Mobile payments don’t solve the wallet mess, they only make it worse

Way back when Tim Cook first unveiled Apple Pay, the main sales point was the convenience of doing away with messy wallets. My mom’s wallet for example was always stuffed full of credit cards, point cards and the latest store discount coupons clipped out of newspapers and flyers. The promise of Apple Pay was, “look ma, no more messy wallet.” Except it didn’t work out that way.

The rise of code payment point economic zone like PayPay, dPoint and Rakuten Point has resulted in mobile payments that take longer than mom’s messy wallet ever did. I was reminded of this recently getting lunch at Doutor Coffee. A youngish woman paying in front of me wasn’t really paying. With smartphone flat on the counter, lavishly nailed fingers leisurely tapped away for 5 full minutes as she completely ignored the cashier waiting to read the QR code, everybody else waiting in line be damned. Instead of getting read to pay she was signing up for some pissy small payment app discount coupon. And when that was done she finally paid with a QR code for a cup of hot cocoa, face full of discontent. Or maybe that was her normal character.

You see that kind of checkout line behavior everywhere in Japan these days: half losing oneself digging around in an app to find a coupon or campaign special, half ‘screw you’ that often skirts on taking pleasure from somebody else’s pain. People literally loose themselves in the moment.

Who’s to blame for this state of affairs? QR Code payment apps that offer all kinds of coupons certainly deserve some of the blame, along with crappy in-store wifi, or lack thereof. Apple Pay deserves some blame too. Let’s face it, Apple Value Added Service (VAS) NFC protocol has been abysmal failure in the Japan market despite dPOINT and PONTA support. And who’s the biggest culprit of all? All of us of course…all of us who actually believed that technology could fix human behavior. In short this issue isn’t going to be fixed. All we can do is remember to chill, pay attention to our surroundings and be polite in the checkout line.

The open loop mobile connectivity challenge

The recent additions of stera transit (Visa-SMBC-Nippon Signal-QUADRAC) open loop test systems in Kyushu covering Fukuoka metro, Kuamamoto city transit and JR Kyushu expand the VISA Touch transit boutique deeper into western Japan territory. Open loop based cloud processing advocates like to portray these developments as proof that local processing based FeliCa systems like Suica et al. are expensive bygones due for replacement.

There’s just one little problem that open loop advocates fail to mention: mobile connectivity, aka the Suica app problem, the QR Code payment problem, the Smart Navigo HCE problem, etc. Wide LTE and 5G deployment doesn’t mean reliable mobile and internet connectivity that mobile payment apps depend on, and carrier outages quickly bring down the cloud transaction processing side of the equation. This was proven, yet again, on July 2 when major carrier KDDI suffered a massive nationwide outage that lasted for 80 hours. Let’s make a quick reference graph for examining local processing vs cloud processing in the mobile era.

Stera is a mobile based payments platform from the SMBC group (basically the VISA JP group) that does away with the NTT Data Cafis dedicated backbone and replaces it with the internet based GMO Payment Gateway. This is the same stera that powers the open loop stera transit initiative.

The weak point of course is that since mobile powers the gate reader side, when mobile service goes down, stera gate readers stop working. As everybody found out during the KDDI network meltdown, Mobile Suica kept right on working on the transit gate and the store checkout reader, while mobile app based code payments and point systems all stopped. Some vital services that depended on KDDI connectivity like ATM networks also stopped working.

Cloud based Suica will face some of these challenges when it goes online in March 2023. The only difference being how much local processing stays intact and how much system buffering there is (how much it needs to talk with the cloud server to do the job), we shall see. Which brings me to the point I want to make. The media almost always portrays the open loop/cloud vs closed loop/local match as a winner takes all, one size fits all proposition. As the KDDI meltdown proves, this is stupid, and dangerous. Never put all the eggs in one technology basket. I don’t think the risk will go away, not as long as telecommunication company corporate structures don’t foster and promote their engineering talent (the people who actually make things work) deep into the executive decision making forums.

Open loop in Japan is geared for inbound tourists the supplements, but does not replace, the old reliable Transit IC infrastructure which is evolving and reducing costs too. They compliment each other, address different needs and uses. One size doesn’t fit all. If it did, Oyster card would have died years ago.

Apple Pay Enhanced Fraud Prevention

Apple Wallet VISA card users report receiving ‘Enhanced Fraud Prevention’ notifications today that outline changes how Apple shares ‘fraud prevention assessments’ with payment card networks based on analyzed information from user Apple Pay transactions (purchase amount, currency, date, location, very likely more). The changes seem to apply to web and in-app purchases.

Apple has been doing most of this already. The new Apple Pay and Privacy text expands upon earlier iOS user guide text: If you have Location Services turned on, the location of your iPhone at the time you make a purchase may be sent to Apple and the card issuer to help prevent fraud. Perhaps Apple is changing ‘may be sent’ to ‘will be sent’.

Enhanced Fraud Prevention might cause problems for some Apple Pay users when people start traveling again as in-app purchase is used for adding money to transit cards. There have already been a few very recent and odd, ‘I can’t use my home issued Apple Pay card to recharge PASMO’ complaints on social media from inbound visitors. Until now this kind of thing has been unheard of for Apple Pay Suica•PASMO users. A new complication to keep an eye on going forward. So far Wallet Enhanced Fraud Protection notifications only seem to be going out to VISA card users. Why and why now?

Because it’s starting with VISA with the focus on web and in-app payments, my first thought was this is partly a response to bad publicity from the silly VISA-centric ‘Apple Pay Express Transit has been hacked!‘ story that make the rounds last October. The new Apple Pay and Privacy text outlines how the new policy applies to various Apple Pay operations: adding a card, paying with Apple Pay, using transit cards, etc.

QR Code payments in Wallet are also referenced. The official mention may indicate the long in development feature will finally see light of day, perhaps iOS 15.5, we shall see. The text says, “When you make a payment using a QR code pass in Wallet, your device will present a unique code and share that code with the pass provider to prevent fraud.” If Apple Pay delivers native device generated QR code payments without a network connection, just like all Apple Pay cards to date, it would be quite a coup.

The notification privacy text is worth reading. As of this posting the Apple Pay & Privacy web page has not been updated with Enhanced Fraud Protection information.

2022-04-22 Update
Some clarity on the reasons and timing of Enhanced Fraud Prevention: Wallet notifications went to VISA card users in various Apple Pay regions (US, Japan, Australia and more) the same day Apple switched the Apple Cash card brand from Discover to VISA debit. Kissing the Green Dot Bank/Discover backend goodbye for VISA is the smart thing to do as Apple can finally take Apple Cash international. Enhanced Fraud Prevention had to be in place first for that to happen.