UWB Touchless Express Transit and Apple Pay for iOS 15?

A recent sudden surge of hits from Hong Kong accessing my December 2019 UWB Touchless Mobile FeliCa post seemed odd. I dug around and it appears that Hong Kong MTR, like JR East, is making noises about incorporating UWB technology in next generation transit gates.

iOS 14.5 added a new PassKit call for Bluetooth and the U1 chip integration since iPhone 11 and Apple Watch 6, coupled with global FeliCa support certainly puts Apple ahead of the game. I have no idea what WWDC21 will deliver but more UWB integration is a given.

Apple only mentioned UWB Touchless at WWDC20 in connection with digital car key without showing anything because the Car Connectivity Consortium Digital Key 3.0 spec was a work in progress. Now that the spec is in-place with BMW said to deliver car models incorporating UWB Touchless this year, will Apple show it in action? I think it’s highly likely, but since Car Key is a ‘Wallet Card’, and Wallet app Express Cards come is 3 types: Transit, Student ID, and Car Key, the more interesting question is…will Apple also show Touchless Transit and Student ID Express Cards? And what about Apple Pay?

People think Touchless is a completely new thing for ‘keep smartphone in pocket’ transactions, and they worry about security. You can’t blame them because marketers are selling the in-pocket payment experience. However, Touchless is simply long distance NFC without NFC. All UWB Touchless does is describe the frequency to use Bluetooth instead of NFC. The background stuff, secure element and so on, is exactly the same. This means user interaction is the same. For walking through transit gates and security doors, or unlocking your car, the convenience of Touchless is easy to understand: no more NFC tapping, just keep moving.

What about Express Card payments? The current Apple Pay Suica payment checkout experience: the user taps Suica on a touchscreen, or tells the clerk “Suica” then holds the device to the reader. The user has to give consent before the transaction is activated by checkout staff or the self checkout reader. For Apple Pay EMV transactions users have the extra step of confirming a transaction by Face ID/Touch ID to complete it.

Realistically however, in what situations does Touchless make store checkout more convenient and faster? Drive thru certainly, supermarkets…maybe, but most stores will probably not want to invest in Touchless without a good reason when the NFC readers they already have installed get the job done. There is one more interesting role that Apple has planned for UWB however, one that promises to improve the entire Apple Pay and Wallet experience: communicating with the reader before transaction to select the right Wallet card for the job, at a distance, for a truly smart Wallet app. With national ID cards, passports and more coming to Wallet at some point, UWB could be the Wallet reboot we really need.

And then there is EMVCo. The problems with UWB Touchless for EMVCo are that: (1) Touchless only works with devices with batteries, á la AirTag, and doesn’t work with the current plastic card model, (2) UWB + Bluetooth level the digital playing field with FeliCa and MIFARE, no more ‘real’ vs ‘who cares’ NFC hardware flavors to split hairs over. The plastic card NFC limitation is probably a bitter pill for everybody but especially for EMVCo members and issuers as plastic card issue is big business, and many customers are more comfortable with plastic cards. For those reasons I think EMVCo will be the last to support UWB Touchless, if they do at all. On the plus side Touchless does give digital wallet platforms an edge to create smart aware wallets, digital does NFC and Touchless, plastic only does NFC. We’ll find out about Apple’s UWB Touchless roadmap at WWDC21.

The VISA JP Apple Pay announcement and digital banking wars

MacRumors: Customers with Visa cards…will be able to add their card to their Wallet on iPhone and Apple Watch.

Me: I like MacRumors but the writer here has no idea what the story is or that users have been using these cards in Apple Pay all along for store purchases.

MacRumors: Hey! Could you elaborate on what you mean? Visa cards issued by those banks now have Apple Pay, correct?

Sure Sami, here’s the elaborate story. Do you know FeliCa? It’s the Sony created NFC standard that has been around a long time, long before EMV grafted NFC into contactless credit cards. When mobile payments launched in Japan back in 2004, Mobile FeliCa was the only technology that worked. So mobile payments for all major credit cards and Suica were built on Mobile FeliCa, the contactless payments infrastructure in Japan grew from that.

Fast forward to 2016. Phil Schiller announced FeliCa for iPhone 7 at the keynote and the launch of Apple Pay in Japan. VISA Japan didn’t sign an agreement with Apple but it didn’t matter much because VISA JP cards were available for Apple Pay thanks to previous Mobile FeliCa agreements covering the iD and QUICPay networks for store payments. The other card companies (Mastercard JP, JCB, American Express JP) signed with Apple.

It was a big success. But the Mobile FeliCa agreements only covered store purchases, they didn’t cover things like in-app purchases. Even though many Japanese users added their VISA cards to Apple Pay they couldn’t use them to recharge Suica cards because in app purchases were not supported.

Fast forward to 2020. VISA JP is a major sponsor of the Tokyo Olympics showering sponsorship money to promote ‘VISA Touch’ EMV contactless cards. They want customers to use VISA Touch at stores, not iD and QUICPay because the margins are nicer and EMV contactless is a world standard except for places like Japan (FeliCa) and China (PBOC). Most of the POS equipment in Japanese stores is multi-protocol ready so the customer NFC flavor is a moot point. For whatever reason, let’s say marketshare, VISA JP finally signed on with Apple Pay.

What changed for all those VISA JP cards already working in Apple Pay Wallet these past few years? A VISA logo, in-app payments, dual mode NFC and Payment card Express Transit:

Did you get that Sami? Hello, anybody there?

Digital Banking Wars
Seriously though, it’s sad when tech writers don’t understand the technology in the stories they write. All major Apple sites ran the same wrong story. It should have been: Visa JP Cards now fully support Apple Pay. I think journalists do everybody a great service when explaining complex stories and connecting the dots in easy to understand ways. Nobody cares, which is a shame because there were other major things going on behind the VISA JP Apple Pay announcement that even the Japanese tech media missed: the very same day, NTT Docomo and MUFG announced a joint digital banking venture.

Let’s take a closer look at that VISA JP Apple Pay announcement, specifically the issuer launch list: APLUS, Cedyna (SMBC Financial), SMBC, Docomo, MICARD, Saison, JACCS, Rakuten. Do you see MUFG? Nope. MUFG brand VISA cards will join at some point, probably, but VISA has put all their eggs in the SMBC basket, the companies are not on the friendliest of terms.

NTT Docomo and SMBC/VISA group feuded for years and called a stalemate. It was only a matter of time before NTT Docomo kicked SMBC to the curb, which they did yesterday with the MUFG joint announcement. Docomo and MUFG are going to leverage dPoint into an economic zone to rival Rakuten and SMBC/VISA V Point. It’s as simple as that. And here you thought that VISA JP announcement was only about Apple Pay. Think again, the economic zone mobile digital banking wars are just getting started.

One last bit: if you want to know the reason why it took so long for VISA JP to sign with Apple go to the SMBC V Point App page and look at the Apple Pay • Google Pay section. ApplePay is dual mode, Google Pay is EMV only. It was the power play we suspected all along: VISA wanted to kill FeliCa, Apple stuck to its NFC switching dual mode guns. For a detailed list of VISA JP cards and supported features go here.

The truth is in the tap

The Nankai Visa Touch test launch launched endless Twitter discussions about slow EMV contactless tap speeds and performance issues compared with Suica and other Transit IC cards. EMV contactless transit in Japan is novel so this is expected. But suddenly people are also referencing Junya Suzuki’s 2016 pre-Apple Pay Suica launch era ‘Is Suica Over-spec?’ piece. This has long been a favorite theme in Japanese tech media: Suica is more than we need, EMV contactless is ‘good enough’ so let’s do everything with one card, life is more convenient that way. Be careful what you wish for.

The 2016 launch of Apple Pay Suica was a great success of course, that changed the Japanese payments market and opened the door for the proliferation of QR payment services you see everywhere now. The one card must do it all concept is old hat but Tokyo Olympics sponsors Visa Japan and SMBC are trying very hard to convince Japan that Visa Touch cards are the transit future.

My position was and remains that one size never fits all. It doesn’t have to be a EMV or nothing choice portrayed in tech media, nor should it. Different technologies complement each other for a better user experience. Apple Pay Suica/Mobile Suica combines the convenience of EMV cards on the recharge backend with the speed and reliability of FeliCa based Suica cards on the NFC front-end, for a best of breed closed loop transit user experience. One interesting thing I pointed out in my retweet of Suzuki san’s Nakai open loop launch piece was that QR Nankai Digital Ticket gate performance in the his video is faster than Visa Touch because it’s closed loop.

The comment touched off an odd but interesting set of tweets from Suzuki san and his followers about gate design, reader performance and walk flow that boils down to this: if the reader transaction speed is slow, increase the distance between the reader and gate flap to keep people walking instead of stopping.

His follow up piece deconstructs ‘FeliCa is faster’ as half misunderstanding transit gate antenna design and RF communication distance because EMVCo reader certification dictates a smaller RF distance, the result of using the EMV contactless supermarket checkout spec on transit gates it was never intended for. All I can say is the truth is in the tap. In theory all NFC flavors and protocols offer the same performance but in real transit use they don’t. Better to get next generation Ultra Wideband Touchless gates in service and dispense with the ‘redesign transit gates for slow EMV contactless/QR transit’ debate nonsense. Design things for the future not the past.

The current Transit IC local stored fare model does have weak points as suggested in FeliCa Dude’s tweet: discount ticketing, rebates and refunds. If you purchase a Mobile Suica commuter pass, you can easily get a refund back to the bank payment card used to purchase the commuter pass. This is because Suica extras like commuter passes and Green Seat upgrades are supplemental attached services that don’t use the SF purse.

Rebates and refunds via the SF (stored fare) purse are a bottleneck. Suica App has a mechanism for dealing with some of this called ‘Suica Pocket’ for JRE POINT exchanges and refunds back to the SF purse. Mobile Suica card refunds are another matter and can only be refunded to a Japanese bank account. Octopus Cards Ltd. (OCL) has a special Octopus App for Tourists that refunds a card balance back to original credit card used for the initial digital card issue. OCL also charges tourist users an arm and a leg for Octopus Wallet recharge and refunding. It would be nice if JR East could do the same…without the outrageous OCL surcharges.

For inbound discount ticketing JR East has adopted a similar approach they use for Eki-Net Shinkansen eTickets: discount plans attached to plastic Suica cards. This is the whole purpose of the Welcome Suica + reference paper proving validity for inbound discount plan purchases at station kiosks. It would be great if JR East figures out a way to do the same thing on Mobile Suica.

Domestic discount ticketing and passes are still the glorious, mostly paper ticket mess that is Eki-Net and similar services. Eki-Net itself is still in a slow motion transition towards a Transit IC/Mobile Suica orbit with some things transitioning to QR paper ticketing that replaces expensive mag-strip paper. Eki-Net App is still limited to Shinkansen eTickets and ticketless express train seat purchases. The Eki-Net web site is where you access all the bells and whistles although the experience feels like navigating the Transit IC interoperability chart. Discounts are starting to change somewhat with Suica 2 in 1, totra is the first Suica for disabled users but exclusive to the totra fare region. Hopefully Extended Overlap will see wider use not only for Suica but across all Transit IC cards for more special, and interoperable, discount services.

What’s next for PiTaPa?

Now that Nankai Railway Visa Touch and QR Code transit tests have started (April 2), it’s helpful to take a look at Surutto Kansai, the association of Kansai area non-JR transit companies that issue and operate PiTaPa. I covered PiTaPa problems previously but in addition to the Nakai Visa Touch and QR tests, there have been a few other developments among PiTaPa group members:

  • Nankai Visa Touch and QR Code Transit: the Nakai, VISA Japan, SMBC and QUADRAC Co., Ltd venture started in April for Visa Touch and Nankai Digital Touch QR, QR tickets are purchased and used via the Nakai App and can only be purchased with Visa brand credit cards.
  • Osaka Metro ICOCA: Osaka Metro started selling ICOCA commuter passes and regular cards from November available at all station kiosks. They are the last major PiTaPa member to add ICOCA commuter passes, other major members (Keihan, Hankyu, Hanshin, etc.) added them years ago and have finally retired mag-strip commuter passes. One clarification regarding TOICA: it’s sold at Shin-Osaka station by JR West not Osaka Metro. An interesting aside is that when you use TOICA on Osaka Metro the system recognizes it as ICOCA. In a separate development Osaka Metro wants to implement face recognition transit gates for the 2025 Osaka Expo that dump cards altogether.
  • Keihan ICOCA: Started offering ICOCA Points at the end of 2020 (discount fares for repeat transits in the same month).

In the Transit IC card 2020 ranking by issue/holder numbers PiTaPa was 6th at 3.3 million cards with the slowest growth. It will likely drop to 7th place in 2021.

Suica, PASMO and ICOCA represent 90% of transit IC card issue

Nankai Open Loop Tests
As expected the Visa Touch and QR gates are limited to certain stations and exits. From the on-site media presentation pictures it’s clear that Nanaki is doing open loop transit gates the right way by keeping EMV/ QR only gates separate and off to the side wherever possible (bolt-on jobs are used in narrow areas). If there is one thing we have seen these past few years it’s that all-in-one gates with multi-protocol readers are slow and error prone. They just doesn’t work well for transit.

Target users are inbound travelers from Kansai International airport and plastic contactless Visa brand cards as it does not support Apple Pay Express Transit or similar services on Google Pay, Samsung Pay, etc. The inbound angle is a tough sell in the travel restricted COVID era now that Kansai area hotels are closing and laying off staff. A few interesting inbound points: Mainland China visitors use Union Pay not Visa, QR tickets have to be bought with a Visa card, and Nankai Digital Touch QR tickets are faster at the gate than Visa Touch because they are closed loop.

Fellow transit otaku in Osaka run loops around the Visa Touch open loop gate at Nankai Namba station
Nankai Digital Touch QR tickets are faster at the gate than Visa Touch because they are closed loop

Taken altogether it’s mayhem. As FeliCa Dude says in his tweet, Surutto Kansai is done for. The interesting thing is that PiTaPa is a very similar to the digital Opal Mastercard debit with specific merchants allowed scheme: a closed loop credit card account instead of the closed loop digital Opal Mastercard debit account. Where PiTaPa failed was that Surutto never provided a plain old prepaid transit card option so that users could buy a commuter or regular one for cash and recharge it at any station kiosk. Opal of course still sells the good old Opal MIFARE prepaid card and they would be smart to keep it around. There will always be a need for cash based transit cards.

Why can’t Surutto Kansai to come up with this simple solution for PiTaPa? In a word, SMBC bank group. They are behind the PiTaPa card creation, and now they are pushing Visa Touch transit. It’s an unfortunate and awkward situation: transit companies forced to issue and use an ‘outside’ transit card like ICOCA instead of their ‘in-house’ PiTaPa brand. I suspect the impasse will continue until SMBC gives in and let Surutto create a prepaid card and own the float, or the major Surutto Kansai members stage a real revolt. Until something gives Mobile PiTaPa will be impossible. The pressure to do something will only grow as the Mobile ICOCA 2023 launch approaches.

The Open Loop transit privacy question

In 2013 JR East faced a crisis over selling Suica ridership pattern data analysis to Hitachi. The Suica data was stripped of personal information and was used to analyze popular transit routes and create general user profiles based on age group, gender and so on. Media outcry resulted in JR East drafting an opt out data policy followed by Japanese Government laws and regulations covering personal data privacy.

That was then, this is now. Line, the popular messaging service plus Line Pay payment platform, came under attack this week for storing user and transaction record data outside of Japan, in South Korea and China. This is not a surprise since Line started in South Korea and storing data on cloud servers there was always an open secret. Why the brouhaha now? The recent complicated Z Holdings acquisition maneuvers of Line are a factor. With PayPay and Line Pay QR payment empires now in the same house some kind of streamlining is bound to happen. The data scandal could be a convenient excuse to start it.

The constant drip of privacy concerns regarding social networks and QR payment systems like Line Pay, and where user transaction data is stored, makes the old JR East crisis look small and silly. Everything is more connected now in unexpected ways than even just 8 years ago.

It doesn’t matter how secure transaction protocols are when user transaction record data is stored on leaky servers or sold to outsiders for profit. I wrote about this earlier, the so called popularity of QR Code payment services in Japan is really about big data. In that vein we have a timely blog post on Open Loop ltransit rider privacy from Transit Center.

For a professional advocacy organization dedicated ‘to improve public transit,’ the Transit Center privacy publication is surprisingly amateurish. It raises valid concerns but reads like open loop advertising from credit card companies (Transit Center soft sponsors?), where open loop is the golden cure-all future, and the only future at that, of every transit ill with closed loop invariably portrayed as a dead era of tokens, punchcards and mag strip swipe cards. They also make MTA seem like the only transit system in America that matters because idiosyncratic MTA problems apply everywhere. Right? Wrong. Let’s take a look at their privacy blog post…<<with comments>>.

Transit agencies around the country are adopting a new generation of fare payment systems. Agencies including New York’s MTA, Boston’s MBTA, and Houston METRO are in the process of switching to what’s known as “open-loop” systems that enable riders to tap into the system using digital wallets on their phones or with their credit cards…

<<more banks handling transit fare concessions sounds like a good idea for privacy, wait until the TC folks figure out that ‘closed loop’ bank card accounts for digital wallet OMNY is the next step in the game>>

These technologies come with clear benefits for riders, but they also carry the risk of exposing more personal data…

<<here it comes>>

The switch to these new fare payment technologies can accelerate access to riders’ trip data by other government agencies. In New York, for instance, individuals’ MTA trip data can be retrieved much faster with the new OMNY system than with the older MetroCard system…

<<retrieve trip data quickly on a fare system where users don’t tap out…what? privacy concerns are not just government agencies btw with multiple 3rd party companies handling and processing transit fare data…which brings us to>>

The increased involvement of third parties in fare payment underscores the need for better data collection and management policies within transit agencies.

<<better as in more big data details?>>

How to Implement the Next Generation of Fare Payment Without Shredding Riders’ Privacy

Anybody experienced in dealing with bank and card company customer service could see this coming. Bank and transit operating cultures are different and they don’t mix well with outside companies running the transit gate fare concession. If you think transit privacy is a concern now, wait until face recognition transit gates become the next transit future thing.

Let’s make this simple. Open Loop (EMV and QR) and bank card EMV Closed Loop means that banks and outside payment platforms run their services at the fare gates They have transit user data, as does the transit company, so does the fare system management subcontractor like Cubic. The more places data is stored the more it’s gonna leak. This is exactly what is playing out in Japan right now because Line Pay Japan user transaction data is stored in South Korea which does not, putting it mildly, have a good secure data reputation.

That doesn’t mean that closed loop is automatically more secure, but keeping data in-house with its own closed loop transaction card in the country of origin, as JR East does for Mobile Suica, does mean that outside company access is tightly controlled. At the very least there is only one company in the country of origin to take the blame when something leaks, and only one place to plug it.