and acceptance marks, Visa Touch is just one more logo that adds to customer confusion. Visa could have been a leader, instead they gave QR Code players a nice big opportunity, a gift that keeps on giving.
The German law to force Apple to open it’s “NFC chip” is a confusing one. Why does an EU country with one of the lowest cashless usage rates single out one company’s NFC product in a last minute rider to an anti-money laundering bill? That’s not banking policy, it is politics. Details are few but let’s take a look at what it could mean because when it comes to NFC technology, details are everything.
Background stuff The so called Apple ‘NFC chip’ is not a chip at all but a hardware/software sandwich. The Apple Pay ecosystem as described in iOS Security 12.3 is composed of: Secure Element, NFC Controller, Wallet, Secure Enclave and Apple Pay Servers. On one end is the NFC chip controller front end that handles NFC A-B-F communication but does not process transactions, on the other end there is the Secure Enclave that oversees things by authorizing transactions. The fun stuff happens in the Secure Element middle where the EMV/FeliCa/MIFARE/PBOC transaction technologies perform their magic with Java Card applets.
The A/S Series Secure Enclave and Secure Element are the black box areas of Apple Pay. The iOS Security 12.3 documentation suggests the Secure Element is a separate chip, but Apple’s custom implementation of the FeliCa Secure Element, and the apparent ability of Apple to update Secure Element applets to support new services like MIFARE in iOS 12 suggests something else, but it is anybody’s guess. Apple would like to keep it that way.
So what does ‘open NFC’ really mean? It’s helpful to look at the issue from the 3 NFC modes: Card Emulation, Read/Write, Peer to Peer.
Peer to Peer Apple has never used NFC Peer to Peer and I don’t think this is a consideration in the ‘open NFC’ debate.
Card Emulation Apple limits NFC Card Emulation to Apple Pay Wallet with NDA PASSKit NFC Certificates. This is what the ‘open NFC’ debate is all about. I imagine that German banks and other players want to bypass the PASSKit NFC Certificate controlled Apple Pay ecosystem. Instead, they want open access to the parts they want, like Secure Element, NFC Controller, Secure Enclave, and ignore the parts they don’t want like Wallet and Apple Pay Servers. They want the right to pick and choose.
The success of Apple Pay has been founded on the ease of use and high level of integration from a massive investment in the A/S Series Secure Enclave and other in-house implementations such as global FeliCa, etc. Outside players forcing Apple to open up the Apple Pay ecosystem represent not only a security risk to Apple but also a reduced return on investment. One commentator on MacRumors said it’s like Apple took the time and expense to build a first class restaurant and outsiders are demanding the right to use Apple’s kitchen to cook their own food to serve their own customers in Apple’s restaurant. It’s a fair analogy.
The NDA PASSKit NFC Certificate gate entrance rubs bank players the wrong way as they are used to giving terms, not accepting them. The Swiss TWINT banking and payment app for example is a QR Code based Wallet replacement that wanted the ability to switch NFC off, and got it.
My own WWDC19 Apple Pay Wish List did include a wish for easier NFC Card Emulation, but nothing appeared. It’s certainly in Apple’s best interest to make it as easy as possible for 3rd party developers to add reward cards, passes, ID cards, transit cards, etc. to Wallet. However given that the EU is hardly what I call a level playing field, the fact that bank players and politics go hand in hand in every nation, and the fact we don’t know the technical details of what the German law is asking Apple to do, all we can do is guess. In general, I think Europe will be a long rough ride for Apple Pay. At least until EU bank players get deals they are happy with.
Hacker News and Reddit have very different user audiences but each have their share of ‘my experience is the world’ navel gazers. This is a plus: the comments are fascinating to read. The Andreessen Horowitz site posted a piece by Avery Segal, Remember QR Codes? They’re More Powerful Than You Think. Somebody posted it to Hacker and somebody else posted a link to my Transit Gate Evolution piece in the comments. I think it’s hilarious and insightful that somebody can look at the same QR code transit video in the piece and write, “The QR code video shows a ton of people going through the turnstiles quite fast.” A ton? Fast? I guess the commentator never experienced rush hour Shinjuku station gates.
Segal’s piece is a simple Mainland China travelog highlighting all the things people can do with a WeChat/Alipay account and WeChat Pay/Alipay integrated QR Code smartphone apps there. There is very little analysis and the opening paragraph reads more like PR, which it probably is. After all, Andreessen Horowitz is a venture capital firm though I can’t figure out if Segal is trying to sell WeChat/Alipay or QR.
Companies in the US have been slow to adopt QR codes, but those who dismiss them as having “been around forever but never taken off” underestimate their wide-ranging potential. Camera-based solutions like QR codes (or facial recognition, for that matter) can make traditionally clunky user experiences seamless and intuitive. QR codes connect our online identity to the offline world, allowing users to essentially log in to physical locations—and bring their data with them. This delivers a number of benefits: brands learn user preferences, while customers gain a more tailored and social experience, as well as perks like automatic loyalty programs built into every transaction.
The Hacker News crowd discusses the pros and cons of QR vs NFC, but I think that they along with Segal completely miss the point: it’s not the technology, it’s the service layers built on top of it and how well they integrate that really matters. Actually it’s the only thing that matters.
The Suica example. FeliCa is great NFC technology but nothing great by itself: the Suica card format built with FeliCa, the nationwide Transit IC card inter-compatibility built around the Suica card format, the Transit IC eMoney standard built on top of that, Mobile Suica, Apple Pay…each new service layer builds on the previous layers and adds value to the whole. The value is the quality of integration, a sum greater than the total of parts.
China is a very different country and transit infrastructure isn’t a business. I’m sure that Alipay and WeChat Pay were allowed on host their QR code services on ‘public infrastructure’ because it also benefits the Chinese Communist Party in some way and helps the CCP steer society where it thinks it should go.
There is another important aspect that Segal and the Hacker crowd fail to see or discuss: central processing vs. local processing. The whole point of Transit Gate Evolution was explaining the Apple Pay Suica secret: a great local processing front-end (FeliCa/NFC-F/Suica) integrated with a great central processing back-end (Mobile Suica + Apple Pay EMV credit/debit cards). Segal assumes that central processing is everything and that the internet, mobile networks and cloud services are always going to work everywhere 100% of the time. They don’t.