Apple Pay Express Transit arrived on the Transport for London system over the weekend, some 6 months after it was announced. The other 2 remaining Apple Pay Transit cards announced for later this year are Chicago Ventra and Hong Kong Octopus. I already wrote about Octopus not launching this year. The Ventra odds seem a little better. On the bright side Ventra is run by Cubic, the same folks who operate the TfL and New York OMNY systems and already have EMV Apple Pay Express Transit support up and running. Also the Ventra Chicago Twitter account did mention Apple Pay Ventra as ‘coming later this year’ in a Nov 30 tweet.
On the not so bright side, Apple Pay Ventra is the native MIFARE transit card, the first native transit card that Cubic has ported to a digital wallet and a big complicated transit system at that. Nevertheless, Ventra is telling users that Apple Pay is coming this year. Let’s hope for a successful 2019 launch in the next few weeks.
The German law to force Apple to open it’s “NFC chip” is a confusing one. Why does an EU country with one of the lowest cashless usage rates single out one company’s NFC product in a last minute rider to an anti-money laundering bill? That’s not banking policy, it is politics. Details are few but let’s take a look at what it could mean because when it comes to NFC technology, details are everything.
Background stuff The so called Apple ‘NFC chip’ is not a chip at all but a hardware/software sandwich. The Apple Pay ecosystem as described in iOS Security 12.3 is composed of: Secure Element, NFC Controller, Wallet, Secure Enclave and Apple Pay Servers. On one end is the NFC chip controller front end that handles NFC A-B-F communication but does not process transactions, on the other end there is the Secure Enclave that oversees things by authorizing transactions. The fun stuff happens in the Secure Element middle where the EMV/FeliCa/MIFARE/PBOC transaction technologies perform their magic with Java Card applets.
The A/S Series Secure Enclave and Secure Element are the black box areas of Apple Pay. The iOS Security 12.3 documentation suggests the Secure Element is a separate chip, but Apple’s custom implementation of the FeliCa Secure Element, and the apparent ability of Apple to update Secure Element applets to support new services like MIFARE in iOS 12 suggests something else, but it is anybody’s guess. Apple would like to keep it that way.
So what does ‘open NFC’ really mean? It’s helpful to look at the issue from the 3 NFC modes: Card Emulation, Read/Write, Peer to Peer.
Peer to Peer Apple has never used NFC Peer to Peer and I don’t think this is a consideration in the ‘open NFC’ debate.
Card Emulation Apple limits NFC Card Emulation to Apple Pay Wallet with NDA PASSKit NFC Certificates. This is what the ‘open NFC’ debate is all about. I imagine that German banks and other players want to bypass the PASSKit NFC Certificate controlled Apple Pay ecosystem. Instead, they want open access to the parts they want, like Secure Element, NFC Controller, Secure Enclave, and ignore the parts they don’t want like Wallet and Apple Pay Servers. They want the right to pick and choose.
The success of Apple Pay has been founded on the ease of use and high level of integration from a massive investment in the A/S Series Secure Enclave and other in-house implementations such as global FeliCa, etc. Outside players forcing Apple to open up the Apple Pay ecosystem represent not only a security risk to Apple but also a reduced return on investment. One commentator on MacRumors said it’s like Apple took the time and expense to build a first class restaurant and outsiders are demanding the right to use Apple’s kitchen to cook their own food to serve their own customers in Apple’s restaurant. It’s a fair analogy.
The NDA PASSKit NFC Certificate gate entrance rubs bank players the wrong way as they are used to giving terms, not accepting them. The Swiss TWINT banking and payment app for example is a QR Code based Wallet replacement that wanted the ability to switch NFC off, and got it.
My own WWDC19 Apple Pay Wish List did include a wish for easier NFC Card Emulation, but nothing appeared. It’s certainly in Apple’s best interest to make it as easy as possible for 3rd party developers to add reward cards, passes, ID cards, transit cards, etc. to Wallet. However given that the EU is hardly what I call a level playing field, the fact that bank players and politics go hand in hand in every nation, and the fact we don’t know the technical details of what the German law is asking Apple to do, all we can do is guess. In general, I think Europe will be a long rough ride for Apple Pay. At least until EU bank players get deals they are happy with.
Hacker News and Reddit have very different user audiences but each have their share of ‘my experience is the world’ navel gazers. This is a plus: the comments are fascinating to read. The Andreessen Horowitz site posted a piece by Avery Segal, Remember QR Codes? They’re More Powerful Than You Think. Somebody posted it to Hacker and somebody else posted a link to my Transit Gate Evolution piece in the comments. I think it’s hilarious and insightful that somebody can look at the same QR code transit video in the piece and write, “The QR code video shows a ton of people going through the turnstiles quite fast.” A ton? Fast? I guess the commentator never experienced rush hour Shinjuku station gates.
Segal’s piece is a simple Mainland China travelog highlighting all the things people can do with a WeChat/Alipay account and WeChat Pay/Alipay integrated QR Code smartphone apps there. There is very little analysis and the opening paragraph reads more like PR, which it probably is. After all, Andreessen Horowitz is a venture capital firm though I can’t figure out if Segal is trying to sell WeChat/Alipay or QR.
Companies in the US have been slow to adopt QR codes, but those who dismiss them as having “been around forever but never taken off” underestimate their wide-ranging potential. Camera-based solutions like QR codes (or facial recognition, for that matter) can make traditionally clunky user experiences seamless and intuitive. QR codes connect our online identity to the offline world, allowing users to essentially log in to physical locations—and bring their data with them. This delivers a number of benefits: brands learn user preferences, while customers gain a more tailored and social experience, as well as perks like automatic loyalty programs built into every transaction.
The Hacker News crowd discusses the pros and cons of QR vs NFC, but I think that they along with Segal completely miss the point: it’s not the technology, it’s the service layers built on top of it and how well they integrate that really matters. Actually it’s the only thing that matters.
The Suica example. FeliCa is great NFC technology but nothing great by itself: the Suica card format built with FeliCa, the nationwide Transit IC card inter-compatibility built around the Suica card format, the Transit IC eMoney standard built on top of that, Mobile Suica, Apple Pay…each new service layer builds on the previous layers and adds value to the whole. The value is the quality of integration, a sum greater than the total of parts.
China is a very different country and transit infrastructure isn’t a business. I’m sure that Alipay and WeChat Pay were allowed on host their QR code services on ‘public infrastructure’ because it also benefits the Chinese Communist Party in some way and helps the CCP steer society where it thinks it should go.
There is another important aspect that Segal and the Hacker crowd fail to see or discuss: central processing vs. local processing. The whole point of Transit Gate Evolution was explaining the Apple Pay Suica secret: a great local processing front-end (FeliCa/NFC-F/Suica) integrated with a great central processing back-end (Mobile Suica + Apple Pay EMV credit/debit cards). Segal assumes that central processing is everything and that the internet, mobile networks and cloud services are always going to work everywhere 100% of the time. They don’t.
The on again, off again iPhone SE2 is on again now that Delphic oracleanalyst Ming-Chi Kuo has checked in. As I wrote before, the iPhone/Apple Watch 2019 lineup is now entirely global NFC. The price cuts are great but there needs to be a lower priced entry model below the iPhone XR with:
Touch ID that removes the Face ID face mask problem in markets like China and Japan. This issue is a constant blind spot in the western tech press ‘In-screen Touch ID vs Face ID’ debate.
A13 Bionic powered Secure Element + global NFC for Express Card with power reserve and Background NFC tag reading
Cheaper battery friendly Haptic Touch instead of the more expensive battery hungry iPhone 8 3D Touch.
There kind of device is perfect for the Japan and Hong Kong markets:
The rumored A12 chip iPhone SE2 may well be pie in the sky, but that doesn’t mean that there isn’t market appeal for an inexpensive global NFC iPhone for places like Japan and Hong Kong. Those markets have highly integrated transit networks coupled with highly evolved transit card systems like Suica and Octopus. With both of these on Apple Pay there’s a good opening for a small SE size inexpensive global NFC iPhone, it would do very well.
I imagine the iPhone SE2 could do well in a lot of markets.
Japanese transit companies like the JR Group (JR East, JR Central, JR West) are often criticized for being opaque and buddy buddy with politicians, but every transit agency around the world has to deal with politicians and governments on some level. That just comes with the job.
Hong Kong, Taiwan and Japan are unique transit markets with tight integration and highly evolved transit card systems. Hong Kong and Taiwan have it easier than Japan in some ways as smaller usually means less baggage to carry going forward. But, being smaller has a downside too in that the breathing space between transit companies and government agencies is uncomfortably small, and sometimes suffocating.
Because of this, Hong Kong residents occasionally have a sarcastic distrustful view of Octopus Cards Limited (OCL) management, despite the fact that OCL delivers best of class services. Witness the frustration of OCL dragging out the Apple Pay Octopus launch details announcement. As one Hong Kong iPhone user told me, “I won’t believe it (Apple Pay Octopus) is really happening until Apple (not OCL) announces it.”
A similar situation is happening with Taiwan’s EasyCard. In mid August 2018, service updates for Mastercard kiosk recharge indicated that MRT was preparing some kind of mobile service. I assumed MIFARE was coming to iOS 12, bingo, and that Apple Pay would add EasyCard and iPass, but Samsung Pay snagged EasyCard with a formal announcement on April 11 and that was the end of it. Or so I thought. The reality is that EastCard has yet to launch on Samsung Pay and will start ‘testing’ from October. What happened?
A few days ago an older post about SuicaENG and the Wallet UI suddenly got lots of hits from Taiwan. I was scratching my head as Taiwan traffic is usually smallish and tried to Google Translate the Taiwanese site generating the traffic, but the result was incomprehensible. Fortunately a reader from Taiwan living in Japan kindly provided an explanation of EasyCard politics:
OK, EasyCard Corp is catching flak for…being slow to launch a mobile transit card service, on their own, without Cubic running the show? Being slow to launch a mobile transit card is not unique. Just ask the companies that run ICOCA, Toica, PASMO, etc., they don’t have their transit cards on mobile either and have far larger infrastructure budgets. This stuff takes time because everything transit absolutely has to work perfectly all the time. 7pay fuckups are not an option.
I can understand why Hong Kong iPhone users are frustrated with OCL taking their sweet time to launch Apple Pay Octopus, but when it finally launches, the tidal wave of iPhone users will make Smart Octopus on Samsung Pay look like the tiny beta test group that it is. Let’s just hope that Sunny Cheung and OCL are on it and working hard. And you are working hard on it, right Sunny?