How much will Smart Navigo HCE suck?

It’s interesting parsing app reviews that say ‘this app sucks’. How does it suck and why? As I’ve said before, the overwhelming negative App Store reviews for Suica App are less about the app and more about lousy carrier auto-connect • free WiFi connections messing with the Mobile Suica recharge function. Most users see Suica App as the software that controls everything Mobile Suica AND iPhone NFC hardware. It does not of course but people dump all blame on Suica App anyway.

It’s a complete mystery why people even bother using Suica App when so much Mobile Suica functionality is built in Apple Pay Wallet right out of the box. Nevertheless it’s safe to conclude that Suica App user angst is network related. People assume the WiFi and cellular icons at the top of the iPhone screen indicate a healthy internet connection, which they decidedly do not.

Most of what Mobile Suica does is done without an internet connection. The only time it needs one is recharge time with a credit card in Apple Pay Wallet app or Suica App. All that complaining over one Mobile Suica feature however, tells us something important about WiFi and cellular internet connections in station areas and on trains: they suck. Despite ubiquitous cellular and WiFi coverage, reliable internet is notoriously fickle in those famously busy Japanese train stations. This is the real reason behind all those ‘this app sucks’ Suica App reviews.

Which brings us to Smart Navigo, the Île-de-France Mobilités (IDFM) Paris region transit card for mobile that is going wide on Android smartphones this year. IDFM has spent a lot of time and expense working with Calypso Networks Association (CNA), the transaction tech used for Navigo, to implement the less secure network dependent Calypso HCE ‘cloud’ secure element approach as the default mobile transit tech for Android devices in 2022.

It is very unusual that IDFM chose HCE as their go to mobile strategy on Android when the more secure hardware embedded secure element (eSE) is standard on all smartphone NFC devices, and does the job without internet connections. HCE is very different from eSE in that both NFC smartphone and the reader need a connection to talk with a server. HCE was also conceived for leisurely supermarket checkout, not the challenging transit enviroment. How does Calypso HCE compare to the network-less eSE experience? CNA says:

For security reasons, transactions using the personalization key or the load key are not possible through the NFC interface, and must be done with a secure connection to a server.

Only the Calypso debit key is stored in the HCE application for validation on entrance and control during travel, coupled with a mechanism of renewal of the Calypso Serial Number (CSN) to mitigate the risk of fraud : a part of the CSN contains date and time of validity of the debit key which shall be checked by the terminals.

Thales says: poor mobile network coverage can make HCE services inaccessible. In short no internet connection, no mobile transit service. Let’s compare the basic mobile transit card features of Mobile Suica with Calypso HCE:

It’s too bad IDFM didn’t study Mobile Suica shortcomings, they could have learned a few things. Most certainly they understand HCE shortcomings but chose it anyway for unknown (political?) reasons. Right out of the gate Smart Navigo HCE won’t support power reserve NFC transactions even on Android devices that support it for regular eSE NFC. In total, there are 6 core Smart Navigo features that are internet connection dependent vs 1 Mobile Suica feature. 6 more things to complain about when they don’t work…in other words the Smart Navigo HCE suck index is 6 times greater than Mobile Suica. If Suica App is anything to go by, there are going to be a lot of bad Google Play reviews for the HCE version of the Île-de-France Mobilités App.

iPhone and Apple Watch users can be thankful that Apple Pay Navigo will use eSE (as Samsung Pay Navigo already does), and avoid most of this mess when the service launches in 2023, matching the Mobile Suica experience, feature for feature.

Apple Pay Navigo launch in 2023, open loop coming in 2024

After a long, long dance, Île-de-France Mobilités (IDFM) confirmed that Smart Navigo, the Paris region transit card for mobile will come to Apple Pay in 2023. As usual, Le Parisien broke the story (paywall), quickly reported on French Apple centric tech blog iGeneration.

“This time, for sure, it will be done”

After a test phase, in 2022, iPhones and Apple Watches will be able to replace the plastic pass distributed by IDFM (in 2023). “We cannot yet give a precise date, because it depends on the progress of Apple’s developments in Cupertino. But this time, for sure, it will be done, “says Laurent Probst, CEO of Île-de-France Mobilités. The contract is due to be voted on this Thursday at IDFM’s board of directors…

The contract between IDFM and Apple is spread over a period of five years, with a total budget of up to €5 million dedicated to the development of new services. A budget equivalent to that allocated to Android service developments operated by Samsung with IDFM.

Le Parisien

The contract with Apple is due to be approved by IDFM directors the week of February 20, we can thank the 2024 Paris Summer Olympics for breaking the Smart Navigo on Apple Pay logjam. Le Parisien has regularly criticized IDFM’s slow rollout of mobile services: “The modernization of the ticketing system in force on public transport networks in Île-de-France is not a long quiet river.” A timeline is helpful to understand the stalemate.

  • October 2017: Smart Navigo mobile was announced for 2019 launch. At the time IDFM said, “Unfortunately, it won’t be possible for iPhone owners to use the service since Apple does not yet allow third parties to access the NFC secure element in their phones. However, we are happy to explore the possibilities with Apple to offer the same service to all Paris public transport users.” In other words, IDFM wants to bypass Apple Pay Wallet and do everything in their own app.
  • September 2019: Smart Navigo launches on smartphones using an Orange SIM card, and on Samsung devices.
  • January 2021: Le Parisien reports that Smart Navigo is coming to Apple Pay. However this turns out to be a false alarm, instead IDFM releases a new version of the ViaNavigo iPhone app with support for adding money to plastic Navigo cards with the iPhone NFC.
  • November 2021: Le Parisien reports that IDFM suddenly terminated their partnership with Orange, IDFM announces a HCE + app strategy for Smart Navigo on Android that will launch in 2022. In other words, IDFM will do everything in their own app.
  • February 2022: Le Parisien reports Smart Navigo on Apple Pay will launch in 2023, IDFM confirms on Twitter and also announces EMV open loop support coming in 2024 in time for the 2024 Paris Summer Olympics.

French journalist Nicolas Lellouche independently confirmed the Apple Pay Navigo 2023 launch directly with IDFM and posted some details. Expect direct adding in Wallet app with Apple Pay recharge, similar to Suica, PASMO, Clipper, TAP and SmarTrip. An updated ViaNavigo app will provide extra features for commuter passes and more service options.

French reaction on Twitter was interesting and varied. People complained about the long lag getting Smart Navigo on iPhone but the equally long delay getting Smart Navigo on all Android devices, not just Samsung Galaxy, is more interesting and revealing. IDFM has spent a lot of time and expense working with Calypso Networks Association, the transaction tech used for Navigo, to develop the less secure network dependent Calypso HCE ‘cloud’ secure element approach. It flies in the face of where payment transaction technology has been going with eSE as standard hardware on all modern NFC devices. It’s almost like Ferdinand de Lesseps digging a sea level Panama Canal when a lock-and-lake canal was the better technical choice all along.

As for Android Calypso HCE performance vs Apple Pay Navigo Calypso eSE performance, I suspect the network dependent HCE on Android will be problematic. It will certainly be problematic, and challenging, for non-Apple smart wearables. If there is anything the bad user reviews of Suica App tell us, it is that network connections in station areas and on trains are never reliable and Android NFC adds layer upon layer of support complexity. No network = no HCE service, it’s that simple. Apple Pay Navigo will work without a network connection, just like all transit cards on Apple Pay, and will work great on Apple Watch too.

For this reason IDFM has to focus all of their system resources on the much more complex Android launch this year. They could certainly launch Apple Pay Navigo sooner if they really wanted to, but it’s better to do these things one platform at a time.


Related
Contactless Payment Turf Wars: Smart Navigo HCE power play
Smart Navigo reportedly launching on Apple Pay

Mobile FeliCa evolution: FeliCa without the FeliCa chip

FeliCa Dude did his usual public service of posting Mobile FeliCa details for the latest Pixel 6 devices. There wasn’t any change from Pixel 5, so no global NFC Pixel for inbound visitors. Nevertheless it’s a good opportunity to review some important recent developments that have taken place behind the scenes on the Android Mobile FeliCa side and examine some possible 2022 scenarios. Things have changed even if most users don’t notice any difference.

The chart outlines Mobile FeliCa on Google Pixel developments based on information from FeliCa Dude’s tweets.

Mobile FeliCa 4.0 (Pixel 4) freed Android device manufacturers from having to use embedded secure element + NFC chips from the FeliCa Networks supply chain. Any FAST certified secure element will do. This development has resulted in a number of inexpensive Osaifu-Keitai SIM-Free smartphones released by Chinese manufacturers recently that are selling well. Hopefully it will have wider implications for inexpensive global NFC Android devices. There are lots of people in Hong Kong who would buy one to use Octopus.

Mobile FeliCa 4.1 (Pixel 5/Pixel 6) introduced multiple secure element domains. This allows the device manufacturer to ‘own’ the eSE and load or delete Java Card applets. FeliCa Dude thinks that multiple secure element domains (MSED) might play a part in the MIC digital My Number Card due to launch on Osaifu Keitai devices in 2022. My Number card uses NFC-B but MSED allows the Mobile FeliCa secure element to host it anyway, an interesting development.

Mobile FeliCa 4.2 or 5.0? The next version of Mobile FeliCa (MF) will hopefully support FeliCa SD2 next generation features that shipped in November 2020, features that power Suica 2 in 1 Region Affiliate Transit Cards (aka Super Suica) which are going wide in March 2022. These cards really need to be on mobile for future MaaS service plans outlined by JR East which cannot happen until SD2 features are added.

The improvements in MF 4.1 certainly give Android device manufacturers the ability to update MF over the air but don’t hold your breath. Standard industry practice to date has been ‘buy a new device to get new features’. Apple has been a little bit better in this regard: MIFARE support was added in iOS 12 for Student ID cards and iOS 15 fixed some Calypso bugs on ‌iPhone‌ XR/XS and ‌iPhone‌ SE.

A FeliCa Dude Reddit post comment regarding Asus smartphones illustrates the pre-MF 4.0 situation: “any phone that lists ‘NFC’ compliance must support Type F (FeliCa), but as there is no Osaifu-Keitai secure element <aka Mobile FeliCa secure element>, you will be limited to reading and potentially charging physical cards: you cannot use the phone as a card itself.” That was then, this is now.

Most people assume FeliCa support requires a Felica chip but this is not true. The evolution of hardware independent Mobile FeliCa is very clear: the ‘FeliCa chip’ from Sony/FeliCa Networks requirement is long dead and gone. Manufacturers like Xiaomi claim they make special models and add FeliCa chips just for the Japanese market, but that’s just marketing BS: they run Mobile FeliCa on the same NXP NFC chipset they sell everywhere. The majority of smartphones supporting FeliCa don’t have a FeliCa chip, everything from EMV to FeliCa and MIFARE runs on any GlobalPlatform certified secure element on any Android device.

Hopefully the sum of recent Mobile FeliCa developments, along with Garmin Suica, Fitbit Suica and built in WearOS Suica showing up in recent developer builds, indicate that FeliCa Osaifu Keitai services will become standard on Android devices as they have been on all iOS and watchOS devices since 2017.

OMNY white-label card completes the EMV only OMNY system

After a long gestation, and a COVID related delay, the good old swipe MetroCard replacement finally shipped, OMNY card: a white-label EMV bank payment card using the mastercard payment network, not a MIFARE or FeliCa smartcard like San Fransisco Clipper or Tokyo Suica. MetroCard missed the transit smartcard revolution of the late 1990’s, so MTA and their ticketing system management company Cubic Transportation Systems decided to go all in with a new system built using EMV payment network processing i.e. using ‘open payment‘ regular EMV contactless credit/debit cards for mainstream transit fare, with dedicated white-label EMV prepaid debit transit cards, the MetroCard replacement, relegated to a backup role.

OMNY is envisioned and designed as a ‘one size fits all’ approach where bank card EMV payment networks (VISA, mastercard, American Express, etc.) are promoted as transit tickets since everybody supposedly already use bank cards for all daily life purchases. The addition of fare capping, basically a OMNY closed loop card feature for open loop, further encourages regular credit/debit card use and reduces the need for issuing OMNY card. Any MTA very much wants to get out of the card issuing business.

One problem with one size fits all open loop thinking is it ignores reality. Different people have different transit needs: minors, seniors, disabled, daily commuters with set routes, people without credit cards and so on. Even with fare capping open loop cannot handle these well, if it did TfL would have killed Oyster card long ago. One thing is certain, the piecemeal OMNY rollout has not been an easy transition for MetroCard users. As of February 2022 only 24% of MTA riders use OMNY, that’s a lot of MetroCard. I predict most will only switch from MetroCard when forced to do so when swipe readers are turned off at the gate in 2024.

What is OMNY card?
OMNY card is a private branded ‘white-label’ EMV prepaid debit card that comes with a CVC/CVV security number from a mastercard issuing agency, similar to private branded credit/debit store cards. Ventra tried a similar arrangement years ago. Ventra has a long glitchy open loop history from its debut with the ill-fated mastercard debit Ventra card. Streets Blog had this to say about it in 2017.

Arguably it’s a good thing that the Ventra prepaid debit card is going the way of the dinosaur. The debit card function debuted with a long list of fees that had the potential to siphon of much of the money stored on the card, including:

A $1.50 ATM withdrawal fee
A $2 fee to speak to someone about the retail debit account.
A $6.00 fee for closing out the debit balance
A $2 fee for a paper statement
A $2.95 fee to add money to the debit account using a personal credit card
A $10 per hour fee for “account research’’ to resolve account discrepancies

“These fees were probably not any different than other bank cards offered by Money Network or Meta Bank or other predatory banks,” says Streetsblog Chicago’s Steven Vance, who reported on the issue at the time. “But it was shameful for the CTA to be aligned with that.”

After a backlash, most of these fees were reduced or eliminated, but CTA retail outlets were still allowed to charge Ventra card holders a fee of up to $4.95 to load cash on the debit sides of their cards. So maybe it is for the best that the CTA is getting out of the bank card business.

StreetsBlog Chicago December 2017

Let’s hope the OMNY card issuer and MTA do a better job of hiding their white-label OMNY prepaid debit card fees. Because let’s face it, even though OMNY card is ‘closed loop’ it still uses the same EMV payment network that open loop cards do. I call it faux closed loop because OMNY doesn’t process their own fare payments, nor does OMNY as yet offer commuter passes, student discounts, etc. And OMNY station kiosks that have yet to be installed will be modified ATM machines that take money instead of dispensing it.

A digital version of OMNY is advertised to launch on Apple Pay and Google Pay ‘soon’, although MTA now says it ‘expects’ to launch OMNY iOS and Android apps necessary for adding OMNY to Wallet in 2023.

When the OMNY digital card finally launches expect the same rebranded version of mastercard closed loop Ventra and Opal digital cards, all managed by Cubic. As most of the open loop systems in North America, UK and Australia are designed and managed by Cubic it’s helpful to compare their ticketing system profiles.

Transition bumps in road
When you carefully analyze the different systems and Express Mode transit support listed on the Where you can ride transit using Apple Pay support page, one condition becomes clear: current transit systems do not support Apple Pay Transit cards and EMV Express Transit when the system uses both MIFARE and EMV open loop. It’s a choice between supporting one or the other, not both. I suspect Apple does this because of the complexity supporting MIFARE and EMV mixed mode operations on the same transit system.

OMNY is a new system however, built completely on EMV and EMV only. When Apple Pay OMNY launches, OMNY will be the first system to support both EMV as an Apple Pay transit card and EMV Express Transit mode for credit/debit cards. There is a catch however similar to using Apple Pay China T-Union cards: turning on one card for Express Transit turns off other cards.

This happens when cards share the same NFC ID number which results in card clash at the gate reader. When cards share the same ID, only one card can be set for Express Transit mode at any one time. For EMV cards this applies to payment cards as well so Express Transit Card settings will likely turn off any activated payment cards when an OMNY card to turned on, and vice versa. Otherwise the complaints from Apple Pay MTA users would be endless.

OMNY headache: MTA Railroad ticketing
After OMNY card is launched on Apple Pay and Google Pay, the next OMNY challenge will be integrating Metro-North and LIRR commuter rail ticketing. A difficult task as none of the train line are equipped with NFC card readers. MTA has yet to unveil any commuter rail ticketing integration details. Ventra has the same problem, commuter rail ticketing remains the age old conductor visual inspection, no tap and go contactless for you. And as ever there are thorny open loop user data privacy issues.

OMNY truly represents the state American public transit as it tries to get on board with mobile payments. Progress is good and welcome but a real next generation vision with meaningful forward development of American public transit will continue to be a confused mess despite endless broken promises to fix it…simply because people with money and means don’t use it. If they did, things would have been fixed long ago.

Updated 2022-03-01

Ignore NFC reader logos, advice for using Apple Pay in Japan

After the October 21 launch of Apple Pay WAON and Apple Pay nanaco e-Money cards, I updated my Apple Pay Japan chart. All I did was add WAON and nanaco logos to the official payment logos listed on the Apple Pay JP page (still not updated as of November 19):

After posting the update chart a reader asked a very good question: why not add the FeliCa reader logo as that is what you’ll often see on NFC readers in Japan. To which I say: ignore reader logos in Japan. Why? Because the reader physical compatibility mark that indicates the antenna location has nothing to do with what payments actually work at checkout. Apple isn’t doing anybody a favor listing the EMV logo in the Apple Pay Japan lineup. It only confuses users.

Let’s play that game again, the ‘which logo is the official NFC logo’ game. Choose:

The correct answer is #2, the NFC Forum logo. The reader physical compatibility mark for EMV is #1, FeliCa is #3. But you never see the NFC Forum logo on NFC readers, what you see is usually something like this:

The EMV mark on the reader tap area does not mean the store accepts EMV contactless…always check the payment acceptance marks.

The Panasonic reader shown above has both EMV and FeliCa logos on the tap area. The store has also attached a card that displays what payments are accepted, in this case both EMV (VISA, mastercard) and FeliCa (iD, Suica•PASMO, WAON, nanaco) are accepted. Looks good right? Not really. The EMV and FeliCa marks are the physical compatibility mark that indicate the antenna location. However, most people assume the physical compatibility mark mean the reader works for all payments…which it does not. Some stores with an EMV physical compatibility marked reader don’t support EMV, and vice versa: FeliCa is supported on the reader but not the POS checkout.

What to do? Let’s see…the NFC Forum is responsible for basic certification of all NFC devices so let’s put their logo on reader instead. Oh wait, can’t do that because people will think it’s a Nespresso machine instead of an NFC reader:

This slide says it all regarding NFC Forum efforts as an industry promotion org

Time for a new NFC logo.

It might seem like a good idea to separate NFC hardware from the payment services that run on top of the hardware. The reality is, it’s impossible to do because all-in-one NFC chips do it all. The NFC Forum could spend a ton of money creating a new NFC logo that can be used everywhere…but what’s the point? Nobody will use it even if they do.

NFC readers come in all kind of shapes and sizes for all kinds of end uses, from supermarket checkout, to transit gates, and vending machines, and much more. If nothing else remember this: the physical compatibility mark is there to indicate the antenna location and show you where to tap, that’s all it’s there for. It can be anything. It should match the service it’s intended to fulfill.