Contactless Payments White Paper

The Secure Technology Alliance White Paper Contactless Payments: Proposed Implementation Recommendations is an interesting read, not only for what it says but for finding out what’s on the collective mind of the credit card industry.

Here is a quick look…
<with comments>

About the Secure Technology Alliance
The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT)

<forget all the other shit, Secure Technology Alliance is a credit card EMV promotion society>

2.2 Contactless Acceptance Terminal Considerations
Contactless payments are not new. Contactless payments relying on magnetic stripe data (MSD) have been available since 2005. However, as the U.S. transitions to EMV, some payment networks are no longer recommending contactless MSD solutions. Moreover, some EMV contactless cards are being deployed without contactless MSD support, which can cause interoperability issues or cause a transaction to be terminated and processed using the EMV chip or magnetic stripe.

<contactless MSD is a crappy half-assed stopgap standing in the way of progress that nobody uses except Samsung Pay, get rid of it already>

2.2.4 Recommendations Figure 1. Enabling a Contactless Terminal at the Checkout

• Contactless terminals should be customer-facing
<duh>

• Customers should not need to tell cashiers how they intend to pay
<in a perfect world NFC is EMV contactless exclusively without complications from annoying FeliCa or MIFARE and credit card companies are the de facto treasury departments for all advanced nations of the world>

• The contactless terminal should always be switched on and ready to use; the cashier should not need to switch it on
<WTF, this is a recommendation?>

• The cashier should not need to enter the amount twice; the amount should be automatically displayed on the terminal

<oh I get it now, we’re talking about American cash register infrastructure>

2.3 Cardholder Experience: Different Contactless Form Factors
When performing contactless transactions, consumers already use a variety of form factors—contactless cards, mobile wallets on phones, wearables (such as watches, rings, or key fobs)—and there may be additional options in the future. While the “tapping” procedure to initiate the transaction should be the same regardless of form factor, other consumer behavior may not be consistent, especially when using a wallet on a mobile phone.

<I see, smartphone wallets with their own secure authentication are a problem, contactless credit card things with 4 PINs and meaningless terminal signatures are not a problem>

Transactions initiated using a mobile phone involve a two-step process: first, the wallet is activated (using an authentication method such as a biometric,4 PIN, or pattern); second, the phone is placed in proximity to the POS device for the contactless read.

Generally, however, the authentication mechanism used as the cardholder verification method (CVM) will be the consumer device cardholder verification method (CDCVM). CDCVM uses a mobile phone’s passcode or biometric user authentication to verify the cardholder for a payment transaction, removing the need for the cardholder to enter a PIN or provide a signature. Such use can result in an inconsistent consumer experience; sometimes a cardholder may be required to provide a PIN or signature on the terminal (for example, if the contactless terminal does not support CDCVM) and sometimes no verification will be required. However, as consumers become more familiar with the process and as older terminal functionality is replaced with newer technology, there should be fewer inconsistencies. In addition, note that, at this time, some networks may not support CDCVM with their U.S. common debit AID, which may result in inconsistent consumer experience for debit transactions.

 <blah, blah, blah, in other words credit card companies and payment networks will do as little as possible to clean up their own mess and blame somebody else for their problems, what else is new>

3.3 Contactless POS Infrastructure and Acceptance
Contactless acceptance is a major trend globally, with a significant percentage of POS terminals supporting contactless. The following are some key published market statistics:
• According to Juniper Research18 (Figure 5, Figure 6), 31.6% of all terminals in service in North America are contactless; North America accounts for 19.6% of the global installed base of contactless POS terminals.
• Visa has reported that, as of September 2017, 40% of U.S. face-to-face Visa transactions today occur at contactless-enabled locations, that a growing percentage of merchants are enabling contactless.

<wait a minute, what about that North America 19.6% figure? Contactless POS Terminals in Service as a Proportion of All POS Terminals: Asia: 43.6%, Western Europe: 14.3%, North America: 19.6%, we don’t want to talk about context here do we? Too embarrassing>

And the grand finale:

3.5 Open Loop Contactless Payments in Transit
Transit agencies are moving, or considering moving, to open payments with next generation fare payment systems—that is, credit and debit payments made using contactless EMV devices at transit points of entry (e.g., at fare gates, on buses)— to supplement traditional closed-loop acceptance. As noted in Section 2.5, consumer use of contactless payments for transit can help drive incremental transactions and top-of-wallet status for cards. Issuers contemplating transit as a factor in their contactless decisions should be aware that the specific timing for implementing transit open payments within a given region can have some uncertainty. In addition to the schedule impact of procurement and implementation timeframes, issuers should note that transit agencies interested in open payments may also consider the current state of contactless issuance and other relevant factors in their decision- making process.
Other relevant considerations include the following:
• As the market for open payments in transit is still emerging, the content of the authorization/settlement messages sent from different agency back-end systems may not be consistent.
• Transit merchants may require functionality that addresses transaction times and risk, such as offline data authentication (ODA) and/or deferred (or delayed) authorization.

<translation: credit card companies are falling over each other to get into transit and sucker convince transit operators into junking closed ticketing systems. Credit card companies have no interest in ticketing infrastructure outside of skimming their take. Let transit operators spend tax payer money doing all the back-end work and dealing with problems. Let them deal with transit user ire over slow EMV contactless transactions at overcrowded transit gates or when credit cards are de-activated in mid transit.>

What a sweet deal.

What the Hell is VISA Up To in Japan?

VISA is the least consumer friendly card company in Japan. Period. Mastercard, American Express and JCB are making it easy for Japanese customers to use their cards in mobile wallets (Apple Pay, Osaifu Keitai) both domestically and abroad with NFC Switching. NFC certification requires both NFC-A and NFC-F. Smartphones can do it all, how nice.

Except VISA does not want to play nice, they want to play market politics. Witness VISA’s latest boneheaded move reported by Masakazu Tatara on his excellent EPayments JP site: Visa is pulling the plug on Mobile Visa payWave (NFC-A EMV contactless). The last holdout is Sumitomo Mitsui who will terminate service at the end of December 2018. VISA on the iD and QUICPay (NFC-F FeliCa) contactless payment networks remains in place as does plastic card payWave.

As Tatara san asks, what is VISA up to? His quick review of the Mobile VISA payWave spec is helpful and remarkably similar to the Mobile FeliCa spec.

The secure methods for storing Mobile VISA payWave transaction information are:

  1. A mobile device with an Embedded Secure Element (eSE)
  2. HCE (Host Card Emulation in the cloud)
  3. A “Mobile eSE” SWP SIM
  4. A NFC Contactless Payment Sticker

As Tatara san explains, it is the #3 SIM card option that is really being phased out.  #1 includes Apple Pay and Osaifu Keitai devices. The recently released Google Pay Japan is simply an alternative Osaifu Keitai front end that entirely dispenses with the dead HCE-F. As if this was confusing enough, VISA Japan has not signed on with Apple Pay Japan or Google Pay Japan, nor is VISA payWave compatible with the Osaifu Keitai standard. This leaves #2 and #4 as the only real Mobile VISA payWave Japan options going forward. Good luck with that.

Japanese media has speculated that the Sumitomo Mitsu and Mizuho financial groups want to promote QR Code contactless payments over NFC and the death of Mobile VISA payWave proves that QR is winning the contactless payment turf war. Don’t believe it.

In Japan, aka the contactless payment turf war epicenter, the battle line is stored value vs. credit card with stored value cards the clear winner. This week’s Mizuho Suica announcement is proof of that. There isn’t any money for Japanese merchant support of EMV contactless because most inbound tourist business is mainland Chinese who only want to use QR code contactless AliPay and WePay which Japanese will never use.

So where is VISA going in the Japan market? One guess: the success of Apple Pay Suica and the release of the Global FeliCa iPhone/Apple Watch has VISA at a momentary standstill. Because if Google follows Apple’s lead and releases a Global FeliCa Pixel 3 with NFC switching, things will get very interesting. The more Global FeliCa becomes a ho-hum checkbox feature with every smart device, the more VISA Japan will have to play nice with Apple Pay and Google Pay or risk being shoved aside.

Which brings us back to FeliCa again. To outsiders it looks like the Japanese contactless payments market goes round and round, but it doesn’t. VISA Japan goes round and round playing market politics never moving forward, and that does damage. Last month I wrote:

It would be much better for customers if smart device manufacturers bundled all the major middleware stacks (EMV, FeliCa, MIFARE, China Transit, CEPAS) and simply called it Global NFC. Real Global NFC.

Until the industry does a better job of integrating NFC hardware and the various middleware pieces into a virtual whole, NFC confusion will continue to be a problem.

It would be much better for customers if the credit card industry stopped the contactless payment turf wars and started delivering solutions that help customers instead of sowing confusion.

UPDATE: a reader reports says that payWave on SIM cards is pretty much dead everywhere because the “secure element wars are over.” That’s interesting in light of Huawei offering FeliCa Osaifu Keitai service via Docomo with a SIM card. But that is a Docomo thing more than a Huawei thing.

iPhone X NFC Problem Q&A Exchange Guide

1️⃣ iPhone X Suica NFC Problem Q&A Exchange Guide
2️⃣ iPhone X Suica NFC問題Q&A交換ガイド (Japanese)
3️⃣ Apple Denial and iPhone X Users
4️⃣ iPhone X Suica Problem Index

Q: What is the iPhone X Suica NFC Problem?
A: It’s a iPhone X NFC hardware defect that causes reader errors and double reads on transit gates or store readers on a regular basis: on average 1 out of 3 NFC attempts is an error. See and hear for yourself:

Q: Can it be fixed?
A: The only way to fix it is to get a iPhone X exchange from Apple. The iPhone X production tally below points to a hardware defect in iPhone X units manufactured before April 2018. Apple apparently fixed iPhone X NFC hardware issues and all units manufactured after 2018 production week 15 (April) are free of the problem. I call these NFC defect free units Revision B iPhone X. Rev. B iPhone X units have superior error free NFC performance that is immediately noticeable.

Reader Feedback iPhone X Production Tally*

iPhone X Production Tally 2018-10-6
Reader Feedback iPhone X Production Tally (as of 2018-10-6) : A simple tally of good/bad iPhone X devices and manufacture dates reported by readers to track production switchover from problem iPhone X devices to Revision B iPhone X devices. All iPhone X devices were running iOS 11.x and include both JP and international iPhone X models.

*Week 15 of 2018 appears to be the Revision B iPhone X switchover production period

Q: Is it a big problem?
A: Yahoo Japan and Google Japan Search Suggestions related to the iPhone X Suica problem are highly ranked which indicates many people in Japan regularly search the topic.

Q: Why is it a problem with iPhone X and not iPhone 8?
A:  Both iPhone models use the same NFC chip but the X logic board is considerably more complex than 8. It could be a logic board RF routing issue, an antenna specification problem, an interaction with other components on the device. Only the Apple Engineers who fixed the problem know the answer.

Q: Is this only a problem in Japan?
A: No, readers report iPhone X NFC problems with China Express Transit cards. In America iPhone X users report similar levels of errors and double reads but were unaware of the problem until they saw my posts. I experienced regular errors and double reads with my January 2018 manufacture iPhone X Suica Problem unit using Apple Pay in America, so yes, I believe the NFC problem is an issue with all iPhone X production SKUs before April 2018 regardless of region.

Q: Why is it that iPhone X users outside of Japan are unaware of the problem?
A: It boils down to using Apple Pay Express Transit. It’s easy to catch the problem in the high performance, high usage Express Transit environment. It’s much harder to catch the problem with low performance EMV regular cash register Apple Pay use.

Q: How do know if I have a problem iPhone X unit?
A: If you use Apple Pay regularly on your iPhone X and experience reader errors and double reads on a regular basis check the manufacture date by pasting your iPhone X serial number here. A manufacture date is before April 2018 indicates a NFC problem iPhone X unit.

Q: How do I exchange my problem iPhone X unit for a Revision B iPhone X?
A: Apple Support does not publicly acknowledge the iPhone X Suica/NFC problem. Getting an exchange takes time, patience and tenacity. Rely on your judgement because exchanging your iPhone X due to NFC performance issues with Apple Support isn’t easy.

Apple Support does acknowledge the iPhone X NFC problem internally however, and will issue an exchange based on 2 conditions:

  • A wipe and restore did not fix your iPhone X NFC problem
  • You encountered problems using your iPhone X for Apple Pay Express Transit use in Japan (nationwide) or China (Beijing and Shanghai)
  • From a reader who got an iPhone X exchange in the US: “tell them (Apple Support) to look up the internal support article on their iPad (in the store) that states issues with iPhone X for Transit in Japan and China. They found it in when I went to the Apple store in the US on their iPad.”

If you cannot connect your iPhone X NFC problem use case to Apple Pay Express Transit use in Japan or China, Apple will not likely give you an exchange.

If all goes well Apple Support will setup an exchange either at a Genius Bar or Delivery Exchange Service (Japan). Apple Support will have you test the iPhone X hardware via the built in diagnostics test and tell you the results show no problem. Repeat that you want to exchange your iPhone X anyway. Be sure to check the serial number of the new unit here to confirm it was manufactured after April 2018. If so, all is good.

Note: Apple Support does not stock international iPhone X models. It’s recommended that you exchange iPhone X in the same country that your device was purchased in.

Q: Since Apple acknowledges the iPhone X NFC problem internally, will Apple issue an exchange program like they did for the iPhone 8 Logic Board Replacement Program?
A: It took Apple 7 months into iPhone X production to fix the NFC defect, 40 million units by my estimate. That’s a lot of iPhone X units to replace. I suspect there were frustrated engineers within Apple who knew what the problem was but were controlled by the marketing spin machine. Apple should be proactive but will not unless there is enough bad press to force the issue. I don’t see that happening.

Updated 2020-4-19

iPhone X Users Outside of Japan Don’t Realize They Have NFC Problems

1️⃣ iPhone X Suica Problem Q&A Exchange Guide
2️⃣ iPhone X Suica問題Q&A交換ガイド (Japanese)
3️⃣ Apple Denial and iPhone X Users
4️⃣ iPhone X Suica Problem Index


As user reports trickle in it’s becoming clear that iPhone X units produced before April 2018 have a NFC hardware issue. iPhone X Apple Pay Suica users have been complaining about it since iPhone X went on sale. Why aren’t iPhone X users outside of Japan complaining about it? It’s all about NFC environment, experience and expectations.

NFC Infrastructure and Experiences
The Japanese NFC transit and payments infrastructure has a long unique history. It’s fast, modern and high performance. Japanese NFC mobile payments and e-money with Suica smart cards started in 2004, Mobile Suica for feature phones followed in 2006 and took off from there. FeliCa based systems like Suica have very fast transaction rated speeds of 200 milliseconds (ms) but are usually faster in service. The point is: Japanese iPhone X users have vast experience and expectations of how high performance NFC should work.

Unfortunately the United States does not have a high performance NFC FeliCa or MIFARE stored value based transit and payments infrastructure on a large transit network the size of Tokyo or Hong Kong. Most Americans don’t have the experience of a Suica or Octopus (transit + e-money) or Oyster smartcard (transit only) to compare Apple Pay with and don’t understand what they are missing: American iPhone X users have zero experience with high performance NFC therefore no expectations of how NFC should work.

NFC Use and Expectations
Apple Pay Suica commuters are super power users who immediately understand that something is wrong with iPhone X Suica: the dreaded iPhone X Suica problem. On a daily commute there are at least 4 gate transits, usually more, plus Suica purchases for lunch, snacks, coffee, etc. Apple Pay Suica commuter plans are limited to the JR East rail network however, so this limits the number of Apple Pay Suica iPhone X super power users to Tokyo.

There are no iPhone X commuter super power users in America. EMV contactless is a slower, lower performance payment technology that was developed for cash registers, not for rapid transit gates but it is the only Apple Pay experience most Americans have. The slow, antiquated American cash register infrastructure is connected with slow, low performance EMV contactless readers. Customer expectations are nonexistent so iPhone X users never realize that reader errors with Apple Pay are not caused by the reader, they are caused by iPhone X. Users have a iPhone X NFC problem but don’t know it.

In my last post I wrote,

Put it this way: with an iPhone X made before April 2018 the second read is always successful, with a Revision B iPhone X the first read is always successful. Which one do you want?

There is one more question that you need to ask yourself: if you didn’t know that your iPhone X device has a NFC problem, is it a problem for you?

If the answer is yes to both questions carefully observe your iPhone X NFC performance, check your iPhone X manufacture date and exchange your iPhone X if it was manufactured before April 2018.

Dead HCE-F, Global NFC ≠ Global FeliCa, and Other NFC Confusion

NFC technology lineup in iOS 13

NFC is a confusing name. It’s an upside down umbrella that catches every single naming convention connected with it: Type A, Type F, EMV, FeliCa, MIFARE, etc.  There are also all those smartphone platform and credit card company brand names built on NFC technology: Apple Pay, Google Pay, NFC Pay, Mastercard Contactless, etc. Companies have greatly added to the confusion changing brand names on a whim: Visa PayWave is now Visa Contactless, Google Pay was Android Pay and Google Wallet before that.

The confusion is perfectly captured by the ever-growing collection of acceptance marks cluttering up Japanese cash register counters.

How do you keep it straight? It helps to remember that NFC is just hardware.

NFC Certification = Global NFC
NFC-A and NFC-F support is required for NFC Forum certification for a device. NFC means NFC-A + NFC-F. NFC-B is optional. All NFC smart devices are Global NFC devices capable of supporting all NFC based payment systems. The street reality is they don’t because smart device manufacturers pick and choose what middleware they support. Everybody supports EMV but manufacturers pick and choose different middleware stacks for different models and different countries.

Global NFC ≠ Global FeliCa
Google’s Pixel 2 a perfect example of a Global NFC device that doesn’t do FeliCa because Google did not choose to license FeliCa middleware. Google also muddied the Android water considerably with the Google Pay Japan rollout that proves HCE-F is dead: Google Pay Japan is just an alternative front end sprinkled on top of existing Osaifu-Keitai middleware. We’ll see what Google cooks up for Pixel 3 but I suspect Google wants to have cake and eat it too: something like Real Google Pay for Pixel 3, Google Pay Lite for everybody else.

Apple on the other hand sells Global FeliCa iPhone 8, iPhone X and Apple Watch 3 worldwide. Inbound visitors to Japan with those devices can add a Suica card with all the benefits to Apple Pay. Inbound Android users are left in the cold feeling confused which is a shame.

It would be much better for customers if smart device manufacturers bundled all the major middleware stacks (EMV, FeliCa, MIFARE, China Transit, CEPAS) and simply called it Global NFC. Real Global NFC.

Until the industry does a better job of integrating NFC hardware and the various middleware pieces into a virtual whole, NFC confusion will continue to be a problem.