The open loop mobile connectivity challenge

The recent additions of stera transit (Visa-SMBC-Nippon Signal-QUADRAC) open loop test systems in Kyushu covering Fukuoka metro, Kuamamoto city transit and JR Kyushu expand the VISA Touch transit boutique deeper into western Japan territory. Open loop based cloud processing advocates like to portray these developments as proof that local processing based FeliCa systems like Suica et al. are expensive bygones due for replacement.

There’s just one little problem that open loop advocates fail to mention: mobile connectivity, aka the Suica app problem, the QR Code payment problem, the Smart Navigo HCE problem, etc. Wide LTE and 5G deployment doesn’t always mean reliable mobile and internet connectivity mobile payment apps depend on, and carrier outages can bring down the transaction processing side of the equation. This was proven, yet again, on July 2 when major carrier KDDI suffered a massive nationwide outage that lasted for 80 hours. Let’s make a quick reference graph for examining local processing vs cloud processing in the mobile era.

Stera is a mobile based payments platform that does away with the NTT Data Cafis dedicated backbone and replaces it with the internet based GMO Payment Gateway. The weak point of course is that since mobile powers the gate reader side, when mobile service goes down, stera gate readers stop working. As everybody found out during the KDDI network meltdown, Mobile Suica kept right on working on the transit gate and the store checkout reader, while mobile app based code payments and point systems all stopped. Some vital services that depended on KDDI connectivity like ATM networks also stopped working.

Cloud based Suica will face these challenges too when it goes online in March 2023. The only difference being how much local processing stays intact and how much system buffering there is (how much it needs to talk with the cloud server to do the job), we shall see. Which brings me to the point I want to make. The media almost always portrays the open loop/cloud vs closed loop/local match as a winner takes all, one size fits all proposition. As the KDDI meltdown proves, this is stupid, and dangerous. Never put all the eggs in one technology basket. I don’t think the risk will go away, not as long as telecommunication company corporate structures don’t foster and promote their engineering talent (the people who actually make things work) deep into the executive decision making forums.

Open loop in Japan is geared for inbound tourists the supplements, but does not replace, the old reliable Transit IC infrastructure which is evolving and reducing costs too. They compliment each other, address different needs and uses. One size doesn’t fit all. If it did, Oyster card would have died years ago.

Apple Pay Enhanced Fraud Prevention (updated)

Apple Wallet VISA card users report receiving ‘Enhanced Fraud Prevention’ notifications today that outline changes how Apple shares ‘fraud prevention assessments’ with payment card networks based on analyzed information from user Apple Pay transactions (purchase amount, currency, date, location, very likely more). The changes seem to apply to web and in-app purchases.

Apple has been doing most of this already. The new Apple Pay and Privacy text expands upon earlier iOS user guide text: If you have Location Services turned on, the location of your iPhone at the time you make a purchase may be sent to Apple and the card issuer to help prevent fraud. Perhaps Apple is changing ‘may be sent’ to ‘will be sent’.

Enhanced Fraud Prevention might cause problems for some Apple Pay users when people start traveling again as in-app purchase is used for adding money to transit cards. There have already been a few very recent and odd, ‘I can’t use my home issued Apple Pay card to recharge PASMO’ complaints on social media from inbound visitors. Until now this kind of thing has been unheard of for Apple Pay Suica•PASMO users. A new complication to keep an eye on going forward. So far Wallet Enhanced Fraud Protection notifications only seem to be going out to VISA card users. Why and why now?

Because it’s starting with VISA with the focus on web and in-app payments, my first thought was this is partly a response to bad publicity from the silly VISA-centric ‘Apple Pay Express Transit has been hacked!‘ story that make the rounds last October. The new Apple Pay and Privacy text outlines how the new policy applies to various Apple Pay operations: adding a card, paying with Apple Pay, using transit cards, etc.

QR Code payments in Wallet are also referenced. The official mention may indicate the long in development feature will finally see light of day, perhaps iOS 15.5, we shall see. The text says, “When you make a payment using a QR code pass in Wallet, your device will present a unique code and share that code with the pass provider to prevent fraud.” If Apple Pay delivers native device generated QR code payments without a network connection, just like all Apple Pay cards to date, it would be quite a coup.

The notification privacy text is worth reading. As of this posting the Apple Pay & Privacy web page has not been updated with Enhanced Fraud Protection information.

2022-04-22 Update
Some clarity on the reasons and timing of Enhanced Fraud Prevention: Wallet notifications went to VISA card users in various Apple Pay regions (US, Japan, Australia and more) the same day Apple switched the Apple Cash card brand from Discover to VISA debit. Kissing the Green Dot Bank/Discover backend goodbye for VISA is the smart thing to do as Apple can finally take Apple Cash international. Enhanced Fraud Prevention had to be in place first for that to happen.