VISA blocking foreign issue cards for select Japanese in-app and online payments

Notice: latest VISA situation update here

SoftBank Payments network chart

When foreign issue VISA cards in Wallet stopped working for Apple Pay In-App Suica and PASMO recharge on August 5, the first people to howl in pain were Apple Pay PASMO users who suddenly couldn’t recharge with their Chase Sapphire VISA cards. Chase Sapphire users earned 3x travel points with a PASMO recharge, long time resident Suica users migrated to PASMO when JR East and VISA shut down 3x travel points in May 2021 when VISA finally signed with Apple Pay in Japan.

After confirming that my Wells Fargo Signature VISA stopped working for Apple Pay Suica recharge, I contacted Mobile Suica support. The official line: “There should be no problem with foreign issue cards, contact the card issuer.” My next stop was Wells Fargo card services support, official line: “There should be no problem with your VISA, contact the merchant.” Entirely expected of course but Wells Fargo confirm that Mobile Suica transaction attempts were not even showing on the Wells Fago system. They said it seems to be a ‘communications issue’ which meant something is not right on the VISA payment network merchant transaction authorization side. Everything was stopping there.

An Android Suica user confirmed the same non-JP VISA problem with Google Pay Suica recharge so it was larger issue than just Apple Pay. I contacted IT journalist Junya Suzuki who focuses on mobile payments. His first thought was something was going on with the VISA Japan payment network merchant acquirer side. For reference, the merchant acquirer handles transaction authorization from the merchant side, ‘this transaction is clear to send to the card issuer.’ The issuer then clears the transaction with the customer account, ‘this customer is good to pay for this charge.’

Merchant acquirer relations are very secretive, nobody knows who is the merchant acquirer is for Mobile Suica, Mobile PASMO and Mobile ICOCA though everybody is pretty sure it is the SMBC Group who are the banking group for all things VISA in Japan. Maybe they were tightening online transaction security…or something else. Suzuki san checked his sources and had this to say:

An acquirer made the decision stopping handling cards issued in other countries…In addition, that means JRE doesn’t know what’s happening on this problem.

In a his Japanese article he described JR East as a ‘victim’ of a situation forced by VISA, their hands are clearly tied. VISA payment network and their merchant acquirer are highly selective. For example: foreign issue VISA works fine for Apple Pay in-app purchases with the Starsbucks app, but not in-app purchase with JR East for Suica recharge. If foreign VISA cards were insecure, VISA would be stopping all In-App and online transactions, but they are not. This means the ‘security concerns’ excuse doesn’t wash, it’s a ruse for something else.

Security and Apple Pay Enhanced Fraud Prevention
It’s helpful to examine the impact of phishing and other security attacks targeting NTT Docomo, Line Pay, PayPay and other QR code mobile payment service users in late 2020, and JR East online service users (Mobile Suica, JRE POINT, Eki-Net and VIEW card) in early 2022. Security responses were varied and vague. Companies like to say they value customer security but hardly provide details of what they’re doing about it. Security details hashed out between the card brands, merchant acquirers and merchants are secret non-disclosure territory.

Japanese credit card issuers responded by upgrading to EMV 3-D Secure v2 (3-D stands for three domains: the merchant acquirer domain, the issuer domain, and the interoperability domain), for non-digital wallet browser and mobile app payments. EMV 3-D Secure is the EMV e-commerce browser and app authentication tokenization specification with the card brands using their own naming and implementing merchant support in their respective payment networks.

In addition to adding 3-D Secure v2 in their Mobile Suica and Eki-Net apps, JR East has beefed up security to fight Mobile Suica phishing attacks with tighter monitoring of Suica App recharge with the app registered credit card…not Wallet In-App recharge. It’s important to understand this key point:

  • 3-D Secure has nothing to do with Apple Pay and Google Pay, they and all other digital wallets like Samsung Pay, Huawei Pay, etc., do not use it. They have their own tokenization scheme. This is a common online misconception. Japanese issue VISA (and everything else), foreign issue Mastercard and Amex cards work for Apple Pay Suica • PASMO • ICOCA recharge without problems, without 3-D Secure.

Domestic security issues do not apply to inbound visitors adding and using Suica cards in Apple Wallet. They do not use Suica App or have a Mobile Suica account. And yet VISA seems to be using domestic security problems to block foreign issue cards for Apple Pay In-App recharge.

The tokenization that Apple Pay, Google Pay, Samsung Pay and similar digital wallets use is highly secure, some say more secure than EMV 3-D Secure tokenization. Despite this, Apple has been making some changes to Apple Pay to enhance security for online and in-app purchases, at the behest of VISA. Apple Pay quietly launched Enhanced Fraud Protection in April 2022 when Apple Cash switched from Discover to VISA. The updated Apple Pay and Privacy text added a new section:

For cards with certain enhanced fraud prevention, when you attempt an online or in-app transaction, your device will evaluate information about your Apple ID, device, and location if you have enabled Location Services for Wallet, in order to develop on-device fraud prevention assessments. The output of the on-device fraud prevention assessments, but not the underlying data, will be sent to Apple and combined with information Apple knows about your device and account to develop Apple Pay transaction fraud prevention assessments. These transaction fraud prevention assessments may be shared with your payment network, together with a shipping address identifier and IP address if available, in order to prevent fraud at the time of transaction. The shipping address identifier differs per payment network and may be used to confirm whether shipping addresses for different transactions using a particular card on your device are the same in a way that does not reveal the underlying address. You can check whether a card has this enhanced fraud prevention at any time by going to the back of your payment credential in Wallet. To prevent the sharing of fraud prevention assessments with your payment network, you can select another card.

Apple Pay & Privacy

This means that Apple Pay ‘might’ share iPhone/Apple Watch location information when making online or in-app purchases. So far VISA cards are the only ones that have Enhanced Fraud Protection but it doesn’t seem to apply to all VISA issue cards and it’s hard to tell which VISA cards use it.

Does enhanced fraud prevention have anything to do with Apple Pay Suica and PASMO recharge not working for foreign issue VISA? The short answer is no, but it’s a background development to be aware of because: 1) it’s limited to online and in-app purchases, 2) VISA is pushing for ‘fraud prevention assessments’ so they could obtain device location information and more. Only after VISA started pushing this agenda did we start having recharge issues with Apple Pay In-App payments.

The VISA open loop power play
So we circle back to foreign issue VISA use in Japan again. Why are cards cleared for Apple Pay, cards that worked fine up until August, not working? The timing is perfect when you also consider that VISA is heavily promoting ‘VISA Touch’ EMV contactless and open loop transit in Japan as a challenge to the home grown FeliCa based Transit IC card system. It’s very convenient for VISA Touch open loop marketing purposes when Apple Pay Suica and PASMO are kneecapped as easy payment and transit options for inbound visitors.

VISA has a history of not playing nice with Japanese stored value cards on mobile and not playing nice with Apple Pay. Japanese issue VISA cards didn’t work for Apple Pay in-app purchases and Suica recharge until May 2021, VISA waited 5 years to ‘resolve’ that issue. VISA cards still do not work with Mobile WAON and Mobile nanaco on Android and Apple Pay, they likely never will. My take is that VISA is not happy with people using VISA cards like an ATM to move money into stored value prepaid cards for making payments, earning points, etc., that are not VISA.

VISA has played hardball with Apple Pay in the Japanese market before, they are doing so again. Perhaps they refuse to be an ATM-like recharge backend for Japanese e-money cards…unless they also get ATM-like lending rate transaction fees. They certainly will use the opportunity to promote open loop VISA Touch and Stera Transit at the expense of Mobile Suica market and mindshare. The real question: is VISA making their own market opportunity here? I say they are not playing fair, as monopolies often do.

Examining VISA’s moves in the Japanese market proves one thing: payment network issues are never simple or solved quickly because they often come down to market politics. VISA has never played nice with Apple Pay in Japan since the very beginning, they continue to do so. At the very least we can mark this down as another skirmish in the ongoing digital payment turf wars.

This post was originally posted 2022-08-08 and has been updated to reflect a changing situation. The post date reflects the latest major update.

Global NFC Google Pay will never happen

Let me rephrase that: Global NFC Google Pay will never happen because it depends on the device’s ability to run Osaifu Keitai apps.

To which I’ll add: because Google can’t be bothered building their own software stack in Android OS Google Pay that replaces Osaifu Keitai.

Osaifu Keitai is a smartphone only software stack that has not and can not be updated for the smart wearables era. This shortcoming is driving some interesting solutions, discussed in a recent Reddit thread lamenting that Pixel went cheap instead of deep…again.

Does the US version of the Pixel 6 Pro have FeLiCa / NFC-F?
This is the #1 reason I haven’t been able to move away from iPhones… I almost pre-ordered a 6 Pro today, but this is too much of a deal for me. Does anyone know if the US model will finally be compatible with FeLiCa (sic)?

Comment:
All Pixels sold in Japan since the 3 have Mobile FeLiCa NFC-F. However, Google Pay makes limited use of it. Unlike Apple Pay, Google’s implementation is limited to just a few apps in Japan. They are going to need to do a top-to-bottom overhaul of Google Pay to make this available worldwide. Not this year. But maybe as they integrate Fitbit and produce a watch, that might be the kick they need to make it work.

Reddit

Mobile FeliCa is installed and runs on Pixel models worldwide, however Pixel blocks the Osaifu Keitai stack from running except for Japanese models. Despite this stalemate on the Android side, we’ve seen a number of smart wearables with Mobile Suica released over the past year from Garmin and Fitbit. We’re also seeing signs that Suica support is coming to Wear OS. From a reader:

Suica appears to finally be coming to Google Pay for Wear OS. There’s strings like “FeatureRolloutsModule_ProvideSuicaSupportedonWearValueFactory,” “WearSuicaCard,” and “WearSuicaProvisioning” in the newest APK.

Wear OS, Garmin and Fitbit do without Osaifu Keitai by using Mobile Suica Lite which runs on Mobile FeliCa Cloud. This is fine for wearables but it does leave a service gap, Osaifu Keitai devices gets the full array of FeliCa services but wearables get a subset. This begs the question, what is the future of Osaifu Keitai when it’s limited to smartphones? Apple does without it which is why both iPhone and Apple Watch seamlessly deliver the same full set of Wallet services.

Only when Google does a top to bottom overhaul of Google Pay that replaces its current dependence on Osaifu Keitai can Global NFC Google Pay ever happen and allow Google to deliver a Pixel family of devices from smartphone to wearables, that truly rival Apple, feature for feature. We need that.

Google’s previous effort, the ill-fated Android Pay HCE NFC-F, along with cheap over deep premium Pixel devices, doesn’t instill confidence that Google cares about getting it right.

Are Google Pixel 5 and Fitbit up to the Global NFC Challenge? (Update: Pixel 5 not)

It’s that time of year again to think about FeliCa support on the Google Pixel platform as Pixel 5 approaches. Ever since Pixel 3 things have been the stuck in a rut: the same global NFC (A-B-F) chip and Mobile FeliCa is in all Pixel models, but only Osaifu Keitai apps launch and run on Japanese SKUs. No Suica for you if you don’t have one of those.

I used to think that Google was going cheap instead of deep. Google is cheap here actually, and lazy, but there are some other reasons. It goes back to the problem many people had with Google Pay Japan FeliCa support to begin with: it’s only a UI candy coating on top of the aging Osaifu Keitai stack and apps. Instead of doing a true top to bottom Google Pay global NFC solution like Apple did, Google Pay Japan FeliCa support is just surfing on the Osaifu Keitai board. And of course the Android Pay HCE-F thing is long since dead, it’s eSE or nothing now.

One problem is this: Osaifu Keitai is a domestic platform, Osaifu Keitai apps (Suica, etc.) are domestic apps. The various Osaifu Keitai partners and developers don’t want to deal with the extra expense of multi-lingual localization and support. Neither does Google, hence the logjam.

Google’s recent purchase of Fitbit might be the agent of change that finally changes the situation. The Osaifu Keitai model doesn’t extend to wearables. Google Pay has to come up with something new to replace Fitbit Pay, something that works across paired devices seamlessly if Google Pay Suica is to exist on a Fitbit smartwatch paired with Pixel.

There is something new this time around that didn’t exist, or at least didn’t exist as a marketed developer product back in 2018: Mobile FeliCa Platform and Mobile FeliCa Cloud for supporting all kinds of Mobile FeliCa services worldwide. This arrangement got us Suica on Garmin Pay.

Taken together I think there is a better chance Google will go deep instead of cheap, hopefully sooner than later. Google Pay Suica and Google Pay PASMO on Pixel and Fitbit devices from anywhere would be a very welcome development.

Update: Not labeled on diagram

Pixel 5 was announced and FeliCa support is still limited to JP models, more cheap instead of deep. Pixel support pages (screenshots) list FeliCa support in the ‘Not labeled on diagram’ section with Osaifu Keitai links and this new bit: “To use FeliCa on Pixel 4 and later Pixel phones you’ll need 4 apps that should automatically open during setup.” This is the enablement step that Google blocks on non-JP Pixel models. The strange thing is that Mobile FeliCa is hiding in plain sight on all Pixel models, if Google wanted to they could allow enablement remotely.

This confirms the FeliCa situation won’t change for Pixel until Google builds their own Google Pay replacement for Osaifu Keitai software instead of candy wrapping it. It all comes down to what Google wants to do regarding Suica support on Fitbit. Something will have to change in Google Pay if they want to do that.

Special warning to Hong Kong Octopus users: don’t buy a Pixel device for using the Octopus Mobile SIM. FeliCa Dude reported that Google purposely crippled Pixel 4 SWP support for products like Octopus Mobile SIM and this is the case for Pixel 5 as well. Only use officially supported devices for Octopus Mobile SIM.

T-POINT? We don’t need no stinkin’ T-POINT

In the ephemeral COVID era we live in assurance don’t come easy, especially with JP cashless market data. Half the fun is taking the crumbs you find, a 1000 person web survey here and there, and seeing what trends you can tease out of it.

First of all the usual disclaimer: cashless use is highly regional, depending on transit use and many other factors like age group, shopping habits, and reward points. It’s this last item that makes the CreditCard no Yomimono survey so interesting.

Reward points are the dangling carrot all Japanese cashless players use to drive card use. New comers like PayPay use them shamelessly to capture customers and build their platform. Japanese customers love to play the ‘what combo gets me the most points’ game but they are also notoriously cold shoulder when they feel gypped. And once they drop something, they never come back.

The survey skips over regional point systems like JRE POINT (though I think that’s debatable considering Mobile Suica on Apple Pay/Google Pay/Osaifu Keitai), and examines ‘national’ point systems: d POINT, T-POINT, Rakuten POINT and PONTA with a simple question. Which one do you use? 2,271 people said:

  • Rakuten POINT: 59.9%
  • d POINT: 18.4%
  • T-POINT: 14.4%
  • PONTA: 7.3%

It’s clear to see why JR East cut that special deal for Rakuten Pay Suica: the different online Rakuten businesses for shopping, travel, etc. mesh well and there are a lot of people invested in Rakuten POINT. The deal puts Super Suica in a good 2021 launch position for new local transit partners, MaaS NFC Tag Suica and more as the platform grows.

It’s a bittersweet deal however for JRE POINT. It’s a real shame and missed opportunity that the major IC transit cards (Suica, ICOCA, TOICA, etc.) are compatible for transit and eMoney, but not for points. Even if they all kept their own point branding and simply offered 1=1 point exchanges, people would use them more.

The decline of T-POINT is not surprising, dropping from 60% in a 2015 survey. Culture Convenience Club (CCC) and SoftBank ran T-POINT into the ground and it’s not coming back. It’s only a matter of time before SoftBank kisses T-POINT (and CCC) goodbye and unveils PayPay POINT.

PONTA is another major that has not gained much traction so far but this might change with the recent LAWSON Bank PONTA Plus branded credit card push. All of the point systems need to add Apple VAS and Google SmartPay support and drive acceptance on the merchant POS level. The less we have to deal with separate plastic point cards, all the better.

Transit Platform Basics

I have attempted to explain the unique Japanese ‘transit platform’ business model in many posts scattered over 3 years. It’s a model that didn’t exist outside of Japan for a long time because Japan was the first country to move beyond plastic cards and launch them on mobile devices in 2006. There are transit systems that are very close to what the Japanese transit platform does, Hong Kong Octopus in particular, but none that combine the elements of private enterprise transit, a mobile platform and a nationwide footprint.

A reader asked some very good questions regarding JR East Transit Platform model basics and how they compare to Open Loop. I’ll try to summarize the essential points.

1) Thinking about this recently – is there a non-techie argument for introducing Suica-type cards in the current day in places with preexisting open-loop infrastructure, wide debit card adoption (even kids), and little overcrowding at ticket gates due to lower volumes?

2) As a tech & transit nerd, I obviously love them, but what could be a convincing, economically sound pitch to a transit operator for creating/adopting an integrated transit&e-money system, given the significant expense and questionable added value?

3) Answers to possible q’s about EMV contactless: 1. 定期券 (commuter passes) & discounts can be tied to card no.; 2. solution for visitors: in-app/paper/multi-trip tickets (like in SG). Obv., Suica has superior privacy & speed, but where speed is not an issue, what’s the killer argument?

My response:

Simple choice: moving people quickly and safely by transit, managed wisely, is a license to make money. A transit company can use that license to build something of greater long term value for the users and businesses of the transit region, a win-win, or give it away to someone else.

A transit platform is the best approach if a company wants to achieve the former. Investing everything in Open Loop as the only strategy is the latter.

Any argument for building a Transit Platform or going all in with Open Loop transit comes down to transit company priorities for safe operation, better customer service and long term business goals. A few crucial points to consider.

Who owns the customer?
A vital point many people miss in the Open Loop debate is that transit users end up as the bank card customer, not the transit company customer. This might seem like an insignificant difference but ‘owning the customer’ is the whole game and key to growing any kind of business, in our era or any era. There is also the question of what’s best for transit user privacy. Which brings us to the next point because one of the best ways to own the transit customer and build a business far beyond simple fare collection is a transit card.

Transit Cards: micro bank account without the bank
Prepaid transit cards are a delivery vehicle for all kinds of service goodies, a mini non-bank account if you will, from transit to points rewards and a growing portfolio of services. The beauty of a non-bank transit prepaid card is its flexibility and security. It can be a simple ticket that customers buy with cash from a station kiosk, or it can be linked to an online account for extended transit services and users can further extend it by attaching a credit card and earn reward points.

eMoney micro bank accounts for all kinds of payments and services that float
The important transformation here is evolving the card beyond transit fares to eMoney payments that can be used throughout the transit region, pioneered by Suica and Octopus. Japanese transit companies and Hong Kong Octopus have built those micro bank account transit cards into a very nice transit payment platform business that combines transit, payments and other services attached to the card which means there’s a lot more stored fare floating around than plain old transit-only cards.

One benefit not discussed much in the open is that by encouraging heavy use and ‘recharge’ of the transit/eMoney card, the transit company earns interest on the ‘float’, the combined total of all those unused prepaid balances sitting in all of those transit cards in the system. The next transformative step is mobile, which is key.

Digital Wallets: extending the reach
The most powerful transit card incarnation is the digital wallet transit card with a flexible recharge backend, where any bank card can attached in an app, or on the fly (Apple Pay, Google Pay, etc.), or even cash recharge at stations, convenience stores and such. The addition of digital wallets means there’s ever more e-money transactions moving through those cards with short term parking…more float for transit companies to earn interest.

Once the transit card goes mobile it can extend beyond the restraints of plastic card technology. It can have a flexible front-end that can be NFC, UWB Touchless or even QR. My basic position regarding open loop bank cards for transit is that doing so eliminates these options for the transit company. I say it’s better for the transit operator to decide what payment technology works best for their long term needs and how to deliver better customer service with new payment technologies, not banks. More on that in the open loop section below.

Value Capture
Value Capture applies to rail and transit operators with the rights to develop the land around their stations, I include station retail development and operations. Owning a transit + payment card like Suica or Octopus combined with retail opens up a whole new levels of value creation and capture.

It’s also important to remember a few other dynamics, (1) Transit is the golden uptake path for contactless payments, (2) Contactless payments are most successful when a transit payment platform, like Suica, is matched with a mobile wallet platform, like Apple Pay. The key is building better payment services tied to transit platform cards that benefit customers and businesses of the entire transit region.

The limitations of Open Loop ‘One Size Fits All’
Open Loop is sold as the cost effective future of transit ticketing but it adds a layer of complexity and cost that stymies native digital transit card support. Complexity and higher cost means fewer choices, delays, and mediocre performance. Steve Jobs explained it best in his last public appearance: a great product or service comes down to focus and choices, either you can focus on making certain technologies work great on your platform versus just okay when you’re spreading yourself too thin. Open Loop means transit system resources too thin, simple as that.

My basic position is that the arguments for open loop are plastic era constructs that ignore how mobile digital wallet platforms and mobile apps have changed everything. For example the oft cited open loop benefit of plastic smartcard issue cost savings completely overlooks the cost savings of digital transit cards on smartphones.

Regarding detailed questions such as attaching commuter passes to EMV cards and special ticketing, I am no systems expert but a few things come to mind. First of all we have not seen Open Loop commuter passes because the EMV spec doesn’t store anything locally and there are always security and performance issues to consider when everything is done in the cloud with soft-linked registration to system outside numbers.

The classic catch 22 here is that when the soft-linked number changes on one system, everything attached to it on the other system stops working. This is a constant weakness of the SmartEx and new JR East Shinkansen eTicket service. And what happens if the bank cancels a card mid-transit? These things happen. They are endless headaches when linking to any outside system, for this reason Open Loop sticks with the simple stuff while transit operators keep the more complex stuff in-house. In general the more complicated the fare configuration, the less likely it can be synced with an outside system or be hosted on Open Loop.

Paper ticketing and NFC passes
For low volume specialty ticketing, QR codes are the easiest step up from mag strip paper and QR can be printed on ordinary paper for transit users without smartphones. This is why JR East is deploying QR code readers in some gates as they prepare to end mag strip ticketing.

NFC Contactless Passes might sound like a good idea but Apple Pay VAS and Google Pay Smart Tap were designed for retail and are far too slow for transit use. The transit gate reader system has to juggle different protocols. It could be done, but from my experience of using Apple Pay VAS PONTA and dPOINT cards the technology hold promise but the current version isn’t there yet. QR Codes are faster and easier to implement.

Summary
In the long run there are no easy solutions which demands a clearly defined strong but flexible business vision. The most important take away is balance with each piece of technology doing what it does best to create a greater whole. For mobile transit this is: 1) a credit/debit/prepaid on the recharge backend, 2) a stored value micro bank account in the middle with a rich set of services attached, 3) a fast flexible NFC front end with fast tap times that can evolve to Touchless and other technologies.

The risk of Open Loop is that it is sold as a monolithic ‘fix all’ mobile solution, which it is not. This lulls transit operators into complacency instead of improving Closed Loop ticketing systems and services, extending them to the mobile digital wallet era for long term gain and sustainable transit.

The simplest sum up: if you ignore Closed Loop and mobile digital payments, you’re ignoring a business opportunity.

Relevant Core Posts
The Contactless Payment Turf Wars: Transit Platforms (an intro)
Transit Gate Evolution: Do QR Codes Really Suck for Transit? (a deeper dive into transit cards, gates and technology)
Road to Super Suica (evolution of the Japanese transit platform business)
Value Capture and the Ecosystem of Transit Platforms (the bigger picture)
The Japanese Transit Platform Business Model (an outside perspective)
The Open Loop transit privacy question