iOS 14 Apple Pay: going the distance with Ultra Wide Band Touchless and QR

It’s that time of year again to look into the WWDC crystal ball and see what changes might be in store for iOS 14 Apple Pay. 2019 was an exciting year with the important Core NFC Read-Write additions for ISO 7816, ISO 15693, FeliCa, and MIFARE tags. Since then we’ve seen iOS apps add support for contactless passports, drivers licenses, retail and manufacturer vicinity NFC tags, transit ticketing, badging, and more. Some expectations ended up on the cutting room floor. The NFC tag Apple Pay feature that Jennifer Bailey showed back in May 2019 has yet to appear. Apple Pay Ventra and Octopus transit services slated for 2019 and iOS 13 failed to launch, as of this writing, still delayed.

Predicting anything in 2020 is risky business because of the COVID-19 crisis. iPhone 12 might be delayed, iOS 14 might be delayed, features brought forward, pushed back…all plans are up in the air, even WWDC. Some developments are clear, but timing is opaque. What follows is based on: (1) NTT Docomo announcement of Ultra Wideband (UWB) ‘Touchless’ Mobile FeliCa additions and JR East developing UWB Touchless transit gates, (2) CarKey and the Car Connectivity Consortium Digital Key 3.0 spec and (3) Mac 9to5 reports of AliPay coming to iOS 14 Apple Pay.

Going the distance
The NFC standard has been around a long time, long before smartphones, conceived when everything was built around close proximity read write physical IC cards. The standards have served us very well. So why are NTT Docomo and Sony (Mobile FeliCa) and NXP (MIFARE) adding Ultra Wide Band + Bluetooth into the mix?

Ultra Wide Band + Bluetooth delivers Touchless: a hands free keep smartphone in pocket experience for unlocking a car door, walking through a transit gate or paying for takeout while sitting in the drive thru. It’s the same combo that powers Apple AirTags. UWB Touchless delivers distance with accuracy doing away with “you’re holding it wrong” close proximity hit areas necessary when using NFC. With Touchless your iPhone is essentially a big AirTag to the reader,

For Apple Pay Wallet cards it means hands free Express Card door access, Suica Express transit gate access and payments that ‘just work’ by walking up to a scan area or car. As Junya Suzuki pointed out recently, UWB Touchless is passive compared to the active NFC ‘touch to the reader’ gesture and will live on smartphones, not on plastic cards. Those will remain limited to NFC which does not require a battery.

Secure Element evolution and digital key sharing
The addition of UWB Touchless however means that the secure element, where transaction keys are kept and applets perform their magic, has to change. Up until now the secure element worked hand in glove with the NFC controller to make sure communications between the reader are secure and encrypted. For this reason embedded secure elements (eSE) usually reside on the NFC controller chip.

Apple chose to put a Global Platform certified Apple Pay eSE in their own A/S series chips. The arrangement gives Apple more control and flexibility, such as the ability to update secure element applets and implement features like global NFC. The addition of UWB Touchless in FeliCa and MIFARE means both smartphone and readers need new hardware and software. Apple already has UWB in the U1 chip on iPhone 11. Mobile FeliCa software support could be coming with the next generation ‘Super Suica’ release in the spring of 2021 that requires updated FeliCa.

Recent screen images of a CarKey card in Wallet…with Express Mode can we call it Suicar?

The arrival of UWB Touchless signals another change in the Secure Element as shown in middle CarKey screen image: digital key sharing via the cloud where the master key on the smartphone devices ‘blesses’ and revokes shared keys. Mobile FeliCa Digital key sharing with FeliCa cards and devices was demonstrated at the Docomo Open House in January, also outlined in the Car Connectivity Consortium (CCR) Digital Key White Paper. An interesting aspect of the CCR Digital Key architecture is the platform neutrality, any Secure Element provider (FeliCa, MIFARE, etc.) can plug into it. Calypso could join the party but I don’t see EMV moving to add UWB Touchless because it requires a battery. EMV will probably stick with battery free NFC and plastic cards.

Diagram from Car Connectivity Consortium (CCR) Digital Key White Paper

The QR Code Equation
There is another possible eSE change for Apple Pay. A few weeks ago a reader asked for some thoughts regarding the AliPay on iOS 14 Apple Pay rumor with a link to some screen/mockup images on the LIHKG site. Before getting to that it’s helpful to review some key Apple Pay Wallet features for payment cards: (1) Direct Face/Touch ID authentication and payment at the reader, (2) Device contained transactions without a network connection, (3) Ability to set a main card for Apple Pay use.

The images suggest a possible scenario implementing AliPay in iOS 14 Apple Pay:

  • AliPay has a PassKit API method to add a ‘QR Card’ to Wallet.
  • Wallet QR Card set as the main card is directly activated with a button double-click for Face/Touch ID authentication and dynamic QR Code payment generation in Apple Pay.
  • Direct static QR Code reads activate AliPay Apple Pay payment.

If Apple is adding AliPay to the ranks of top tier Wallet payment cards, they have to provide a way in. The new “PKSecureElementPass” PassKit framework addition in iOS 13.4 could be just that. Instead of PassKit NFC Certificates, the additions suggest a Secure Element Pass/certificate. Secure Element Certificates instead of NFC Certificates. The burning question here is does AliPay have a Secure Element Java Card applet performing transactions with keys and without a network connection? If so we have QR Wallet payment cards. Direct Apple Pay Wallet QR integration would open up things for 3rd party (non bank) payment players. QR integration might also help Apple skirt NFC monopoly allegations that got Apple Pay in trouble the Swiss government.

Dual Mode and flexible front ends
The addition of QR and UWB with NFC for payments opens up a long term possibility suggested by Toyota Wallet. The current app lets the user attach a QR code app payment method and/or a NFC Wallet payment method to an account. It’s intriguing but clunky. Wallet QR Payment support would allow Toyota Wallet to move the entire payment front end to Wallet and let the user choose to add one or both.

It’s the latter that interests me most. Instead of having separate NFC and QR payment cards from the same issuer for the same account, I’d much rather have one adaptive Wallet card that smartly uses the appropriate protocol, QR, NFC, UWB for the payment at hand. Capable, flexible, smart. This is what digital wallets should do, things that plastic can never achieve. Let’s hope Apple Pay Wallet makes it there someday.

Advertisements

Tokyo Cashless 2020: NFC Pay…are we there yet?

Tokyo Cashless 2020 is a periodic look at all things cashless as Japan gears up for the Tokyo Olympics event. If there is a topic you’d like covered, tweet @Kanjo

Mom always had a ready answer for us kids at the start of every family summer trip, “No honey we’re not there yet.” It was vague, non-committal, endlessly cheery. NFC Pay (aka EMV contactless) has made some progress at Japanese checkouts, but as Junya Suzuki lamented recently it’s still not universal. Cashless payments in general however have made good progress thanks to the Japan Cashless rebate program.

Every inbound cashless Japan experience is different, it depends on the kind of trip, the region and personal spending habits. A businessman using plastic credit cards staying in Tokyo area hotels and well known areas, then yes the experience is mostly cashless. A budget backpacker on Lonely Planet/Airbnb trail will have a very different, very cash cash experience. Europeans and Australians will find that their EMV contactless bank cards don’t tap very far and wide.

Just Say ‘Apple Pay’ Conundrum
People would love to be able to just say ‘Apple Pay’ at checkout, but this does’t work very well in Japanese contactless checkout jungle. When you say ‘Apple Pay’ you get:

  • The main card set for Apple Pay Wallet
  • Face ID/Touch ID authentication request

This can play out in different ways. If you have an international issue bank card set as the main card and say ‘Apple Pay’ at Lawson, the reader pulls up the main card with a Face ID/Touch ID authentication request. If you have Suica set as the main card and say ‘Apple Pay’ at Lawson, it pulls up Suica with a Face ID/Touch ID authentication. If you want use Apple Pay Suica Express Transit at checkout, you have to ‘Suica’, not ‘Apple Pay’. Are you confused? The confusion is compounded by poor employee training. You can use EMV contactless at any McDonalds but getting the checkout staff to actually make it happen is a completely different story.

Who’s to blame for this state of affairs? I say everybody: Banks, Card companies, The EMV Consortium, Sony, NXP, The NFC Forum, Apple, Google, Samsung, and especially Visa Japan who refuse to play nice with anybody who plays nice with FeliCa. Instead of working together to create and market a few intelligent payment schemes that work seamlessly, we have a world of this and that pay. The only player to gain anything from the Japanese market card payment mess is, surprise, the card-less QR Code PayPay.

EMV contactless and known aliases
To successfully navigate the Japanese contactless jungle, inbound Apple Pay travelers needs to be acquainted with a few checkout slogans: NFC Pay, credit and Suica. When you see the EMV contactless acceptance logos for Mastercard, Visa, Amex or JCB, say ‘credit’ or ‘NFC Pay’ at checkout. This should work for both plastic EMV contactless cards and Apple Pay/Google Pay/Samsung Pay inbound digital cards. Even if the checkout terminal does not display an Apple Pay or Google Pay logo, you are good to go.

Unfortunately, there isn’t comprehensive resource for NFC Pay store listings. Visa Japan only lists Visa Touch stores, Mastercard only lists Mastercard contactless stores, etc. The best approach for iPhone/Apple Watch inbound visitors is to create a Suica card on your device and be flexible, use a mix of Apple Pay Suica (recharged with Apple Pay cards), NFC Pay and plastic credit cards. NFC Pay nirvana may not be here yet, but we’ll get there…eventually.

Open loop wishful thinking trashes Apple Pay Express Transit reputation

The latest OMNY bump in the road perfectly captures the downside of making contactless credit/debit cards a one size fits all solution. As the New York Post piece (via MacRumors) points out, some Apple Pay Express Transit users are being double charged for fares. Perhaps they didn’t know that Express Transit was enabled in the first place, perhaps the iPhone passed too close to the OMNY transit gate reader. It’s a classic “you’re holding it wrong” situation that has nothing to do with Apple Pay Express Transit and everything to do with the current EMV architecture and how banks implement it.

Part of the problem is that OMNY is new, it’s not working across the entire MTA system yet, and open loop EMV bank cards will never replace all classic MetroCard fare options. That job is for the MIFARE based OMNY transit card due in late 2021. Until the system is complete Metro users will have to juggle different cards and deal with a very long transition. Transport for London (TfL) users have had MIFARE based Oyster cards since 2003, contactless credit/debit cards have been ubiquitous since the 2012 London Olympics when open loop was added to the TfL Oyster fare system.

To Biometric or not Biometric?
Open Loop credit/debit cards on transit gates instead of native transit cards always come with banking and credit industry baggage. Even in the contactless card heaven that is said to be London, there are a surprisingly number of gotchas: minimum limits for using cards, max limits that require PIN codes. It’s an endless loop of banks pushing one way and merchants pushing back.

The golden uptake for Apple Pay in Japan was Suica and is the same story everywhere: it’s all about getting rid of coins for transit, coffee, sandwiches, etc. The small stuff. This is the 20,000 JPY prepaid heavenly region where Apple Pay Suica sings and banks so desperately want to shut out all other players and keep all the marbles. But bank cards have an authorization problem: banks set spending limits not the card architecture. The line is always changing, what works today might not work tomorrow. The prepaid Suica architecture itself is the firewall that does away with user authorization because local processing transaction at the transit gate or store reader is all the authorization necessary.

Express Transit was developed for Apple Pay Suica in 2016, it remains the best matchup because the feature is a basic part of the Suica card architecture that is not a bank card. Apple Pay Express Transit for EMV payment cards that appeared with iOS 12.3 is a retrofit job that I predicted would have problems because retrofits are about dealing with baggage, not creating a better long term solution. 7 months later we are already there. This problem isn’t going away, not as long as banks and EMV keep operating the way that they do.

Suica joins Coke ON IC, is it worth it?

Coke ON is one more point gimmick app that offers a free beverage for points, bottle top ‘stamps’, earned with purchases via FeliCa/Coke ON IC (Transit IC, Rakuten, nanaco, PiTaPa, WAON), credit cards and QR (LinePay, PayPay aka Line PayPayPay) linked via Coke ON. Up until now Suica was excluded from earning stamps but will join the other Coke ON IC cards starting January 14.

The Coke ON app is not particularly user friendly. It wants your data, your location and your Bluetooth to connect to Bluetooth enabled Coke vending machines. And it seems overly aggressive, at least according to a very long Twitter thread. I’m not sure what exactly the issue is for the user but it seems related to location services and suspect card reads.

Japanese users have complained about Apple Pay Suica location based transaction notification details since the default feature appeared with the iOS 12.2 Suica make over. I have no problems using Apple Pay Suica on iPhone 11 Pro to buy drinks without Coke ON. The problem described in the tweet thread could be a Coke ON incompatibility with Mobile Suica despite Suica compatibility listed on the vending machine side. Hopefully this is fixed for the Coke ON Suica debut, however I don’t plan on giving away my iPhone data to collect Coke ON app bottle top stamps.

Coming later this year attractions that didn’t make it, and one that did

Now that Apple is in full holiday season vacation mode, here is one last look at some promised ‘coming later this year’ services that didn’t make it (and a last minute one that did).

Apple Maps 2.0 USA
The highly detailed Apple Maps 2.0 remake was first announced in mid 2018 with a rollout to be in place for the United States by the end of 2019. The West Coast and Upper East Coast made the cut but half of Mississippi, the rest of the Southeast and most of the Central US are still missing (look for the green). This is not a good sign that Apple can deliver on their promise of providing better map services in Japan before the Tokyo Olympics.

UPDATE: A few hours after posting, MacRumours reports Apple Maps 2.0 data rolling out to all Southeast and Central areas following reports from Justin O’Beirne of beta testing earlier this month. I do not see updated map details from Japan yet but it will take time to show up on devices worldwide. Apple cut it close but kudos for keeping their 2019 delivery promise with 4 days to spare.

Apple Pay Ventra
The native Chicago Ventra transit card on Apple Pay is a big deal that was announced back in March. It represents the first major native transit card for the USA on Apple Pay. The much smaller Portland transit system HOP card landed safely in Wallet in May, but Ventra is still listed as ‘coming soon.’ The fault is not with Apple but with Cubic Transportation Systems who operate transit fare systems for Ventra, New York OMNY, Transport for London (TfL) Oyster, Sydney Opal, Washington DC Metro, and many more. For all of their supposed system expertise, Cubic was extremely slow rolling out Apple Pay Express Transit on TfL and has yet to deliver a single native transit card on Apple Pay or Google Pay. I hope Cubic does a better job in 2020.

Apple Pay Octopus
The Apple Pay Octopus ‘now you see it, now you don’t’ saga of 2019 was strange and ultimately sad. The Apple support side was all ready to roll with iOS 13. Octopus Cards Limited announced Apple Pay support back in July with ‘coming soon’ website artwork that was pulled when the launch was officially delayed on December 19. My take is that OCL parent Hong Kong MTR made, or was forced into, a political decision to limit services, starting with the unexplained service outage of Smart Octopus during the Hong Kong Polytechnic University siege. This is not a popular opinion.

Readers have reported riot damage to MTR infrastructure and suggest this might be a reason for the Apple Pay Octopus delay. I don’t buy it. Hong Kong MTR, or someone higher up, wants to limit services and control movement, not open them up. But this introduces great risk: moving people are moving money. Limit services and the flow of people, and you limit the flow of money. In this scenario Hong Kong doesn’t have a future. More than anything, I hope Hong Kong gets it’s future back in 2020.