Featured

The Secrets of iOS 15 Apple Wallet, a Review

iOS 15 Wallet is deceptive. The first impression out of the box is that nothing has changed much. It looks the same, it works the same. It doesn’t help that many of the new features won’t come until later in the iOS 15 life cycle and will be limited to certain users and regions. ID in Wallet for example is only due to launch in eight American states ‘late 2021’. Wallet keys for home only work on A12 Bionic iPhone XS and later while office and hotel key “device requirements may vary by hotel and workplace.” In Japan, Wallet home-office-hotel key feature mentions are missing altogether. The fine print reads like Apple is giving itself the biggest set of loophole opt outs ever, as if to say, ‘sorry, better luck later on.’

This is because Wallet key and ID cards are exactly like the Apple Pay launch in 2014 when the contactless payment infrastructure in America at the time was way behind Europe and Japan. The contactless transition has been bumpy, uneven and continues to plod along while stores have been slow getting their act together. Early Apple Pay adopters grew accustomed to hearing that classic gag line at checkout when things didn’t work right: “you’re holding it wrong.”

Wallet keys and ID will see a gradual measured uptake just like Apple Pay payment and transit cards. But unlike payment cards and transit cards, the reader infrastructure side of the equation for digital keys and ID cards is only just beginning. For some people it may be years before they have the opportunity to use digital key with their car, home or apartment. The initial use for Wallet ID, TSA security checks for domestic US air travel, represents only a small subset of a much wider future potential. How long will it be before state government services are fully equipped to read their own digital issue ID? And what about in-app ID checks, there’s huge but undeveloped potential there too.

Apple is leading the digital wallet transition for keys and ID as they did for payments when Apple Pay launched in 2014. Sure, there are others already doing it on a limited scale and Apple may be late to the party, but because Apple takes the time to make complex things easy to use and get it right, eventually it’s everywhere. Even without keys and ID, iOS 15 Wallet offers some deeply useful UI improvements that will remove a lot of frustration for all Wallet users. Let’s take a look.


New Add to Wallet UI
The new Add to Wallet screen with card categories is the gateway to new iOS Wallet features, it also solves long standing UI problems that confused users. The main categories:

  • Debit or Credit Card
    Add debit/credit, the same process we’ve had all along.
  • Transit Card
    The add Transit Card category is new and lists all available transit cards that support direct Wallet card add and Apple Pay recharge. Transit cards that can only be added and recharged via an app such as Portland HOP and Chicago Ventra are not included. Some transit cards on the list are somewhat deceptive. Hong Kong Octopus and China T-Union cards cannot be added without certain locally issued credit/debit cards but you only get the warning message at the very end of the addition process that aborts it. The only transit cards that anybody from anywhere can add to Wallet are: Suica, PASMO, SmarTrip, Clipper and TAP.
  • Previous Cards
    Previous Cards is a new category that appears only when needed. It shows cards, keys and passes that are attached to the user Apple ID but are not currently in Wallet.

The region-free Wallet
These seemly mundane UI tweaks are much bigger than they look. Before iOS 15, Wallet did not make a clear distinction between first time card issue (adding a card) and re-adding previous cards that were already attached to the user’s Apple ID. Adding cards to Wallet was also region dependent, that is to say users had to set the iPhone region to match the issuer region to add those cards. This has been a real pain for transit cards: Japan to add Suica, Hong Kong to add Octopus, America to add SmarTrip, Clipper or TAP.

Changing the device region is easy to do, but it’s not intuitive at all and bewildered users. It’s not uncommon for people to think that changing the region messes up the Apple Pay cards they already have making them unusable, or that a certain region setting is required to use a particular card.

Neither is true, but region-dependent Wallet was a big source of confusion that kept people from using great Wallet features and caused support problems, especially for transit card users. Do a Suica search on Apple Support Communities. The number one support issue is: I lost my Suica card, how do I get it back in Wallet?

The new UI fixes this problem by making a clear distinction between removing Wallet cards vs. deleting them. Wallet has a simple rule: removing a card added directly in Wallet does not delete the card. Cards added directly in Wallet (tapping “+”) and keys are a little special as they are hooked into the user’s Apple ID. This is easy to see in Suica App which displays the unique Apple ID/Apple Pay identifier for each Suica card.

The pain point was the inability to see what cards were still attached to their Apple ID sitting on the Apple Pay server when not in Wallet. Most people assume a card not is Wallet is lost forever, the classic ‘I lost my Suica’ problem described above. This happened all the time in pre-iOS 15 Wallet when the user signed out of Apple ID without realizing it or migrated to a new iPhone without doing Wallet housecleaning on the old device. Removed cards were always parked safely in iCloud but there was no easy way to see them. With Previous Cards and region-free Wallet, you always know where to find your Wallet cards.

Knowing exactly where your Wallet cards are, in Wallet or parked on the server, and how to really truly delete them from the cloud, makes using Apple Pay easier. When users understand that Apple Pay has their back, they trust and use it more. Trust is far more important than technology.

From now on the new rules are: removing a card only removes it from Wallet. Only the extra step of removing a credit/debit card from Previous Cards removes it completely from Apple ID. Stored value cards like Suica can only be deleted with the card issuer app.


ID in Wallet

iOS 15 devices
watchOS 8 devices
Launch states: Arizona, Georgia, Iowa, Kentucky, Maryland, Oklahoma, Utah

ID in Wallet is the biggest new iOS 15 Wallet feature, important enough that Apple announced details and launch states before the September Apple Event, which is unusual for a feature due “late 2021.” The press release clearly explains (but does not show) the exact process for adding and using an ID, and the some security details behind it. Carefully crafted screen images clearly illustrate that ID in Wallet does not show detailed personal information, not even a full name, only the ID elements that will be transmitted by NFC to the TSA reader. Like Apple Pay, users do not need to unlock, show, or hand over their device to present their ID, they simply authorize and hold to the reader.

ID Security and Privacy
It looks slick but there are lots of interesting things Apple has not shown yet, like the actual adding process, that will certainly be highlighted at the September Event. Apple is advertising high level security and privacy for ID in Wallet but there are device distinctions security concerned users will want to know about, specifically Secure Intent.

Secure intent, in a very loose sense, is the user action of confirming ‘yes I want this transaction to proceed’ by double pressing a button (Face ID and Apple Watch) or a long press (Touch ID). But there are important differences: by Apple’s official definition, Face ID iPhone and Apple Watch are secure intent devices, Touch ID iPhone is not.

Secure intent provides a way to confirm a user’s intent without any interaction with the operating system or Application Processor. The connection is a physical link—from a physical button to the Secure Enclave…With this link, users can confirm their intent to complete an operation in a way designed such that even software running with root privileges or in the kernel can’t spoof…A double-press on the appropriate button when prompted by the user interface signals confirmation of user intent.

The most secure ID in Wallet secure intent transaction is a double press button authorization action that tells the secure enclave, where your biometrics are stored, to release authentication to the secure element, where your ID credentials are stored, for the transaction magic take place. Apple: “Only after authorizing with Face ID or Touch ID is the requested identity information released from their device, which ensures that just the required information is shared and only the person who added the driver’s license or state ID to the device can present it.” There is no Express Mode for ID card nor would you want there to be.

There is another aspect to consider, one that Apple certainly won’t divulge: who manages and runs the backend centralized mobile ID issue service that plugs into Apple Pay servers. The direct in Wallet ID card add process demonstrates a high level of integration: “Similar to how customers add new credit cards and transit passes to Wallet today, they can simply tap the + button at the top of the screen in Wallet on their iPhone to begin adding their license or ID.”

We can get an idea of what’s involved on the ID backend from the Japanese Ministry of Internal Affairs and Communications (MIC) English PDF document: First Summary Toward the Realization of Electronic Certificates for Smartphones with a diagram of the digital ID system architecture for the Individual Number Card (My Number). MIC are in discussions with Apple to bring the digital My Number ID to Wallet. The Android version is set to launch in 2022.

There has to be a partner service company that sub-contracts mobile ID issue services to participating state governments…somebody that does the heavy lifting of linking various state database servers to provide a centralized card issuing service so that Apple can provide a seamless ID add card experience. But it must be an independent entity that can provide the same set of backend ID issue services to other digital wallet platforms (Google Pay, Samsung Pay, etc.) at some point. Because if it is not an independent entity providing those services, Apple is inviting more claims that Apple Pay is a monopoly. It’s a mystery worth digging into. Nevertheless, Apple is paving the way by integrating ID issue directly in Wallet that eliminates crappy 3rd party apps. It’s a huge effort that hopefully makes digital ID easy, practical and widely used.


Digital Keys and Power Reserve Express Mode
Home, office and hotel keys are the first new iOS 15 Wallet feature on launch day. Where is the Add to Wallet Key Card category? There isn’t one. Keys are slightly different and cannot be added (issued for the first time) to Wallet directly because the mobile key issuing company has to confirm user identity before giving the key. The most common way to add keys for the first time is with an app. From the Apple car key support page:

Open the car manufacturer’s app and follow the instructions to set up a key…Depending on your vehicle, you might be able to add car keys from a link that your car maker sends to you in an email or text message, or by following steps on your car’s information display.

Keys removed from Wallet can be re-added quickly via Previous Cards. According to the iOS 15 and watchOS preview page, keys appear to come in 2 basic varieties, sharable and un-sharable, device specs are different depending on the type of key.

  • Sharable keys
    • Car keys with Ultra Wideband
    • iPhones and Apple Watches equipped with U1 chip (iPhone 11 • Apple Watch 6 and later)

    • Car keys (NFC)
    • Home keys
    • iPhone XS • Apple Watch 5 and later
  • Un-sharable keys
    • Office key
    • Hotel key
    • Device requirements may vary by hotel and workplace

All keys work in Express Mode as keys, unlike ID, require Express Mode to be useful. iPhone XS with A12 Bionic powered NFC supports Express Mode Power Reserve, a huge performance difference from previous Apple Silicon. The extra 5 hours of power reserve key access with a drained iPhone battery are crucial and it’s understandable why Apple set iPhone XS as the base iPhone for using car and home keys.

There might be conditions for office and hotel keys depending on the key issuer. In Japan for example iPhone 6s, iPhone 6s Plus, iPhone SE (1st generation) cannot be used for FeliCa based key access, hence the ‘device requirements may vary’ tag.

One more issue here is that mobile key issue is a complex process for hotels, and one assumes offices as well, that requires an app with an account to securely issue a mobile key with set limitations (time, area, etc.).

It’s important to note that issuing digital keys is only one step of the complex process that allows guests to bypass the front desk. Apple’s announcement certainly does not spell the end of the hotel app as we know it…

It’s a big step toward streamlining a process that has, until this point, prevented many guests from using their phone as a digital room key. But, Wallet only solves one segment of the end-to-end operation required to get a guest checked in and room access issued. The bigger issue is connecting identity with access, which requires many more steps beyond issuing a key.

How Apple’s Newest Features Will Affect Hotel Check-in

Pairing an identity with access is the core issue of key issue. If I had a crystal ball to read, I might see a future where your ID in Wallet is the only confirmation needed to add a key directly in Wallet, no apps. It would be nice if things turned out that way over time. Perhaps that is one of Apple’s goals for releasing home-hotel-office keys and ID at the same time.

Wallet expansion and housekeeping
The last improvement is that iOS 15 Wallet now holds up to 16 cards. The previous limit was 12 cards (8 cards for pre-A11 iPhone). The limit is defined as cards that use the secure element for transactions: payment cards, transit cards, keys, and ID. Passes don’t count and used passes are automatically cleared and stored in the new archived passes category. One hopes Wallet will do similar housekeeping for expired hotel keys in later iOS 15 releases.

The expansion seems trivial but 4 more parking spaces in Wallet garage is a godsend not only for card otaku but also for regular users who already have lots of payment and transit cards. The housekeeping changes are appropriate and timely, going forward we’ll all be adding car, home, office, and hotel keys along with our driver’s license to an ever growing Wallet.

UPDATE
An earlier edit of this post incorrectly stated that watchOS 8 Wallet did not support hotel and office keys (they were not listed on Apple’s watchOS 8 preview page but mentioned on a separate PR release). Apple PR reached out to me regarding the error and has been corrected.

Last updated 2021-09-15

iOS 15 Apple Pay Wallet preview: the Express Mode difference

Express Transit Suica ruins the Apple Pay experience for using anything else. You want Apple Pay to work that way everywhere but it doesn’t. Most of the time we trudge along using Apple Pay Wallet with face mask Face ID authorization, although the Apple Pay experience on Apple Watch is a big improvement as well as being a trusted device for secure intent.

iPhone users in America are finally getting a taste of Express Transit en masse with the 2020 rollouts of Apple Pay for SmarTrip, TAP, Ventra and Clipper. Apple recently rebranded Express Transit as Express Mode on their new Wallet webpage (in Japanese it’s called Express Card). The branding change may seem trivial but it has bigger implications for first time users of new Wallet services in iOS 15, Express Mode goes places that Express Transit cannot: digital keys and digital ID.

These functions are not new of course, Express Transit cards and Student ID cards have been opening transit gates and doors these past few years. But Express Mode is for everyone and personal: your keys and badge to unlock your home door, unlock and start your car and get you into the office. With these refinements and additions it’s safe to say that iOS 15 Wallet finally delivers the digital wallet dream people have been talking about since 2010. Wallet can replace your wallet.

What’s new
Last year I covered ‘coming soon’ Ultra Wideband Touchless and Code Payment (codeword Aquaman) Wallet developments. The Code Payments feature is still waiting in the wings. Steve Moser kindly confirmed that Aquaman code references are alive and well in iOS 15 with minor changes but this post will focus on announced features. In the WWDC21 Keynote Apple Pay section Jennifer Bailey announced keys and ID. The Wallet features you get from the ones listed on the iOS 15 preview page depend on the device:

Car keys with Ultra Wideband support (shareable)
iPhones and Apple Watches equipped with U1 chip* (iPhone 11 and later, Apple Watch 6)

Car keys without Ultra Wideband support (sharable)
Home keys (shareable)

iPhone XS • Apple Watch 5 and later*

Office key
Hotel key

Device requirements may vary by hotel and workplace.”

ID in Wallet
iOS 15 devices
watchOS 8 devices (the fine print: Not all features are available on all devices)

None of the new features will be available when iOS 15 launches. Expect them with the iOS 15.1 update or later. NFC Car keys launched on iOS 13 and iOS 14 in 2020.

The A12 Bionic • iPhone XS and later requirement for Wallet keys is easy to understand: Express Cards with power reserve. A12 Bionic (and later) powered NFC bypasses the iOS overhead with a direct connection to the secure element. It is vital that people can unlock car and home doors even when their iPhone battery is out of juice. Up to 5 hours of power reserve makes a huge difference, but only for iPhone. *Apple Watch supports Express Mode but not power reserve.

The bigger story is UWB because it is new technology that works with the Secure Element to create a whole new experience. Up to now the Secure Element was exclusively NFC. Not anymore, the Car Connection Consortium (CCC) Digital Key 3.0 specification “maintains support for NFC technology as a mandatory back-up solution.” Digital car key is first and foremost a UWB solution with NFC relegated to the back seat.

UWB connectivity adds hands-free, location-aware keyless access and location-aware features for an improved user-friendly experience…

3.0 addresses security and usability by authenticating the Digital Key between a vehicle and the mobile device over Bluetooth Low Energy and then establishing a secure ranging session with UWB, which allows the vehicle to perform secure and accurate distance measurement to localize the mobile device.

Car Connectivity Consortium Delivers Digital Key Release 3.0 Specification

NTT Docomo and Sony demonstrated UWB car keys in action last January running on Android Osaifu Keitai hardware. Sony (FeliCa) and NXP (MIFARE and UWB chipsets) have worked closely to extend both FeliCa and MIFARE into the UWB Touchless era. The CCC Digital Key specification is open to any Secure Element provider. UWB + Bluetooth Low Energy (BLE) is simply another radio communication layer in addition to NFC.

Diagram from Car Connectivity Consortium (CCR) Digital Key 2.0 White Paper, the recently released 3.0 spec adds UWB
Mobile FeliCa UWB Touchless diagram from NTT Docomo, NXP MIFARE works exactly the same way

This is significant as it opens up UWB to anything that currently uses the Secure Element and NFC. Apple has not spelled it out but suggest UWB might work with Home keys and there is no reason UWB cannot work with all keys, transit cards and Student ID. The WWDC2021 session video Explore UWB-based car keys is a great introduction and highly recommended viewing if you have any interest in the subject. The session is a bit unusual in that the discussion covers RF hardware and performance design more than software. It feels like the target audience is car manufacturers. There is a lot of detail to get lost in but here are some simple but essential points:

Secure Element improvements: the SE has always used unique keys for mutual authentication, this has been extended with ranging key deviation

Secure communication at a distance: UWB and BLE identifier randomization with secure ranging is an important security feature as UWB Touchless works over much greater distances than NFC reader tapping

Zones: the precise motion and positioning tracking of a paired UWB device with a unique key allows for ‘passive entry’ action zones, walking towards the car unlocks it, walking away locks it, etc. without any other user interaction

RF transceiver and antenna system design: is a deep and difficult art that echos the Suica creation story

JR East (Suica) and Hong Kong MTR (Octopus) have both said they are developing transit gates that incorporate UWB. This makes sense as Mobile FeliCa is now UWB savvy but after watching the WWDC21 session video I can only marvel at the complexity of the big picture because UWB is about mapping and using space and movement to perform an operation.

The engineers face countless problems and challenges to juggle in their quest to build a transit gate that delivers the same FeliCa NFC speed and reliability with UWB…at rush hour. They have to consider radiation patters, system latency and processing power, localization algorithms and much more. If they achieve their stated goal, 2023 could be a very interesting year for transit.

ID in Wallet
Lots of people are excited about the possibility of adding a digital driver’s license to Wallet but as 9to5 Mac’s Chance Miller wrote, we don’t know much about about it at this point. Actually in Japan we do. The Ministry of Internal Affairs and Communications (MIC) released an English PDF: First Summary Toward the Realization of Electronic Certificates for Smartphones with a diagram that explains their digital ID system architecture. MIC remarked back in November 2020 that they are in discussions with Apple to bring the digital My Number ID card architecture to Wallet. The Android version is due to launch in 2023 and will likely employ the Mobile FeliCa Multiple Secure Element domain feature described by FeliCa Dude (FeliCa using NFC-B instead of NFC-F). A similar basic architecture with different protocols and issue process will undoubtedly be used for adding digital drivers licenses.

The Privacy question
I’ll be very interested to see how ID launches in America this fall. Which outside partner company or companies are providing the service to participating states and running the backend? I suspect it will be something similar to Student ID with Blackboard running the service for participating universities. The biggest security question in my mind is who besides the TSA will use ID in Wallet, and more importantly, how? Some governments and transit agencies are pushing face recognition as a convenience in addition to security. My preference will always be for having my ID on my own Secure Element rather than somebody’s cloud server, an ID that I authorize with my own secure intent.

Wallet UI and usability improvements
Wallet App didn’t get the makeover that some users asked for, but there are are a few small improvements. Up to 16 cards can be added in iOS 15, up from 12 in iOS 14. Archived passes and multiple-pass downloads help make Wallet more useable and remove some housekeeping drudgery.

I finally got two WWDC19 Apple Pay Wallet wishes granted: (1) dynamic Wallet cards and (2) region free transit cards. Apple Card does UI things in Wallet no other card is allowed to do. As far as I know this first changed with Disney’s MagicMobile launch on iPhone, Jennifer Bailey calls them “magical moments when you tap to enter.” There are similar low-key card animations in Home key and ID cards. It’s a very small step but I hope Apple adds more over time than just sprinkling seasoning card animations. Done wisely, dynamic cards could improve Wallet usability that convey important card status and account information.

Wallet card animations are slowly making their way into the picture, but will they ever be more than silly pretty fun?

Region free transit cards means that users no longer have to change the iPhone • Apple Watch region setting to add a transit card. In iOS 15 Wallet you get the full list regardless of the region setting. It’s not perfect but it is less confusing than adding a transit card in iOS 14.

Summary
The overall reaction to iOS 15 has been somewhat muted but there are lots of new details. Apple Pay Wallet additions for home keys, office key, hotel key and ID build on technologies that have been on the Apple Pay platform for some time but Apple is leveraging them in new ways.

The unveiling of UWB Touchless is important and cutting edge, that might revolutionize secure transactions. The next step not only for car keys but for transit and other services that up to now have been limited to NFC. And this time, unlike NFC, Apple is leading the way for UWB.

The bottom line is that UWB opens up a lot of possibilities for many current NFC based solutions. Expect UWB Touchless support for Wallet cards in the near future that use Express Mode in new ways, and new UWB based features for a much smarter Wallet.


UWB Gallery
Screenshots from the Explore UWB-based car keys session video

Zones
Zones are is one of the exciting aspects of UWB Touchless, where functions are triggered by the simple act of walking towards or away from the car. It will be interesting to see how this is applied to UWB Touchless transit gates.

Space and movement: the UWB process

Last but not least, Power Reserve mode now supports Find My Network

UWB Touchless Express Transit and Apple Pay for iOS 15?

A recent sudden surge of hits from Hong Kong accessing my December 2019 UWB Touchless Mobile FeliCa post seemed odd. I dug around and it appears that Hong Kong MTR, like JR East, is making noises about incorporating UWB technology in next generation transit gates.

iOS 14.5 added a new PassKit call for Bluetooth and the U1 chip integration since iPhone 11 and Apple Watch 6, coupled with global FeliCa support certainly puts Apple ahead of the game. I have no idea what WWDC21 will deliver but more UWB integration is a given.

Apple only mentioned UWB Touchless at WWDC20 in connection with digital car key without showing anything because the Car Connectivity Consortium Digital Key 3.0 spec was a work in progress. Now that the spec is in-place with BMW said to deliver car models incorporating UWB Touchless this year, will Apple show it in action? I think it’s highly likely, but since Car Key is a ‘Wallet Card’, and Wallet app Express Cards come is 3 types: Transit, Student ID, and Car Key, the more interesting question is…will Apple also show Touchless Transit and Student ID Express Cards? And what about Apple Pay?

People think Touchless is a completely new thing for ‘keep smartphone in pocket’ transactions, and they worry about security. You can’t blame them because marketers are selling the in-pocket payment experience. However, Touchless is simply long distance NFC without NFC. All UWB Touchless does is describe the frequency to use Bluetooth instead of NFC. The background stuff, secure element and so on, is exactly the same. This means user interaction is the same. For walking through transit gates and security doors, or unlocking your car, the convenience of Touchless is easy to understand: no more NFC tapping, just keep moving.

What about Express Card payments? The current Apple Pay Suica payment checkout experience: the user taps Suica on a touchscreen, or tells the clerk “Suica” then holds the device to the reader. The user has to give consent before the transaction is activated by checkout staff or the self checkout reader. For Apple Pay EMV transactions users have the extra step of confirming a transaction by Face ID/Touch ID to complete it.

Realistically however, in what situations does Touchless make store checkout more convenient and faster? Drive thru certainly, supermarkets…maybe, but most stores will probably not want to invest in Touchless without a good reason when the NFC readers they already have installed get the job done. There is one more interesting role that Apple has planned for UWB however, one that promises to improve the entire Apple Pay and Wallet experience: communicating with the reader before transaction to select the right Wallet card for the job, at a distance, for a truly smart Wallet app. With national ID cards, passports and more coming to Wallet at some point, UWB could be the Wallet reboot we really need.

And then there is EMVCo. The problems with UWB Touchless for EMVCo are that: (1) Touchless only works with devices with batteries, á la AirTag, and doesn’t work with the current plastic card model, (2) UWB + Bluetooth level the digital playing field with FeliCa and MIFARE, no more ‘real’ vs ‘who cares’ NFC hardware flavors to split hairs over. The plastic card NFC limitation is probably a bitter pill for everybody but especially for EMVCo members and issuers as plastic card issue is big business, and many customers are more comfortable with plastic cards. For those reasons I think EMVCo will be the last to support UWB Touchless, if they do at all. On the plus side Touchless does give digital wallet platforms an edge to create smart aware wallets, digital does NFC and Touchless, plastic only does NFC. We’ll find out about Apple’s UWB Touchless roadmap at WWDC21.

Contactless Payment Turf Wars: EMV closed loop transit dumb cards

  1. Contactless Payment Turf Wars: Transit Platforms
  2. Contactless Payment Turf Wars: PiTaPa Pitfalls
  3. Contactless Payment Turf Wars: Why Oyster is missing from mobile
  4. Contactless Payment Turf Wars: Tapping the potential of TAP
  5. Contactless Payment Turf Wars: Apple Card and the Prepaid Innovation of Apple Pay Suica
  6. >Contactless Payment Turf Wars: EMV closed loop transit dumb cards

Prepaid transit smart cards are micro bank accounts on a card. What started as plastic in the mid 1990’s first transitioned to the cloud based mobile digital card era with Mobile Suica in 2006. Transit cards on mobile digital wallets are much more powerful and malleable than their plastic forebears, and occupy a coveted position in the mobile payments market. Credit card companies and banks spend enormous resources and effort to capture this transit fare business.

Background
Many smart cards use FeliCa and MIFARE. The technology has been on the market since 1994 and one of the reasons for platform popularity and longevity are the rich application development environments they offer (Calypso is also popular but limited to transit applications).

Developers can design a card architecture as ‘smart’ (like Suica) or as ‘dumb’ (like iD) but they are all smart cards because they contain an IC chip. In Japan FeliCa powers not only company ID cards, but also transit cards (Suica, PASMO, etc.), bank payment cards (iD, QUICPay) and rechargeable prepaid eMoney cards that anybody can buy and recharge at convenience stores (WAON, nanaco, Edy). Mobile FeliCa has been in place since 2004.

Smart/Dumb card architecture depends on use case, system processing cost efficiency and need. In a transit fare system, a dumb card use case is slower centralized processing, like waiting at the store checkout for card verification to clear. A transit smart card use case is instant locally processed stored value to keep people moving through the gates because centralized processing isn’t up to the task. This is why transit cards have used the stored value local processing model…until now.

Open Loop 1.0
EMV contactless credit cards arrived on the payments scene starting in 2007 but uptake was slow. Since EMV contactless uses the same NFC A as MIFARE based transit cards, the big EMVCo members (VISA, Mastercard, American Express) came up with a great marketing idea: use EMV contactless credit cards as a transit card. Thus EMV open loop transit was born.

EMV Open Loop 1.0 transit that debuted on Transport for London (TfL) Oyster system in 2014 filled mutual needs for TfL and bank card companies. Despite the success of Oyster, TfL wanted to reduce plastic card issue and management costs:

The current Oyster system, though very popular, is expensive and complex to administer. Contactless bank cards use existing technology, responsibility for issuing cards would lie with the banks rather than TfL, and the operating costs should be lower.

The Future of Ticketing London Assembly (2011)

In 2017 there was a push to nudge people away from their Oyster cards and towards contactless. One announcement rang out all over London’s tube stations: Why not use your contactless bank card today? Never top up again, and it’s the same fare as Oyster.

How Long Does The Oyster Card Have Left? Londonist (2018)

Using bank cards in place of MIFARE Oyster cards accomplished that and because MIFARE was late to the mobile party TfL management decided decided their mobile strategy would be Apple Pay and Android Pay EMV card support. Meanwhile the bank card companies captured transaction fees from mundane transit fares at the gate, got the benefit of using the float instead of TfL, and got people into the habit of using credit cards for tiny purchase amounts. Our parents thought buying coffee with a credit card instead of small change was ridiculous because credit cards were reserved for ‘serious purchases’. Not anymore.

TfL Open Loop was judged a big success and got rave reviews from tech journalists around the world who hailed it as the future of transit ticketing: time to dump those proprietary transit smart cards and go all in with ‘open standard’ EMV open loop if you want the latest and greatest transit fare system. This gave transit agencies and the governments that run them the wrong idea that EMV is a cure all transit fare system solution.

1.0 shortcomings
The problem is that EMV is not an open standard, it is owned and managed by the proprietary EMVCo that is wholly owned by the major credit card companies. EMV is a ‘one size fits all’ payments technology created for the needs of credit card companies and banks. It was never designed as a transit fare solution and will never evolve to incorporate transit needs. Experts agree:

A universal truth is that each transport market is highly unique. While EMV may be the best solution for some, the reality is that a standardized deployment of this model is not best suited to everyone.

Transit systems shouldn’t confuse open loop pay with EMV

The U.S. has been a tough market for transit agencies to deliver successful open-loop systems into, as banks have not been in step with these ambitions.

Is now the time for open-loop transit in the United States?

There is no escaping the basic reality that EMV is a slow dumb smart card. It works well for what it was designed for: store purchases where card transaction latency is not a problem while the checkout terminal communicates with the bank system that has your account information.

Transit fare systems don’t have your bank account information on file, and there are limits with what the backend transit fare system can do when an anonymous bank card number appears on gate reader where long transaction latency is unacceptable. There are tradeoffs: the card gets verified but the transit bill gets settled long after the transit. This is why EMV open loop 1.0 only works for simple or flat fare structures. The result was a 2 layer fare system on London Oyster, Sydney Opal and Chicago Ventra:

  • Plastic and digital EMV open loop dumb card with basic fare transit for users with approved bank cards
  • Plastic transit MIFARE smart cards covering all fares including special fare discounts, commuter passes, etc., for everybody else

Oyster, Opal and Ventra wanted to add mobile support across the board but this meant supporting EMV and MIFARE. All of these are managed by Cubic Transportation Systems who worked with the bank card companies and came up with a new product to solve the dilemma: EMV closed loop transit dumb cards.

Open Loop 2.0
Apple Pay Ventra is this new EMV closed loop mobile transit card product, the launch gave us a first glimpse of the 3 layer fare system:

  • Plastic and digital EMV open loop dumb cards with basic fare transit for users with approved bank cards
  • Digital EMV closed loop dumb cards that cover regular fares and commute passes with special fares to be added later
  • Legacy plastic MIFARE transit cards for everybody else

It’s still a mixed EMV and MIFARE environment but MIFARE is limited to legacy plastic transit cards that can be bought with cash at station kiosks. But we can be sure that MIFARE will be phased out at some point.

The Apple Pay Ventra model is being used for digital Opal trials on Apple Pay and Samsung Pay, and is on tap for digital Oyster and digital OMNY. A basic outline:

  • The transit card is actually a EMV Mastercard prepaid debit card issued by 3rd party bank
  • The Mastercard as transit card is ‘closed loop’ and can only be used for transit and nothing else
  • The user must create an account to use the digital card. The transit account and prepaid/debit information is centralized and managed by the card issuer, nothing is stored value
  • All digital transit card management and housekeeping (adding or transferring cards, recharge, checking the balance, etc.) must be done in a separate app (Ventra App, Opal App, etc.), nothing can be done directly in Wallet
  • Express Transit is not part of the native EMV card architecture and has to be added as part of broader open loop support on the backend fare system by the operator and Apple, this is why Express Transit is missing in the initial test phase of digital Opal: the current Opal fare system does not support it

As this is an EMV bank card dressed up as a transit card, it is still limited by EMV card architecture and bank card network protocol. In place of local stored value it uses the bank card account model. On mobile this means all card housekeeping is in the app, users can’t create, transfer or recharge transit cards directly in Wallet like Suica, PASMO, SmarTrip or TAP. Direct reload/recharge in Wallet is not supported because the EMV format itself does not support local stored value. Apple Watch users can’t recharge EMV transit cards without the iPhone app. And like all cloud dependent services everything stops when networks goes down.

Mobile Suica does an excellent job of balancing and combining the strengths of local processed stored value performance, usability and reliability with the power of cloud attached services. It’s the gold standard of what a transit payment platform on mobile can achieve: leveraging transit card micro accounts to attach services and build business instead of giving it away to banks. Digital Opal testers familiar with Suica notice the difference and missing features:

Open Loop 3.0?
For centralized cloud proponents, including Junya Suzuki, the ultimate dream is having one cloud based account using facial recognition for all payment and transit needs. Cubic and centralized account proponents are already looking to speed up London transit gates beyond slow EMV card technology with barrier free face recognition transit gates:

according to CUBIC…their ‘fastrack gateless gateline’ concept, which is currently conducting small user testing, eliminates physical barriers to form an extended corridor-like gateway that between 65 and 75 users can walk through in a minute, whilst their faces are being scanned and synced for payment with their smartphones

Facial recognition to be your future ticket on the London Underground

The joke here is that, (1) JR East achieved those over 60 people per minute walk through levels with FeliCa based Suica cards and open barrier transit gates long ago, (2) the COVID face mask era is a huge challenge for face recognition systems, (3) Touchless transit, Express Transit on steroids, is already in the works.

Personally I think the Ultra Wideband Touchless approach that leverages personal biometric authentication from the user’s smartphone secure enclave instead of having it hosted on somebody else’s cloud system is the safer and more practical way to go. Privacy advocates will agree.

Speed is safety
Tap speed matters more than even in the COVID era

The next installment of the Contactless Payment Turf Wars
If nothing else closed loop EMV transit dumb cards reveal how bankrupt the ‘open loop is open’ argument really is. All Cubic and the card companies did was swap MIFARE for EMV, neither of which are open. And tap speeds are slower than ever with EMV the supermarket checkout protocol, so now we need Face ID transit gates to speed things up.

It’s fake debate. The real debate is online centralization for fare processing where everybody is forced to have a mobile account whether they need it or want it or not. And once everybody is forced to have an account to use transit the next step is forcing facial recognition.

The short term lesson here is that when transit agencies let banks and card companies run the transit fare concession they will never be free of them: there’s too much private money to be made off of running the backend services attached to public infrastructure. The long term lesson is that the mobile digital wallet solutions for Ventra, Opal, Oyster and OMNY are not about transit user convenience and all about convenience for misguided transit operators and their subcontractors.


Reader Questions
Instead of answering questions or comments via Twitter etc., I’ll answer here for the benefit of all readers.

Q: Not being able to recharge within Apple Pay has nothing to do with EMV vs. stored value though, right? If anything, that should be easier (just move money between accounts).

A: It’s true that MIFARE stored value transit cards such as HOP Fastpass force users to recharge via the app. The point of the piece is that EMV transit card features are defined by the EMV format, bank card protocols and how it’s all implemented on digital wallet platforms. In short, bank issuers control the feature set on the backend. I have yet to see a recharge button on any EMV prepaid card in Apple Pay Wallet, I suspect we’ll always see most operations limited to bank issuer apps, even for transit.

C: The open loathing of banks and credit card companies is honestly quite nauseating (but understandable, considering what Japanese banks are like, apart from the credit card companies).

A: Banks and card companies have an important place in transit, but card company ‘one size solves all’ open loop marketing is misleading and profitable mischief. A good transit fare system is all about balance, flexibility and incorporating innovation such as mobile wallets, for the benefit of transit users and safe operations. Bank cards for example are a wonderfully convenient recharge backend, this is where they shine and add real value to the transit user experience.

But swapping out a native transit fare system with an outsourced bank card account system and tech package that the transit company doesn’t ‘own’ is asking for trouble. How much is the long term cost when it doesn’t solve everything as promised? Who really benefits: the transit user, the transit company, or the system partners and consultants?

These are the questions I think people should be asking and discussing. Hopefully my posts outline the issues clearly so people can discuss them to find the best fit long term solution based on local transit region conditions.

C: Looks like Apple/Google Pay presents the card as a debit card to eligible terminals, which would explain why physical cards can’t be used in their current form.

A: Yes the NSW Transport Minister calls it ‘cross-pollinating platforms”: NSW government set to announce the trial on Tuesday, which will begin mid-year and run until December. Commuters will be able to pay for Uber, Lime Bike, Ingogo Taxi or Manly Fast Ferry with their digital Opal card.

2 NFC Antennas for iPhone 12

New iPhone specs are always fun to compare and analyze. On the NFC front we have a few changes in iPhone 12. NFC is now listed twice, first in the Cellular and Wireless section as “NFC with reader mode,” and again the MacSafe section as “Accessory Identification NFC.”

The keynote also shows NFC twice: once using iPhone 12 to unlock a door and again in the MagSafe section as a ‘single-turn coil NFC.’ So there we have it: the good old Apple Pay NFC antenna with embedded Secure Element for transactions where it has always been on the top of iPhone, and a new MagSafe NFC antenna for tag reading MagSafe accessories on the back that doesn’t need a secure element for card emulation transactions and might incorporate the NFC Forum Wireless Charging Specification. Hopefully Apple will release MagSafe developer documentation later on so we can find out. Some users wondered if the new MacSafe NFC would interfere with 3rd party card cases and using Apple Pay, but this doesn’t seem to be the case, no pun intended.

The NFC Forum Specification includes wireless charging but it’s not clear if MagSafe includes it.

What about ‘NFC with reader mode’? This is just the new name for Background NFC tag reading which was listed in previous models that have all been updated to the new name. Another welcome addition is the return of Suica (removed in the iPhone SE Apple Pay section) along with the just released Apple Pay PASMO mention in the iPhone 12 JP Apple Pay specs.