Yes, QR Codes Suck for Transit

Here are QR Codes in action at subway transit gates in Beijing.

And here is Suica in action.

Working Backwards from the User

The Suica development starting point was a user problem with magnetic card commuter passes. Old style paper passes were visually inspected at gates and could stay ‘in-wallet’ with a clear plastic opening. Magnetic card commuter passes had to be removed from the wallet and feed through the gate reader. Engineers wanted to recapture the simplicity of paper passes with IC cards.

The development process involved a lot or trail and error but Suica turned out not only to be convenient and fast but also user friendly in the way that people use things, in-wallet or otherwise. This is a classic Steve Jobs design principle: start with the user experience and work backwards to the technology.

Smartphones replicate the in-wallet experience as ‘Express Cards’ on digital wallet platforms like Apple Pay and Google Pay. The user pulls out the device and holds it to the reader. No unlocking or Touch ID/Face ID required.

QR Codes and EMV contactless on smartphones share the same transit problem of old magnetic card passes: they are not ‘in-wallet’. Devices have to be unlocked to open an app or perform a biometric authentication. This problem is compounded by poorly designed transit gate QR and EMV readers that end up forcing users to adapt to the technology and it slows everything way down. This is a design failure that would never meet the requirements of Tokyo stations where a gate has to clear 60 people a minute.

What’s fascinating to me is the assumption by some people in China, Hong Kong and even Japan that the QR Code success in China automatically qualifies it as a global payment standard regardless of the technology and business models already in place. This doesn’t ring true to me, there is something else going on.

China for example has put a lot effort into creating and promoting the China T-Union transit card standard which can be added to MI Pay, Apple Pay and Huawei Pay. Nevertheless there are not many people using China T-Union in the video. The Japanese tweet comments say that recharging China T-Union cards are not very convenient and do not offer the point goodies that AliPay and WeChat Pay do. Bingo. Is it really is that simple?

Technologies that have viable business models attached to them work better in the long run. FeliCa fares better than China T-Union or CEPAS (EZ-Link) because a transit platform like Suica does better job of attaching services and point goodies on the back end. Perhaps if China T-Union had a better business model that offered more recharge reward goodies and services on the backend to compete with QR ecosystems people might use it more, unfortunately business promotion is hard for government run transit authorities.

Advertisements

Taiwan EasyCard coming to Samsung Pay in 201

Yahoo Taiwan reports EasyCard coming to Samsung Pay

Back in August when the Taiwanese Representative Office in Tokyo announced that EasyCard and iPass would accept credit card recharge starting in October, I suspected backend support was being put in place for Apple Pay support. I was half right, the addition of credit card recharge was a sign that the cards were getting ready for digital wallets but not Apple Pay. Yahoo Taiwan reports that Samsung is negotiating with the EasyCard Corporation to bring the MIFARE based EasyCard to Samsung Pay in 2019 via a software update.

EasyCard is a stored value (SV) transit card similar to Suica used for both transit (MRT, Metro, buses, ferries, etc.) and e-money purchases. It will be the 2nd Samsung Pay ‘exclusive’ after Hong Kong’s Smart Octopus launch in December 2017 which is FeliCa based like Apple Pay Suica but still exclusive to Samsung Pay.

Apple Pay does support MIFARE cards in iOS 12/watchOS 5 which is the technology behind the recently added contactless student ID cards. Technically there is nothing standing in the way of getting EasyCard and iPass on Apple Pay. The sooner all SV transit cards are natively hosted and widely available on digital wallet platforms (Apple Pay, Google Pay, Samsung Pay, etc.) the better, it only becomes truly useful when everything is well integrated.

Meanwhile in other MIFARE related news NFC World reports that the Allianz Arena in Munich now supports Apple Pay NFC ticketing provided by Skidata. It’s exactly the setup that Apple showed developers at WWDC18.

The Contactless Payment Turf Wars: why Oyster is missing from mobile

Open Loop EMV
It is very strange that the TfL Oyster card, which completely transformed London area transit still isn’t hosted natively on Apple Pay or Google Pay. Other MIFARE based cards are hosted on both digital wallet platforms and TfL has an Oyster app for account management and online recharge (top-ups). From a technical standpoint there doesn’t seem to be any particular problem preventing them. Perhaps it is a political thing.

TfL decided in 2011 to put their resources into the emerging EMV contactless standard. The reason was simple:

The current Oyster system, though very popular, is expensive and complex to administer. Contactless bank cards use existing technology, responsibility for issuing cards would lie with the banks rather than TfL, and the operating costs should be lower.

That is politician think, not business think: everything is a budget problem, not a business opportunity that needs investment, reduce costs by letting someone else pick up the tab but let them take their cut first. I wonder if TfL publishes how much they pay out in transaction processing fees to banks and Cubic? Perhaps not. Meanwhile budget pressures are not letting up as Londonist notes:

In 2017 there was a push to nudge people away from their Oyster cards and towards contactless. One announcement rang out all over London’s tube stations: Why not use your contactless bank card today? Never top up again, and it’s the same fare as Oyster.

The die was cast in 2014 and probably won’t change. Instead of putting resources into hosting Oyster on Apple Pay or Google Pay, TfL and Cubic already have a mobile solution which is ‘open loop’ ticketing with EMV contactless bank cards. Open loop does not address the finer issues of different fare schedules (children, seniors, etc.), commuter passes, season tickets, nationwide transit interoperability, regional promotion, nor does it offer the business advantages of a transit payment platform, Express Cards with power reserve or any kind of future vision. That’s the end of the open loop story because EMV contactless is a very dumb smart card.

It’s a shame really because TfL loves to say they generate the most transactions in all of Europe. To me that’s a gold mine to build an empire, budget problems solved. Unfortunately TfL gives that gold mine away to banks and Cubic.

You can see the same thinking with Oyster’s Australian cousin, the Opal card system, built and managed by Cubic, just like Oyster. Opal is also going the ‘open loop’ route instead of transit cards on mobile.

Open Loop QR

Hong Kong’s Octopus (FeliCa) and Singapore’s EZ-Link (Ex-FeliCa now CEPAS) are going open loop but in different ways. EZ-Link has been testing EMV contactless for over 2 years now, users report a less than smooth experience. Kaohsiung Rapid Transit in Taiwan which uses MIFARE based iPASS and EasyCard is also considering EMV contactless open loop while the recently opened Taoyuan Airport MRT offers QR Codes and a cute YouTube video.

Hong Kong going the QR Code route shows how badly AliPay wants in on Hong Kong transit, and MTR Corporation in on China transit, bad enough that Hong Kong will sacrifice a great transit payment platform for AliPay, another gold mine giveaway. Judging by the AliPay branding and retrofitted QR Code readers on Hangzhou Metro gates in the pictures above, what AliPay wants, AliPay gets, but the fast FeliCa based Octopus smart card stands in the way. Instead of improving Octopus or extending mobile Smart Octopus, it looks like Hong Kong will invest in very slow and very dumb QR. The Hong Kong Economic Journal had this to say about the development:

MTR has set its sights on a major revamp of its fare collection system, accepting new electronic payments methods rather than just single journey tickets and Octopus Cards. From the passengers’ perspective, it means there will be no need to have an Octopus card on hand for a journey on local trains, if MTR’s new fare collection system supports all the mainstream contactless payment methods such as Visa payWave and MasterCard PayPass, or mobile payment means like Apple Pay, Samsung Pay and Google Pay.

Japan in the middle
TfL/Oyster and Transport for NSW/Opal, Octopus, EZ-Link are government held transit authorities, not private independent companies. Publicly run transit authorities are subject to politics and special interests like any government agency, this sometimes leads to poor decisions and short-term thinking.

Japan was fortunate that major transit players like JR East, are private companies with strong technology partners, like Sony and NTT Docomo. Out of this fortunate set of circumstances Suica was created and finally reached  the market in 2001 (a fascinating engineering story). Suica became the Japan IC Transit card template which evolved into the ubiquitous Japan Transit IC Mutual Use Association project for transit and e-money use. Mobile Suica was introduced in 2006 by NTT Docomo and now resides on the Apple Pay and Google Pay platforms.

The ubiquity and scale of interoperable transit IC cards sets Japan apart from all other countries. China copied the Japanese model for China T-Union but the cards cannot be used as e-money and have been upstaged by AliPay and WeChat Pay which, surprise, can be used for e-money and transit.

Japan occupies a very unusual middle ground between EMV contactless from the West and QR Codes from China, neither of which play well together. The scale of Suica provides the breathing space for Japan to pick and chose what works best for, and enhances their transit payment platform. The result is an incredibly rich and varied contactless payments market anchored around Suica and similar FeliCa prepaid cards.

Future trends
For every marketing report that predicts QR Code payments growing into a 70 billion USD sized market by 2023, someone else calls it nonsense because Suica is becoming the card for everything. In many ways Suica already is. MITI said it is investigating using QR Codes for small rural transit systems that cannot afford IC card systems. This loops back to TfL complaint that IC cards are expensive to issue and manage.

Low-cost QR Codes certainly make sense for lightly used rural transit operations but they have a fatal weakness: they don’t have plastic card versions that work anywhere and seniors prefer the simplicity of plastic, QR Codes require a high cost network connected smart device, an app and are strictly one way read with no offline processing.

JR East and Sony have announced that they will solve cost problems for rural transit and much more in early 2021 with Super Suica.


Update: Open Loop QR Code Security Risks
One issue that was in the back of my mind while writing this post was the privacy and security implications of letting AliPay inside with direct transactions on transit gates. Japanese customers are very sensitive about where and how transaction records are held and used but I have yet to see any security discussion in connection with Hong Kong MTR opening up transit gates to AliPay and WeChat Pay. QR Code transactions are very different from offline FeliCa Octopus transactions. Where and how does the QR Code transaction data from Hong Kong MTR transit gates get stored, does the Chinese government has access to it to gather intelligence from transaction and location records?

If there is one thing we do know about Chinese companies is that they do what they want when nobody is looking. Witness China Telecom spoofing the BGP protocol to poison internet routes and suck up massive amounts of American and Canadian internet traffic for intelligence analysis. If I was living in Hong Kong I would be concerned about the privacy implications of MTR going open loop with QR codes.

iOS 12 Apple Pay Wallet pulled a MIFARE and nobody noticed

The Apple Wallet Ponta card launch at LAWSON presents another dilemma: just what exactly is Apple using for iOS 12/watchOS 5 Apple Wallet Passes and Student ID cards? Student ID cards and Apple Wallet Ponta have the same device eligibility specs: iOS 12/watch OS 5 running on iPhone 6 and later/Apple Watch Series 1 and later.

You might assume that Apple Wallet Ponta is FeliCa but the eligible device list tells a different story. You might also assume that everything in Japan is FeliCa but this is also not the case. Doutor Coffee shops sell a handy little Doutor pre-paid card that is MIFARE and it works flawlessly side by side with FeliCa flavored Apple Pay Suica on the same NFC reader.

Altogether we have an interesting spec list for Student ID and Mobile Ponta cards.

  • The same eligible device specs that only support NFC A-B across all devices
  • Stored value
  • iOS 12 PassKIT NFC Certificates
  • Express Card capable
  • Local offline transactions

I’m calling it (again): the only technology that fits this profile (for Student ID cards but not Ponta) is MIFARE iOS 12 PassKIT Wallet passes are simply MIFARE. Only Apple could pull this kind of ‘under the hood thing’ off in iOS 12 without anybody suspecting and it neatly puts all the major NFC technology pieces on Apple Pay: EMV, FeliCa, MIFARE and China Transit.

Blackboard supplies the technology and backend services for Student ID cards on iOS 12. I contacted Blackboard PR to confirm if the card technology was FeliCa or MIFARE but did not receive an answer. However I did run across an interesting Blackboard press release from 2015 Blackboard and NXP Semiconductors Collaborate to Strengthen Campus Card Technology:

Blackboards’ push to adopt NFC in addition to their existing MIFARE-based solutions, back in 2012 showed incredible insight into the potential of this technology. The security, convenience and flexibility that NXPs NFC and MIFARE solutions bring truly reflect the student lifestyle. Now access to campus services can be simply enabled via a smart watch or smart phone.

Based on this and the fact that it came 2 years after a FeliCa demo of Blackboard Student ID cards with a rumored migration from FeliCa to MIFARE, plus the eligible device specs, my conclusion is that Student ID cards on iOS 12 are MIFARE HCE (Host Card Emulation) which is NFC-A.

Apple Wallet Ponta cards on iOS 12 are VAS protocol contactless passes outlined at WWDC18 , WWDC16, and in the Contactless Passes section of the iOS Security Guide:

Wallet supports the value added service (VAS) protocol for transmitting data from supported passes to compatible NFC terminals. The VAS protocol can be implemented on contactless terminals and uses NFC to communicate with supported Apple devices.

This is also NFC-A. Contactless passes have been around for a while on iOS but adoption has been slow. With iOS 12 PASSKit, Apple is encouraging developers to migrate from QR Codes to NFC contactless passes and hopefully lowering the NFC Certificate requirement bar a little. Part of the reason for the slow uptake is poor NFC reader support. LAWSON has a new POS system built around Panasonic JT-R600CR readers which are Apple Pay savvy and Apple Wallet Ponta cards only work correctly when you tell the LAWSON cashier to use “Apple Pay”.

Update: A highly trusted NFC engineering source contacted me that I got it partly wrong. The correction edit above explains that Wallet Ponta cards are Apple’s implementation of the VAS protocol and not MIFARE. Student ID cards are almost certainly MIFARE/PASSKit NFC Certificate Host Card Emulation (HCE), Apple has not publicly announced MIFARE support but it is the only technology compatible with Blackboard IC card formats that could power the express card features of iOS 12 student ID cards across all eligible devices. Research and confirmation efforts are ongoing.

Value Capture and the Ecosystem of Transit Payment Platforms

AppleInsider Daniel Eran Dilger’s very long editorial Apple Services and the ecosystem of value capture has an interesting bit at the beginning:

The term Value Capture applies to rail and transit operators that are given the rights to develop the land around their stations. America’s intercontinental train routes were developed by railroads that were deeded land along their planned rail lines. These plots were then sold off or developed, capturing some of the value added by the fact that that land was adjacent to the transportation service the railroad had built and was operating.

Today, while most of America’s current transit systems (from Amtrak to BART) are now on the brink of failure and are often in worse shape than what you find in third world countries—despite the high tax subsidies paid to sustain them—there are many examples around the world of public and private transit operators performing extremely well simply because they were given the rights to develop the land around their stations, leading to extremely lucrative revenue sources that sustain their operations and growth while they provide efficient transportation services to the public.

Dilger goes on to explain value capture in the App Store ecosystem but misses important transit connections with Apple Pay:

The most successful value capture transit model in the world is the Suica Transit Platform business model on full display at  Tokyo Station. The shopping experience both inside and outside the transit gate is mind-boggling (the Drip Mania coffee softcream is to die for if you can find it) as is the cash flow. If JR East offered business tours in English the waiting lines would look like the lines at Tokyo Comic Con. It’s very strange that other transit agencies around the world, ahem in the west, ignore studying the Suica Transit Platform business model.

Tokyo Station is the Suica card epicenter for transit (regular trains, Shinkansen, buses), shopping, and other services like vending machines and coin lockers. You can buy Shinkansen tickets on the go on your smartphone. Every single store register has a Suica reader and the payment choice is either cash or plastic credit cards but contactless payment is strictly Suica. That is not a problem because Inbound Apple Pay users can join the Suica fun.

There has been a lot of overblown media hand wringing that Japanese contactless payments usage rates are far below what they are in China and Korea, and the Japanese government hopes to raise contactless payment usage rates to 40% by 2025 over the current 20% rate. This “problem” is remarkably easy to fix: create an open shared mobile transit cloud infrastructure that follows the Japanese Transit IC Card Interoperability model. Get the big Japanese transit cards on mobile that unlock the commuter pass and loyalty point goodies associated with the plastic IC cards, and the problem is solved. It’s that simple.

If that cannot be accomplished the Japanese government could talk JR East into hosting everybody else’s transit card on the Mobile Suica cloud with agreeable terms for big and small players. A concept just like the recently released Apple Pay Mizuho Suica. With all the important transit cards on mobile wallet platforms, contactless payment usage rates in Japan would quickly skyrocket beyond 40%. I guarantee it.