XIANYOU’s blog post outlining adventures getting Xiaomi Redmi Note 8 NFC to work correctly, is an excellent reminder that Apple Pay does a great service by hiding NFC setting nonsense from iPhone customers. I mean really, is it the user’s job to figure out the ‘secure element position’? Bottoms up. The essential thing is that Google Pay doesn’t play out of the box:
As it turns out, this was because the default NFC processing behavior configuration on the phone was not one that Google Pay supported on my Redmi Note 8 Pro (or at this moment, possibly any non-Pixel 3+ phones).
This is exactly the situation I predicted back when Android Pay became Google Pay. Google doesn’t want to support non-Pixel embedded secure element devices: eSE for Google, HCE for everybody else. It’s going to get real interesting when Google starts shipping Pixel with custom Google silicon, rumored for Pixel 6, along with those Mobile FeliCa multiple secure element domain functions.
Doutor Coffee Shops added code payment options recently. The sticker next to the reader says all that you need to know: please have your payment app ready before paying. The downfall of code payments is always the network connection. Maybe network connection is weak, or tapped out, or whatever. Last week I was grocery shopping at a basement store location and noticed customers running from checkout to the bottom of the stairs, tapping their smartphone, then running back to the checkout. Bad network area.
This is all too common and a real pain now that every store chain and their dog has a rewards app. Most checkout goes like this: the customer pulls up the store app for discounts and reward points, then pulls up PayPay, dBarai, Line or any other popular code payment, and if the network gods are benevolent, finally pays. NFC was supposed to save us from slow plastic cards and paper coupon checkout, but in the digital wallet age we’re slow if not slower because the store location is in a crappy network area, inside a building with thick earthquake proofed concrete walls. Welcome to code payments in the real world 101.
In 2013 JR East faced a crisis over selling Suica ridership pattern data analysis to Hitachi. The Suica data was stripped of personal information and was used to analyze popular transit routes and create general user profiles based on age group, gender and so on. Media outcry resulted in JR East drafting an opt out data policy followed by Japanese Government laws and regulations covering personal data privacy.
That was then, this is now. Line, the popular messaging service plus Line Pay payment platform, came under attack this week for storing user and transaction record data outside of Japan, in South Korea and China. This is not a surprise since Line started in South Korea and storing data on cloud servers there was always an open secret. Why the brouhaha now? The recent complicated Z Holdings acquisition maneuvers of Line are a factor. With PayPay and Line Pay QR payment empires now in the same house some kind of streamlining is bound to happen. The data scandal could be a convenient excuse to start it.
The constant drip of privacy concerns regarding social networks and QR payment systems like Line Pay, and where user transaction data is stored, makes the old JR East crisis look small and silly. Everything is more connected now in unexpected ways than even just 8 years ago.
It doesn’t matter how secure transaction protocols are when user transaction record data is stored on leaky servers or sold to outsiders for profit. I wrote about this earlier, the so called popularity of QR Code payment services in Japan is really about big data. In that vein we have a timely blog post on Open Loop ltransit rider privacy from Transit Center.
For a professional advocacy organization dedicated ‘to improve public transit,’ the Transit Center privacy publication is surprisingly amateurish. It raises valid concerns but reads like open loop advertising from credit card companies (Transit Center soft sponsors?), where open loop is the golden cure-all future, and the only future at that, of every transit ill with closed loop invariably portrayed as a dead era of tokens, punchcards and mag strip swipe cards. They also make MTA seem like the only transit system in America that matters because idiosyncratic MTA problems apply everywhere. Right? Wrong. Let’s take a look at their privacy blog post…<<with comments>>.
Transit agencies around the country are adopting a new generation of fare payment systems. Agencies including New York’s MTA, Boston’s MBTA, and Houston METRO are in the process of switching to what’s known as “open-loop” systems that enable riders to tap into the system using digital wallets on their phones or with their credit cards…
These technologies come with clear benefits for riders, but they also carry the risk of exposing more personal data…
<<here it comes>>
The switch to these new fare payment technologies can accelerate access to riders’ trip data by other government agencies. In New York, for instance, individuals’ MTA trip data can be retrieved much faster with the new OMNY system than with the older MetroCard system…
<<retrieve trip data quickly on a fare system where users don’t tap out…what? privacy concerns are not just government agencies btw with multiple 3rd party companies handling and processing transit fare data…which brings us to>>
The increased involvement of third parties in fare payment underscores the need for better data collection and management policies within transit agencies.
<<better as in more big data details?>>
How to Implement the Next Generation of Fare Payment Without Shredding Riders’ Privacy
Anybody experienced in dealing with bank and card company customer service could see this coming. Bank and transit operating cultures are different and they don’t mix well with outside companies running the transit gate fare concession. If you think transit privacy is a concern now, wait until face recognition transit gates become the next transit future thing.
Let’s make this simple. Open Loop (EMV and QR) and bank card EMV Closed Loop means that banks and outside payment platforms run their services at the fare gates They have transit user data, as does the transit company, so does the fare system management subcontractor like Cubic. The more places data is stored the more it’s gonna leak. This is exactly what is playing out in Japan right now because Line Pay Japan user transaction data is stored in South Korea which does not, putting it mildly, have a good secure data reputation.
That doesn’t mean that closed loop is automatically more secure, but keeping data in-house with its own closed loop transaction card in the country of origin, as JR East does for Mobile Suica, does mean that outside company access is tightly controlled. At the very least there is only one company in the country of origin to take the blame when something leaks, and only one place to plug it.
UPDATE 2022-1-20 After the 2013 brouhaha, JR East is trying again with Suica Big Data and Station Karute profiles that measure the ‘health’ of station use and transit patterns. It looks tame compared QR Code payments apps that want every personal data detail that your smartphone coughs up. JR East will offer user data to outside companies that has been stripped of personal details. It’s something that they have to do to keep the Suica Platform relevant and competitive. Otherwise open loop advocates will have another marketing reason to push their agenda. Suica users concerned about privacy can opt out via the JR East web page.
Big Data mobile pay platforms have a big security problem
I was disappointed when Daring Fireball finally checked in on the Face ID face mask problem in the iPad Air w/Touch ID power button review. It summed up western tech journalist ignorance and indifference to a big problem that Face ID users in Asia have been dealing with since iPhone X day one. DF’s latest take on the issue in ‘Unlock With Apple Watch’ While Wearing a Face Mask Works in iOS 14.5 is even more disappointing, finally admitting that, “Prior to iOS 14.5, using a Face ID iPhone while wearing a face mask sucked.” This is pure ‘let’s not admit a problem until there’s a fix’ Apple apologia that is all too common on tech sites. DF hasn’t played straight or gotten it right when it comes to the big picture of Face ID. Then again the site is more into politics than tech these days.
Twitter followers pointed out that Apple went with Face ID knowing the trade-offs they were making in Asian markets but it was the right choice. I don’t know how much the Face ID face mask problem was on Apple’s radar during iPhone X development. But there was some arrogant, ‘we can blow off a few Asian customers’ attitude in that choice that Apple is paying for now. Face ID iPhone was quietly removed from how to videos on the Suica•PASMO promotion page in October. Face ID iPhone 12 sales might be driving 5G growth in the USA, but Tsutsumu Ishikawa reports that Touch ID iPhone SE sales in Japan are stalling the 5G transition.
I say this because there was certainly plenty of Apple arrogance when they blew off iPhone X Japanese users suffering from the notorious iPhone X NFC Suica problem. It didn’t matter because it was a iPhone problem…in Japan. It took me 3 exchanges to finally get a NFC problem free iPhone X revision B unit and I was one of the lucky ones. There were, and still are, plenty of iPhone X users fumbling in the dark. To this day iPhone X NFC problem search hits are the #1 hit on this site. Years later I am still outraged by Apple’s secrecy and denial of the issue. There was no excuse hiding the problem so that people would keep buying a defective top of the line product.
So no, I don’t think iOS 14.5 Unlock with Apple Watch is a solution for the Face ID face mask problem. It’s a stop gap until we get an ‘Apple finally figured it out’ iPhone that reviewers will gush over. And it performs like a stop gap: even in iOS 14.5 beta 2, one out of three Face ID with face mask attempts fails for me and performance is often sluggish, particularly glitchy when listening to Apple Music and using Apple Pay Suica transit.
iOS 14.5 Face ID sucks less for Apple Watch users, that’s all. People who make excuses for Apple’s hardware mistakes and missteps aren’t helping people make the right choice before plunking down hard earned money on expensive devices. Nothing is worse than having to live with somebody else’s mistake, except for having to live with somebody else’s deception.
A happy new year to everybody. When reading Junya Suzuki’s year end Apple Pay and contactless history in Japan article, I was irritated by its ‘rah rah for open loop’ ending that seemed to conclude EMV isn’t very slow and tap speed differences don’t really matter. After reading followup tweets with other IT journalists I realized that wasn’t his point at all. What Suzuki san was really saying was the total transit gate experience counts more than any particular technology package (MIFARE, FeliCa, EMV Open Loop, etc.).
Steve Jobs said the same thing about technology and products in the famous, “you have to start with the customer experience and work backwards to the technology,” 1997 WWDC video. In other words, the whole (the product) has to be larger than sum of the parts (the technology pieces that make up the product) to be a success. It’s all about how they integrate as a product into the larger whole ‘vision’ thing. JR East transit gates are great because the total experience is greater than sum of FeliCa, Suica, JREM reader and gate design technology parts added together.
When it comes to payments however it’s not just about technology, it’s also the raw power plays going on behind the scenes. In the same article Suzuki san nonchalantly mentions that NTT Docomo dCard, which SMBC has issued and operated since the very beginning but in open warfare with Docomo these past few years, is dumping SMBC for UC Card group (Mizuho) this year.
There is also constant pressure to eliminate Japanese FeliCa contactless payment networks in favor EMV using the old bait and switch tactic of promoting a proprietary industry standard when the real end game is eliminating local competitors. These are issues that few journalists bother to analyze deeply and also what got Jack Ma in trouble when he blasted the Basel Accords, the traditional banking system, as an exclusive old men’s club that stifles innovation.
Power games in the world’s greatest free-for-all payments market I’ve said this many times but one of the great things about Japan many western journalists completely miss, is that Japan is the world best guinea pig test market. Especially useful for observing new payment trends at work. The market is a perfect not too big not too small size, super cohesive, and it has a long history of Osaifu Keitai mobile payments with a wide foundation of payment technologies encompassing FeliCa, EMV and QR. And there is lots of money sitting in bank accounts. This unique mix affords the careful observer a virtual front seat on the power games playing out right now after the introduction of QR based payment services like Line Pay, PayPay and dBarai (dPay).
When Docomo unveiled their dBarai app service it confused many users. What was the point of using code payments when Docomo already had dCard and the whole Mobile FeliCa iD network in place for promoting contactless payments? But it wasn’t long before Docomo linked the 2 payment services together. dBarai users can pay using 3 different backend payment choices: direct dCard billing, monthly Docomo billing, a rechargeable stored value dBarai account with cash recharge options via ATM or linked bank account.
From the user point of view it doesn’t matter when they pay with a Docomo code payment app tied and charged to their dCard on the backend, it’s the same monthly bill. But to Docomo it is very different: instead of using the iD or SMBC VISA/MC payment network on the front end, it’s the Docomo dBarai payment network. I suspect Docomo pays less of a transaction cut to the bank because they have the cash flow to assume some of the risk that banks usually assume in establied credit card network transactions. Docomo likely also leverages the daily transaction float. In short the AliPay model. The next logical step for Docomo dBarai will be P2P payments that leverage Docomo’s Mercari connection.
The value of code payments in dBarai isn’t the technology, it’s a expedient tool that Docomo leverages to circumvent the limitations and fee structure of banks and card networks to create their own flexible payment network. This wiggle room is the essential margin that drives QR Code payment empire cashbacks, point giveaways and new services. This is the epicenter of the cashless payment turf wars that pits new mobile payment players against established card and bank networks. And Apple is about to dump delicious chunk bait into this shark tank.
The Toyota Wallet multi-payment model In the Apple Pay 2020 wrap-up I mentioned Toyota Wallet as the most important trend: a Wallet app that lets users pay with a QR code or with NFC via an instant issue prepaid Apple Pay Wallet card. The Toyota Wallet iD/Mastercard has 2 Apple Pay device account numbers, one for the iD payment network and one for the Mastercard payment network. This is common for most Japanese issue payment cards on Apple Pay but it is less about NFC protocols (FeliCa, EMV) and all about dual payment network support in a single payment card. And it is not limited to Japan. In Australia there are dual payment Apple Pay cards that support both Mastercard and EFTPOS payment networks in a single card.
Dual payment network cards are common in Apple Pay Japan cards used for FeliCa and EMV payment networks
A dual payment network card can also be single protocol, in this case EMV
With Apple Pay Code Payments on the way, possibly with iOS 14.4, we have another option for multi-payment network cards: code payment and NFC payment. Apple Pay Code Payments are thought of as being only for AliPay and WeChat Pay support in China, but they are much more than that.
Apple Pay Code Payments gives mobile payment players the ability to move QR/barcode payments from an outside app and integrate them directly into an Apple Pay Wallet card. In the Toyota Wallet example below, Toyota could simply add another device account number for the QR Code payment network:
Toyota Wallet uses Wallet and an app for payments
Toyota Wallet could move everything to Wallet with Apple Pay Code Payment support
This might seem trivial but it’s important to remember some key differences of Wallet payment cards:
Direct side button Wallet activation with automatic Face/Touch ID authentication and payment at the reader.
Device payment transactions handled by the eSE without a network connection.
Ability to set a default main card for Apple Pay use.
If Apple Pay Code Payments are equal with Apple Pay NFC payments, and by all indications from beta screen shots they are and use the same ‘card’ UI metaphor, I think we are in for another wave of Apple Pay market disruption. Instead of NFC vs QR Codes, or Apple Pay/Google Pay vs apps, all of it just red herring fake debate, we can focus on what’s real: the payment network turf wars.
In the Japan market Line Pay, PayPay, dBarai, Rakuten and all other new players will have the tools to create better services tightly integrated in a Apple Pay Wallet card. Docomo for example could incorporate dBarai into dCard with an additional device account number. Mix and match payment networking in one card.
In the payment network world where market share is all, card networks have held too much power for too long, exactly what Jack Ma was complaining about. I see competition as a good thing that encourages innovation and choice, mobile payments are doing that.
Looping back to the open loop beginning of this piece I think it makes sense now to realign the debate points away from focusing on technology (EMV vs FeliCa, NFC vs QR, etc.), i.e. things that can change and evolve, and focus on payment network turf wars, i.e. things that are hard to change until you see the battles lines clearly enough to create a better strategy and get where you want to go.
In the public transit arena it always comes down to this. Moving people quickly and safely by transit, managed wisely, is licensed cash flow from the fare gates. A transit company can keep control of that license to build something of greater long term value for the users and businesses of the transit card region, which can cover the nation. A transit company can give control away to someone else and let them take their cut, but just like Jack Ma pointed out before he disappeared, will there be innovation when going all in with traditional card and bank payment networks?
I still say a transit platform, especially in the mobile era of chaotic opportunity, is the best approach if a company wants to achieve the former: a system where the whole is greater than the sum of the parts. Start with the best customer experience you want to deliver and work backwards to the technology.
You must be logged in to post a comment.