Hidden Assumptions

Jonathan Seybold said it best in his Computer History Museum interview video, many arguments can be easily demolished by pulling out the hidden assumptions. In our attention span challenged social media era it’s all too easy to believe things at face value. Few people invest time and brain energy to analyze and question arguments to find and examine hidden assumptions.

A reader of this blog might come away thinking I am not a fan of open loop transit fare payments and despise EMV contactless and QR Code payment technology. That would be a mistake. I don’t hate them, everything has its place. I simply don’t agree with ubiquitous assumptions that EMV or QR or open loop are cure alls for every transit fare payment situation that they are praised to be…usually because ‘everybody uses’ bank issued contactless payment cards or smartphone payment QR apps. It’s a one size fits all mentality that blinds people from seeing hidden assumptions. It’s very important to see how all the pieces, seen and unseen, fit together. After all, transit companies and their users have to live with transit infrastructure choices for decades.

In a recent twitter thread Reece Martin thought it would be nice if Canada had a nationwide transit card. This is something Japan has had since 2013 when the Transit IC interoperability scheme was put in place that made the major transit IC cards compatible with each other, but they did this without changing the hardware. The various card architectures were left untouched and linked with system updates, a use-the-same-card backend solution. China on the other hand created a national transit card with the China T-Union • PBOC 2.0 standard that replaced all older transit cards with locally branded T-Union cards, a get-a-new-card hardware solution.

A nationwide Canadian transit card is a great idea but as Samual Muransky answered in the same thread, why bother with ‘obsolete’ dedicated transit cards when everybody uses EMV contactless bank cards and EMV is the new standard. Let’s examine some hidden assumptions at play here.

Assumption #1: Everybody has contactless credit/debit cards
The open assumption here that everybody has bank issued credit or debit payment cards is not the case and varies by country, demographics, age, etc. Most people in some countries do, but even so there will always be people who don’t. Transit cards always have the advantage of being available at station kiosks to anyone with cash.

Assumption #2: because of assumption #1 open loop (credit/debit cards) is better than closed loop (dedicated ticketing) for paying transit fare
The hidden assumption is that open loop covers everything but it does not. Specific transit services such as individual commuter passes, discounted fares for disabled/elderly/children are practically impossible to attach and use with bank payment cards. The best that transit systems and payment networks can do with open loop is fare capping or special discounts when applied universally. The age-old pay ‘x’ times and get one free concept. Open loop works best for occasional transit users.

The limitations of open loop on large complex transit systems like Transport for London is easy to see. Despite a long campaign to eliminate the venerable Oyster transit card and migrate users to EMV open loop, TfL threw in the towel and upgraded the Oyster system recently. To date TfL has not offered a digital version of the closed loop Oyster card. In short, dedicated transit cards will always be with us.

Assumption #3: EMV contactless is the NFC standard
The NFC Forum recognized long ago that credit card companies and transit companies have different needs and objectives. To that end the NCF Forum has 2 basic NFC standards, one for contactless payments (NFC A) and one for transit (NFC A-B-F). All NFC devices must support NFC A-B-F for NFC Forum certification.

Assumption #4: EMV contactless for transit is safe and secure
There are many hidden assumptions packed into the words ‘safe and secure’: not everybody agrees on what safe is and what level of security is secure. Things also change depending on the situation and the design. I have covered transit gate reader design in many other posts but recap some basics here.

Steve Jobs famously said that designing a product is a package of choices. I have often said that EMV contactless is supermarket checkout payment technology but that’s not a put down, it’s the truth of what EMVCo were aiming for when they grafted NFC-A to their EMV chip for contactless cards.

Because of wide deployment with no direct control, the original EMV contactless spec had a latency window to work reliably even with crappy network installations, and the slow speed has sometimes been cited as a security risk. NFC-A (MIFARE and EMV) transaction speeds are rated for a theoretical 250ms but are usually 500ms on open loop transit gates. Suica is always 200ms, often faster. The speed gap is due to gate reader design, the network lag of centralized processing vs local stored value processing, and the different RF communication distances for NFC-A and NFC-F. JR East presentation slides explain the transaction speed differences.

  • Japanese station gates are designed to be capable of 60 passengers per minute. To do this the conditions are:
    • Processing time of fare transaction has to be within 200ms
    • RF communication distance is 85mm for physical cards and smartphones
  • European station gates are designed to be capable of 30 passengers per minute:
    • The processing time takes 500ms
    • RF communication distance is 20mm for physical cards, 40mm for smartphones
016l
Presentation slide from the NFC Forum Japan meeting, July 2016
018l
Presentation slide from the NFC Forum Japan meeting, July 2016

The Suica transaction starts from the 85mm mark while MIFARE and EMV contactless cards start at the 20mm mark. Because of the greater RF communication distance Suica transactions start much earlier as the card travels toward the reader tap area. It you look closely at the 2nd slide you can see that smartphones have a slightly earlier EMV/MIFARE RF transaction starting at the 40mm mark (the 1.1A/m boundary) due to the larger smartphone antenna, physical EMV cards with smaller antennas are limited to 20mm. This is why smartphones seem faster than physical cards on NFC-A gates. Suica physical cards have a larger antenna and the same RF transaction distance as smartphones.

NFC-A transaction speed is slower because it has to be on top of the reader before it can start. This is also the limitation with optical based QR and bar codes, the transaction only starts when the smartphone screen is close enough to the reader for an error free scan. Transit gates using these technologies are not designed for smooth walk through flow.

The speed difference is clearly seen on the Nankai VISA Touch open loop gates: the transaction starts when the card is physically on top of the reader:

Here is Suica style transit gate for comparison:

One of the smart things Nankai is doing in the test phase (limited to a few key stations) is keeping EMV/QR gates separate from standard FeliCa gates. This is practical. Regular users go through the faster regular gates, the occasional open loop or QR users go through slower EMV/QR gates. Keeping different readers separate and clearly marked helps keep walk flow smooth and crowding down at busier stations. The Nankai program has been put on pause for another year due to the collapse of inbound travelers in the COVID pandemic. It’s a trial run as Osaka area transit gear up for an anticipated inbound travel boom in connection with Expo 2025, that may, or may not pan out.

The Nankai VISA Touch gates are designed for physical cards, Apple Pay works but without Express Transit. That’s a plus as Apple Pay EMV Express Transit on TfL and other open loop systems (OMNY) has come under scrutiny for a potential security risk with VISA cards that allows ‘scammers’ (in lab settings) to make non-transit charges to Apple Pay VISA cards via Express Mode, something that is not supposed to be possible.

Timur Yunusov, a senior security expert at Positive Technologies…said a lack of offline data authentication allows this exploit, even though there are EMVCo specifications covering these transactions.

“The only problem is that now big companies like MasterCard, Visa and AMEX don’t need to follow these standards when we talk about NFC payments – these companies diverged in the early 2010s, and everyone is now doing what they want here,” he said.

Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves, Techepublic

In other words, Apple removing Apple Pay bio-authentication to promote EMV Express Mode for open loop transit puts Apple Pay at the mercy of lax card network payment operation practices who don’t follow their own rules. Not that it’s a real problem in the field but accidents do happen, such as this incident on Vancouver BC TransLink that a reader forwarded:

Just a moment ago, I nearly got dinged on my CC while sitting on a high seat near a door which is where one of the validators are located. The validator picked it up from the backside rather than the front side where the tap area is located. Also, somehow, my iPhone authorized the transaction when I only want to return to the home screen instead.

If the open-loop was implemented in a way where the card must be pre authorized before the card can be tapped at a validator, it wouldn’t get me in a situation where I need to deal with customer service to dispute some charges. Good thing this time, transaction was declined so nothing related to this charge showed up in my account.

Smartphone users be careful around the backside of Vancouver BC TransLink pole readers

Open loop is only part of a larger picture
Canadian transit would certainly benefit from a Japanese transit IC system approach with compatibility on the backend, or even the China T-Union approach of a national card spec that is locally branded but works everywhere.

To come back to the beginning, my point isn’t about slamming EMV or QR open loop transit, just the assumptions that they solve everything. They have their place in intelligently designed fare systems but only constitute part of the larger transit fare system picture. And as I have pointed out many times, card companies have little interest in improving the EMV standard for transit needs. They want to capture transit fare business without investing. The focus will always be the supermarket checkout lane that EMV was designed for.

There will always be a risk involved when ignoring the hidden assumptions of EMV open loop as a one size fits all solution. Dedicated transit cards will always be necessary. Every transit system is unique and deserves the best solution for the transit company and the users they serve.

Apple Pay Japan 5 Year Mark: All of This and Nothing

Suica was the centerpiece of the Apple Pay launch in Japan October 25, 2016

October is Apple Pay month in Japan. Today, October 21, we have the Apple Pay WAON and nanaco launch. October 2020 saw the Apple Pay PASMO launch ceremony attended by Apple VIPS. October 2016 was the biggest launch of all. This month marks the 5th anniversary of Apple Pay in Japan that launched with the FeliCa enabled iPhone 7 and the iOS 10.1 update. The initial rush to add Suica to Wallet was so great that it brought down both Apple Pay and Mobile Suica servers for several hours. Junya Suzuki, the best journalist in Japan covering digital wallet payments and technology, predicted that Apple Pay would be the ‘Black Ships‘ inflection point catalyst in Japan that would change everything. He was right. Everything has changed.

I tried to think of something smart and elegant or throw together some market data numbers that explain the transformation Apple Pay facilitated in Japan, but it comes down to this picture, a crazy kaleidoscope of contactless payment choices at the local post office. That’s as mainstream as one can get.

Payment options at the Japanese post office

The post office payments menu doesn’t have an Apple Pay logo but EMV brand cards at the top are Apple Pay, FeliCa cards in the middle are Apple Pay, shitty pain-in-the-neck-launch-an-app code payments at the bottom are not Apple Pay…and yes, you can still pay with cash if you need to. This crazy variety, by western standards, is the reason why Japanese Wallet users are excited about the new 16 card iOS 15 Wallet limit, they want to add more cards and 12 was not nearly enough. We have Apple Pay to thank for this overflow of payment options. Even though Apple Pay logo isn’t anywhere to be seen, Apple Pay is reason why so many contactless payment choices exist and why they are mainstream. This is the Apple Pay Japan transformation.


A timeline of changes and challenges

  • October 2016: Apple Pay launches in Japan with support for Suica (compatible with the Transit IC transit and payment network), iD and QUICPay payment networks (American Express, JCB, Mastercard, VISA).
  • September 2017: Global NFC on iPhone 8, iPhone X, Apple Watch 3 supports dual mode cards and seamless EMV and FeliCa NFC switching. Japanese users can make payments internationally with their Japanese issue cards on EMV payment terminals, and FeliCa payment terminals at home. Mobile PASMO trademark registered.
  • 2018: Carrier code payments services launch as cashless momentum grows, iOS 12 Wallet adds MIFARE support for Student ID, May: NTT docomo dBarai, October: SoftBank PayPay.
  • 2019: Japanese Government Cashless Consumption Tax Rebate Program
  • October 1, 2019 through June 30, 2020. The aim of the program is to encourage cashless purchases and increase cashless use up to 25% of all purchases by 2025. To do this the program offers up to 5% tax rebates for cashless purchases made at middle~small businesses and also offers merchant subsidies for installing cashless checkout systems. This is a prescient inflection point as COVID proves to be huge catalyst for going cashless, far more than a normal Tokyo Olympics would even have been.
  • 2021: Apple Pay WAON and Apple Pay nanaco eMoney cards launch, VISA Japan adds Apple Pay in-app purchase support and NFC dual mode switching. This completes the Apple Pay lineup. The Tokyo Olympics didn’t turn out to the big crowd contactless driver the industry expected. Nevertheless market surveys indicate that cashless payment use in Japan has already passed the 25% target.

Japan was a very unique case, the most unique but don’t make the mistake of dismissing it as an outliner. It was way ahead of the curve with important lessons beyond the tired old meaningless FeliCa vs EMV winner-loser debate. Japan already had the extensive and mature Osaifu Keitai mobile wallet platform that launched in 2004, built on the Sony and NTT docomo created Mobile FeliCa standard, long before EMV grafted NFC on their chip and issued contactless credit cards.

The Apple Pay that launched in 2014 was exclusively EMV as credit cards were the best start point, but Apple was already hard at work adding FeliCa, MIFARE and other NFC based transaction protocols as standard in the secure element hosted on Apple Silicon. The result was first seen in 2016 iPhone 7 and Apple Watch 2 in Japan, with Apple Pay Suica, Express Transit and direct Wallet transit card adding as the centerpiece launch strategy, all firsts.

This was an extremely shrewd move. The Japanese public was well versed using Suica for transit and quick purchases. The impact of choosing the Tokyo area based Suica as the start point, coupled with the convenience of anywhere, anytime Apple Pay recharge, supercharged Suica and Apple Pay. They both grew quickly.

JR East factsheet: Apple Pay supercharged Suica growth

The full Apple Pay vision came into focus with the 2017 release of iPhone 8, iPhone X and Apple Watch 3, these were the first global NFC devices that worked everywhere. This was a complete break with the Android model of only selling FeliCa capable devices in Japan or Hong Kong. This is why any iPhone from anywhere can add and use a Suica transit card and Android devices cannot.

The most useful marketing survey covering Apple Pay use in Japan was a November 2018 survey and article from Japanese IT journalist Sachiko Watatani. At the time she found the following:

  • Only 27% of iPhone users who can use Apple Pay use it
  • 50% don’t use Apple Pay but are interested in using it
  • 22% don’t use Apple Pay and don’t care about using it

The middle 50 is the most interesting aspect, there has certainly been migration to the Apple Pay use bracket since COVID hit. Other interesting data points: 34.4% use Apple Pay daily, 24.9% use Apple Pay every 2~3 days, 37% use it for public transportation, 69% use it for convenience store purchases. This last one is the classic Apple Pay Suica (and now also PASMO) sweet spot: quick small on the go purchases without Face • Touch ID, courtesy of Express Mode. With COVID and Face ID with face masks, that sweet spot is sweeter than ever.

The secret of success and important lesson
That is all well and good, but how did Apple Pay spearhead this market change? Apple Pay proved to be a great neutral platform for payment players to both play on and play off from. But that’s not all, there is a vital point that most people miss. The secret of Apple Pay Japan’s success was that it shifted the user focus and experience away from the Osaifu Keitai app model where different NFC services are scattered across many different apps, to a simple ‘just add the card’ in Wallet where everything ‘just works’ without apps. Complexity vs simplicity; it was this simplicity that ultimately won out because most users don’t want to deal with setting different services in a bunch of apps. It was this simplicity of the Apple Pay user experience, combined with Global NFC Apple Pay as standard across the board on all devices and price points, that drove the Japanese payments transformation that Osaifu Keitai could not with its complexity and exclusivity that pigeonholed it as a high end option instead of a standard feature.

This is the lesson of Apple Pay in Japan that other markets would do well to study. Lots of different apps offering NFC services doesn’t drive user uptake, centralized simplicity with an easy to use UI drives user interest and use, ‘it just works’ standardization. It is this centralized simplicity that is driving user interest in iOS 15.1 Vaccination Certificate Wallet support and driver’s license ID. The EU and Australia are determined to force Apple to make iPhone NFC ‘open‘ and move everything to the app centric model. If their intention is to drive user uptake, the Japanese market experience proves otherwise. Good luck with that. To most westerners the value of the Japanese mobile payments experience will remain utterly lost, like that old Psychedelic Furs song whine line, “You didn’t leave me anything that I could understand.”

The Crowd Cast cashless map illustrates the rich variety of Japanese payment platforms, some code payments players like ORIGAMI no longer exist

Looking ahead
Where does Apple Pay Japan go from here? Rakuten Edy, the very last holdout, will certainly join the lineup soon enough. iOS 15 Wallet has shifted the focus from payments to keys and ID. Expect to see to some digital key action later this year. On the ID side the Japanese Ministry of Internal Affairs and Communications (MIC) has said they are in discussions with Apple to bring the digital My Number (Japanese Individual Number) Card to Wallet, hopefully soon after it launches on Osaifu Keitai in March~April 2022.

The value of having a digital My Number ID in Wallet is that regions want to promote special services and discounts tied to a resident address. That way local governments can promote differently tailored discounts and campaigns for locals and visitors. JR East for example, is planning to use My Number Card for MaaS transit discounts that promote regional economies. When a payment is made with Suica, the appropriate discount kicks in with the My Number Card verification. The My Number Card + digital payments concept is similar to the 2019~2020 Japanese Government Cashless Consumption Tax Rebate Program. The promise of getting local area based discounts for using transit or buying stuff with Apple Pay is one of the most practical use case scenarios for digital My Number Card that I can think of.

Farther out we might see development of ‘Touchless’ transit gates that incorporate Ultra Wideband technology which is already being used in iOS 15 Wallet for Touchless car keys. It would be cool to simply walk through the gate iPhone in pocket, with Suica taking care of business. I was recently reminded that UWB enhanced gates would greatly benefit those with disabilities. I saw young man in an electric wheelchair going through a JR East station manned gate, the station attendant was holding the reader out for him to tap but his movement was limited. It was difficult for him to hold his iPhone to the Suica reader. A UWB gate would let him zip through unattended at any touchless gate, that’s what barrier free should be about. When you think about it, QR Code apps for transit are just cruel for handicapped users.

Next generation JR East transit gates are wheelchair friendly but UWB touchless gates are the best ‘barrier free’ solution for users with limited mobility.

On that note…despite all the hand wringing over the rise of code payment apps, even as Apple is flirting about adding code payments to Apple Pay, Japan will continue to be a fascinating place to observe contactless payment trends before they appear in other markets. And even though Apple Pay Japan has lost the cool factor that peaked in 2018 and become mundane, that’s okay. Apple Pay in Japan will continue to be the payment service where you can do things that you cannot do with Apple Pay in any other market. That sounds like fun to me and I look forward to the next 5 years of Apple Pay Japan and hope to write about digital wallet developments…occasionally. Since COVID hit blog traffic has collapsed to the point where I think it might be time to change gears. We shall see.

Until next time stay safe and have a good cashless…er you know what I mean.


Apple Pay Japan Comments
Some reader and net comments about using Apple Pay Japan through the years. Tweet or email if you have any experiences you’d like to share and I’ll add them here.

Apple Pay Suica is so convenient it made me wear my watch on my right wrist

The last 2 times I was in Japan, I used Apple Pay with Suica. It is miles ahead of what we have in Singapore, in terms of speed, feel, and experience. And best of all, no app download required!

I changed from Android back to iOS in 2017 mostly due to being able to use Mobile Suica…And this is the real reason I still have to educate people coming to Japan about mobile Suica and putting a debit card into ApplePay and never need an ATM for most things here…Also stop with “Japan is a cash driven society” tropes. I go for weeks not using bills and coins here.

Comment regarding code payment apps vs NFC: Imo Apple and Google Pay are all a payment system needs: it’s quick, easy, and doesn’t require looking like a clown trying to scan a code…Imagine having to scan a code to pay for Suica, it would be a nightmare.

I have no idea why Apple Pay isn’t more widely supported over here. I usually just try and use Suica on my Apple Watch for most things.

The true value (of Apple Watch) is in Apple Pay and Express Transit card. If your city support it especially the latter, it’s a tremendous value.

Truth to be told, I’ve been a user of Japan’s Apple Pay almost since it came out, even thought I don’t live there haha. As a Software Engineer I always was amazed how Japan had a contactless system that you can use seamlessly on transport or store purchases.

It might sound trite, but I am still happy and amazed every time I use Suica on my iPhone. It has been a long road from Edy and Mobile Suica to this point. The next thing for me would be export of my spending for tracking. Not through Suica, but from iOS. And I really wish more Japanese businesses used the Apple Wallet for (reward) cards. When it first debuted I imagined finally getting rid of all my store cards, but it never happened.

When I was in Japan in November, when I looked up my destination via Apple Maps, I got seamless linked to buy a SUICA for my Apple Wallet direct from my credit card. It was pretty slick – 10 second transaction and I had a SUICA in my Apple Wallet.

The best way to use Suica Card on Android devices is to simply buy a new iPhone…

Suica on Watch is just superb. Even better when worn on right hand.

Two great things about my iPhone XS when traveling in #japan: first, SUICA public transport card in Apple wallet and you are able to charge them via Apple Pay wherever you are and second the dual SIM feature to get a traveller SIM like #Ubigi into your phone easily.

Twitter question: Japan peeps, what are your fave “cashless” payment apps? What do you consider the most convenient/useful?

Twitter answer: Suica wallet. Everything else is fucking shit

I want more reward point card support in Wallet that’s easier to use than it is now and supports movie tickets too.

One more for the road: Ken Bolido’s wonderfully informative Apple Pay Japan intro video from 2019

The Apple Pay EMV Express Mode Security Trade-off

The Practical EMV Relay Protection paper authored by Andreea-Ina Radu, Tom Chothia, Christopher J.P. Newton, Ioana Boureanu and Liqun Chen, outlines a potential weakness with VISA cards when used with Apple Pay Express Transit. The BBC reported the issue which was then widely reported on Apple news sites. The authors and the BBC both frame the security issue as known by Apple, who say it’s a VISA system problem, and VISA who say the hack is only a lab project, not a real world problem. Ionut Ilascu on BleepingComputer had a concise summary:

The tests were successful only with iPhone and Visa cards. With Mastercard, a check is performed to make sure that a locked iPhone accepts transactions only from card readers with a transit merchant code.

Trying the method with Samsung Pay, the researchers found that transactions are always possible with locked Samsung devices. However, the value is always zero and transport providers charge for tickets based on data associated with these transactions.

The findings of this research have been sent to both Apple and Visa in October 2020 and May 2021, respectively, but neither fixed the problem.

Apple Pay with VISA lets hackers force payments on locked iPhones, BleepingComputer

Apple Pay uses a GlobalPlatform licensed secure element while Samsung Pay Knox technology uses a Trusted Execution Environment (TEE), it’s a flimsy apple vs orange comparison. A meaningful comparison should have compared iPhone with another secure element device, like Pixel using VISA. Because of the limited scope, it feels like an attention grabbing ploy as it involves iPhone, rather than meaningful security research.

The security paper authors concluded: “While either Visa or Apple implement a fix for the problem, we recommend users to not use Visa as a transport card in Apple Pay. If your iPhone is lost or stolen, activate the Lost Mode on your iPhone, and call your bank to block your card.” In other words, turn off the Express Transit Card option for VISA cards.

It is not Apple’s problem to fix but Apple set themselves up for this.

Steve Jobs said it best: designing anything is about choices and trade-offs. The Apple Pay that launched in 2014 was designed for credit cards with bio-authentication to authorize payment transactions. This changed in 2016 with the arrival of Suica, the first transit card on Apple Pay, and Express Transit. Express Transit and Express Mode emulate the way that transit cards and student ID are designed to work. The FeliCa and MIFARE protocols used for these cards are very secure and have a long history of safe prepaid smartcard use.

For a time, the Apple Pay security protocol design was clearly defined: EMV bank payment cards required bio-authorization for transactions while transit cards, ID cards and digital keys worked in Express mode without it.

All was good until iOS 12.3 and the arrival of EMV Express Mode that changed the rules so that credit cards could act like express mode transit cards too. No more Touch ID or Face ID authentication for using Apple Pay bank cards on Transport for London (TfL) and New York OMNY transit gates. It sounded like a good idea but Apple decided to promote these services by making EMV Express Transit ‘on by default’ when adding a credit/debit card to Wallet.

As any careful watcher of the OMNY rollout will tell you, there have been plenty of Express Transit problems, especially for MetroCard users. Most of whom have no idea Express Transit was a default on option. Express Transit issues continue to crop up as they did for Apple Card users recently with problems on the Mastercard network and Goldman Sachs side. Open loop transit comes with more downsides than promoters like to admit.

It boils down to this. When Apple activated EMV Express Transit and make it a default on, presumably to promote all kinds of Apple Pay cards for transit…cards that were never designed for it, it made Apple Pay susceptible to any and all bank card network security issues and glitches. Instead of Apple service quality or secure dedicated transit cards, the user ends up with bank and card company service level quality at the transit gate. In other words, EMV Express Transit quality is up to banks, not Apple nor the transit agency. It’s their card, they call the shots. That’s the trade-off that won’t go away.

UPDATE 2021-11-19
There was an interesting post on the TechRepublic site, Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves, that sheds more light on the EMV for transit weakness, why it is a potential problem and why VISA is the weak link. It boils down to offline data authentication (ODA) and how some card networks like VISA basically ignore it. Card companies control their their payment networks and run them how they want.

As outlined in the post above, the EMV Express Transit (and similar) security tradeoff means that Apple Pay, Google Pay, Samsung Pay will always be at mercy of lax card network payment operation practices, the same applies to transit companies who use open loop. This is why locally processed mutually authenticated stored value transit cards using FeliCa, MIFARE and Calypso protocols will always be the most secure contactless transit payments. This is why EMV Express Transit will always be a security tradeoff:

Yunusov said a lack of offline data authentication allows this exploit, even though there are EMVCo specifications covering these transactions. 

“The only problem is that now big companies like MasterCard, Visa and AMEX don’t need to follow these standards when we talk about NFC payments – these companies diverged in the early 2010s, and everyone is now doing what they want here,” he said.

Apple Pay, Google Pay and Samsung Pay apps are all vulnerable to this threat. There does seem to be a difference if a person is using a Visa card for payment instead of a Mastercard or American Express, according to Yunusov. 

“MasterCard decided that ODA is an important part of their security mechanisms and will stick to it,” he said. “Therefore, all terminals across the globe that accept MC cards should carry out the ODA, and if it fails, the NFC transaction should be declined.

Visa does not use this ODA verification at all point of sale terminals, according to Yunusov, which creates the vulnerability.

Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves

Sorry PRESTO but your open loop video is fake Express Transit


The Metrolinx PRESTO UP service started an open loop contactless payment pilot program this past week. It’s the first step for open loop support across the entire PRESTO fare system. The coverage on MacRumors and elsewhere, and the PRESTOcard youtube video (now gone) itself makes it look like PRESTO already supports Apple Pay Express Transit when it apparently does not. Apple is very picky when it comes to certifying which open loop transit systems support EMV Apple Pay Express Transit. There aren’t any in Canada. The U.S. has three: NYC OMNY, Chicago Ventra and Portland HOP.

Unfortunately the PRESTO video uses post-production tricks to fake Apple Pay Express Transit. There are three instances: the 1:14 PRESTO reader, the 1:30 onboard verification check, and the 2:16 PRESTO reader. Each of these require a Face ID without mask or passcode Apple Pay authorization. As a reader pointed out the post-production folks neglected to fix the Apple Pay passcode request screen to match the reader ‘Accepted’ screen. Metrolinx promoting PRESTO open loop rollout so people will use it is one thing, but deception isn’t doing users, or PRESTO, any favor.

UPDATE 2021-03-16
The PRESTO UP Tickets and Fares page lists EMV Express Transit support but it’s not clear if Apple, or the card networks actually support it or if it’s just wishful thinking. There is no mention of any similar benefits using Google Pay and the Apple Pay Transit support page does not list Express Mode availability in Canada. The PRESTO page also mentions an interesting iPhone issue: “Some iPhone models (8 and earlier), may experience an error message when tapped on a PRESTO device. If you tap with an older Apple device and see a message saying that multiple cards were detected, simply tap your device again and the PRESTO device should accept your tap.” PRESTO Contactless is a pilot program for teething open loop use issues. No mention of a digital PRESTO transit card of course. I suspect that when it comes (much later), it will be a closed loop debit card like Apple Pay Ventra.

UPDATE 2021-07-15
Presto pulled the video, it was definitely fake Express Transit.

Apple Pay Japan 2020 Wrap Up Wish List

A two word summary for people in a hurry: COVID and PASMO. As everybody in Japan knows at this point, COVID drove cashless payment use more than any government program could, or anything else for that matter. Cashless went from being the perennial ‘next big thing’ to first choice at checkout in a surprisingly short time with a growing number of ‘cashless only’ places. Here’s a short recap of the best and worst all things Apple Pay Japan in 2020.

The Worst: Face ID Apple Pay
COVID meant mandatory face mask wear outside the home. iPhone Face ID users outside of Asia quickly learned that Face ID and especially Face ID Apple Pay really sucks with face masks. Apple tweaked Face ID slightly to alleviate the issue but this is a long term problem with no short term workaround. Apple had the foresight to resurrect Touch ID in iPhone SE 2, the right device coming at the right time. For the time being it will hold up the middle and lower range iPhone user base in Japan. Face ID is such a marketing embarrassment right now that Apple only features Touch ID recharge on the Apple Pay PASMO page. The real short term future proof Face ID Apple Pay fix is Apple Watch.

The Biggest: Apple Pay PASMO
Mobile PASMO finally joined Mobile Suica, first on Osaifu Keitai Android then Apple Pay, the biggest and most important launch for Apple Pay Japan in 2020. Suica and PASMO combined represent 80% of the entire transit IC card market. In terms of pure usability, a large and diverse installed base, with Express Transit powered transit and purchases on iPhone and Apple Watch, PASMO easily beat all other Apple Pay service rollouts this year. Apple had VIP execs and foreign media on hand at the press event, something they haven’t done since the Apple Pay Japan launch in 2016.

The Most Influential: Toyota Wallet
The Toyota Wallet App rollout I wrote about a year ago turned out to be the model everybody is doing now: ‘XX Pay’ or ‘XX Wallet’ app consisting of a user account linked to a bank or credit card with a flexible payment dual mode front end offering QR Code payment via the app and a ‘instant issue’ prepaid card in Apple Pay Wallet. The Apple Pay Line Pay card launched on December 22 is the exact same model. Instant app issue debit and prepaid Wallet cards do away with plastic issue costs and lower the user entry bar, amount other things. Expect more of this in 2021, actually expect everybody to do this in 2021.

The WildCard: App Clips
iOS 14.3 App Clip Code support completed the picture for App Clip developers, but it will take time to see how they play out in a market overcrowded with mobile payment options. I think there is always a chance for a low cost high quality service which intelligently designed App Clips can deliver. The key will be solving the Japanese Softcream Cashless Index (SCI) Challenge: can App Clip cashless do a faster more reliable job than good old food ticket vending machines, without an app and without an account? How streamlined can it be and still be an App Clip? I hope we can find the answers to those questions in 2021… but there’s one more thing.

The Missing: Apple Pay Code Payments
The iOS 14 Apple Pay AliPay/Apple Pay Code Payment has been in open secret test mode for nearly a year with no firm release in sight. If screenshots are anything to go by, Apple Pay Code Payments are done with a virtual Wallet ‘card’ like any other and Apple Pay Wallet cards have certain properties:

  • Direct side button Wallet activation with automatic Face/Touch ID authentication and payment at the reader.
  • Device transactions handled by the eSE without a network connection.
  • Ability to set a default main card for Apple Pay use.

Supporting QR Code payments with an Apple Pay Wallet ‘card’ moves QR payments out of the app and removes some, but not all, of the QR payment friction points. It makes App Clips a better user experience too when all payments can be accomplished with Apple Pay.

Ultimately I hope the Apple Pay Wallet card model moves away from single mode technology and evolves to multimode awareness that encompasses NFC, Ultra Wideband, QR, etc. It has too. Our smartphones must be smart and take care of any payment technology for us. They have to because things are only going to get more complicated. People ridicule the Japanese payments landscape but that will be everywhere. Card companies and banks push EMV as a ‘global standard’ but EMV already comes in different flavors like PBOC, so does NFC (NFC A-B-F-V), and Ultra Wideband is joining the mix.

That’s what digital payments are all about: combining complex things into ‘it just works’ simplicity. Anybody can create or load a Suica, Octopus or PASMO into Apple Pay, without signing up or creating a new account, and start using it for lots of different instant payments. That’s how simple it should always be. That’s my 2021 Apple Pay wish.

Best wishes for a happy and safe 2021.

UPDATE: Reader Apple Pay Wishes for 2021

>Mine would be for VISA Japan to support Apple Pay.

>Mine are resurrecting #FeliCa-based @VisaJP TOUCH (can be rebranded), @id_credit re-attempts @ #FeliCa network expansion overseas starting w/ equipping end-users w/ the technology in new card distribution (via digital & physical), & @JCB_CARD expands @QUICPay_PR network overseas.