iOS 13 and the Transition to Global NFC

Crowd Cast president Takashi Hoshikawa updated his Japan Cashless map introduced back in January, the cacophony of QR Code payment platforms continues to grow. Just like any gold rush, QR will crash and burn at some point. Big players will gobble up the smaller ones and things will settle down.

But something else is going on. There’s a small but important difference, so small that Takashi Hoshikawa is not aware of it: he labeled the FeliCa section in the upper left corner as NFC.

This is the result of using Apple Pay on a global NFC iPhone where all the necessary hardware and software is seamlessly unified. The old plastic card mentality of different walled off technologies: contactless credit card (EMV), transit card (FeliCa, MIFARE), ID card (ISO 7816), NFC A/B or F, etc. slips away and becomes one seamless NFC Wallet in the mind. This mindset is also on display in SearchMan co-founder Naoki Shibata’s recent article on Rakuten Pay Suica: no mention of FeliCa anymore, it’s just one NFC thing.

This is an important and natural, but quiet progression that will accelerate with the enhanced NFC support in iOS 13 and expansion of new services like Apple Pay Octopus. iOS 13 Apple Pay Wallet will set the standard for global NFC that just works, a standard that Google Pay will struggle to match because of Android hardware fragmentation.

Players that leverage the advantages of global NFC and offer new services based on them, like JR East (Inbound Apple Pay Suica), and Mastercard (NFC switching dual mode bank card services) will gain, while companies that stick with the old ‘one thing’ contactless plastic card mentality, like Visa, will lose. It’s that simple.

Advertisements

Rakuten Pay Super Suica Connection

IT journalist Junya Suzuki wrote an interesting piece for Impress Watch detailing the recent Rakuten Pay Suica announcement. Unfortunately there was a major missing piece of analysis: Super Suica. I asked him about it.

I look forward to reading Suzuki san’s take, meanwhile here is mine. It has everything to do with the Japan Transit IC card standard and the common eMoney purse that I wrote about in the Apple Card piece.

(The) Japan Transit IC card standard occupies a very special category, 255 transit companies form a common interoperability standard which started from Suica. There are more issued Transit IC cards than people in Japan, everybody has one.

The core group of 9 major cards (Suica, PASMO, ICOCA, TOICA, Kitaka, manaca, SUGOCA, nimoca, HAYAKEN) also share a common prepaid purse: Transit IC eMoney. The national coverage and scale of the major cards transforms Transit IC eMoney into something special found nowhere else: a de facto national prepaid card standard.

File:ICCard Connection en.svg
Japan Transit IC Map, a very cool animated timeline is also available

Pay close attention to the transit cards that encircle the pink area, with the exception of PiTaPa. These are local rural area transit cards that are currently orphaned from both the common eMoney purse, and transit interoperability.

In April 2021 Super Suica will enlarge the pink area to include these orphaned cards. They will join the common eMoney purse and be compatible with all the pink area cards for transit and purchases. These will also be on Apple Pay Suica, Google Pay Suica and Osaifu Keitai.

That is a huge change in and of itself, but there is another very important aspect. All of these orphaned rural area transit cards are basically cash recharge only. Rural area transit companies operate on shoe string budgets and cannot afford the infrastructure cost to host credit card recharging on the back end even for kiosks.

Super Suica will solve this problem and what better solution than Rakuten Pay Super Suica for all rural Rakuten Pay users, and there are lots of them. This is the major sweet spot that Rakuten and JR East are aiming for. It merges the Rakuten Pay backend with the Super Suica frontend into one convenient service for transit and eMoney purchases while leveraging lucrative Rakuten loyalty points. Rakuten has the best integrated point system in Japan and JR East wants to use it to extend the Suica Platform nationwide. Rakuten Pay and Super Suica belong together, like peanut butter and jelly.

Suica tops cashless use for the younger generation

There is a universal law that whenever you post anything with recent market data, newer better market data appears the next day. Just after posting the latest Contactless Payment Turf Wars installment focusing on Suica eMoney, TesTee Lab released a new market survey focusing on prepaid eMoney use (Suica, WAON, nanaco, etc.) in younger people ranging from teens to twenty somethings. The sample is small, only 3,396, and does not mention if the sampling is regional or national, but it runs from 2017~2019 which makes it possible to tease out some trends.

The first graph looks at overall spending methods: cash, eMoney, plastic credit cards, etc. Cash is still king but is closely followed by FeliCa eMoney (mostly prepaid, some postpay) and plastic credit cards. Unfortunately there is no spending category information (convenience stores, restaurants, etc.).

The next category focuses on eMoney categories: Suica/Transit, nanaco, WAON, etc. The inclusion of postpay iD and QUICPay muddies the water some, but one important takeaway is that Suica/Transit use leads the other prepaid cards by a wide margin. The other important takeaway is that Apple Pay Suica/Google Pay Suica is the most used digital wallet card. The top 4 spending categories are: convenience stores 76%, transit 58%, supermarkets 33.4%, cafe/restaurants 16.9%.

The next graph illustrates an interesting trend. As eMoney acceptance grows and more people use it, the more people want to use it everywhere. And the more they use it, the less concerned they are about security.

HCE Secure Element in the Cloud is pie in the sky

Stefan Heaton’s blog piece “The reason Mobile myki isn’t available on iPhone… yet” is all the proof you need that Google inspired endless nonsense with Android Pay HCE support. This was shortly after the NFC “secure element” wars were over, with embedded Secure Element (eSE) on SIM cards losing out to eSE on smartphone chips. A secure element in the cloud approach seemed like it would solve everything, except that it didn’t.

myki is MIFARE which has never been compatible with HCE. Neither is FeliCa, which Google Pay users outside Japan assumed would work for Suica until they found out HCE-F was dead in the water and lost their shit.

What nobody has said, and I think it’s worth pointing out, is that the Android Pay to Google Pay shift was also a break with HCE and Google providing, or pretending to provide, a secure element strategy for all Android licensees. Instead, Google is focused on Pixel and their own eSE, all other Android licensees and manufacturers be dammed and left to find their own solutions. I guarantee you that, in time, Google will be doing most, if not all, of the same security hoops that Apple does now, for Google Pay card emulation (not host card emulation) for Google Pixel platform eSE access.

So yes, Apple does limit NFC Secure Element (implemented in the A Series Secure Enclave) access with PassKit NFC certificates. But Apple Pay MIFARE is real MIFARE, and Apple Pay FeliCa is real FeliCa. Public Transport Victoria (PTV) can apply for a myki card PassKit NFC certificate just like any developer. And for goodness sake Stefan, stop writing sentences that confuse Express Transit payment cards (EMV credit/debit cards) with regular Express Transit cards (FeliCa, MIFARE, PBOC). Suica is not a credit card and emulating EMV at a transit gate doesn’t automatically make a credit card into a Apple Pay Suica transit card, not by a long shot. If your aim is promoting open loop over closed loop, that’s one thing. Either way, your LinkedIn blog post is not doing your LinkedIn resume any favor.

UPDATE: Yep, myki is coming to Apple Pay, nothing to do at all with HCE support.

Welcome Suica

JR East announced a special plastic Suica card for inbound tourists called “Welcome Suica” that will be available from September 1, 2019 at major Tokyo area stations and JR East Travel Service Centers. The main attraction according to the press release is that the Welcome Suica card does away with the ¥500 deposit, and the hassle of getting it back when leaving the country, but the card is only valid for 28 days from the issue date and JR East also says that unused Welcome Suica balances are not refundable… but the unique card design makes a nice souvenir. Welcome Suica cannot be added to Apple Pay or Google Pay and is plastic issue only.

The whole thing sounds like it would have been a nice idea before Apple Pay Suica and Google Pay Suica, both of which let users to add virtual Suica cards without a deposit, and can be safely removed from Wallet and left on the cloud until needed again.

UPDATE
PASMO PASSPORT is a similar but slightly less attractive deal than Welcome Suica: a limited 28 day validity PASMO, a 500 JP¥ deposit fee with no deposit fee or balance refunds. It does have a cute Hello Kitty design however. A user asked if I had any opinions about Welcome Suica and PASMO PASSPORT. I thought about it and can only assume Welcome Suica/PASMO PASSPORT plastic cards are aimed at inbound visitors…

  • Who don’t plan on visiting Japan again
  • Who don’t have iPhone 8/Apple Watch Series 3 and later for Apple Pay Suica, or a Osaifu Keitai Android device for Google Pay Suica
  • Who don’t have an Apple Pay compatible bank card or come from a country where Apple Pay isn’t available yet (Indonesia, Malaysia, most of Latin America, Africa etc.)

The Welcome Suica and PASMO PASSPORT 28 day validity is also a great deal for transit operator hotlist management. From FeliCa Dude’s epic Apple Pay Octopus on iPhone 7 Reddit post:

Hotlist management is also a reason to reject a card that hasn’t been used for a while. Most lost cards are found by people who know they are lost, and honest people are unlikely to tap cards that don’t belong to them on card readers. If these lost cards are hotlisted but never disabled by a reader that encounters them, then the hotlist can grow to a size that can’t fit in the memory of a reader.

One way to manage this problem is to have the reader reject cards that have no recent transaction record (say, six months), and refer the cardholder to an operator. The operator then ‘unlocks’ the card using a terminal that has access over the network to the master hotlist. The latency of the unlock operation isn’t critical, so this kind of online referral is fine, and it allows for the hotlists in each reader to be pruned after a certain amount of time has elapsed since the card was hotlisted. This is likely to be the reason that Suica cards that aren’t used for six months need to be processed by a gate attendant (it could also be because of key rollover).

Plastic card management costs money and the growing number of inbound visitors asking for deposit refunds and balance refunds at airport train stations is a cost headache for transit companies to babysit all those tiny cash refund transactions. Hence we have Welcome Suica and PASMO PASSPORT with 28 day validity limits and no refunds.

To be sure, there are lots of inbound visitors who will probably be perfectly happy using a Welcome Suica or PASMO PASSPORT. But for iPhone and Apple Watch inbound visitors the new direct Suica card creation in iOS 13 Wallet (no more apps) is a better way to go.