Notice: latest situation updates here
When foreign issue VISA cards in Wallet stopped working for Apple Pay in-app Suica and PASMO recharge on August 5, the first people to howl in pain were Apple Pay PASMO users who suddenly couldn’t recharge with their Chase Sapphire VISA cards. Chase Sapphire still codes for 3x travel points with a PASMO recharge and long time resident Suica users migrated to PASMO when JR East and VISA shut down 3x travel points in May 2021.
I did the usual duty of talking with Mobile Suica support, official line: there should be no problem, contact the card issuer. I then contacted Wells Fargo card services support, official line: there should be no problem with your VISA, contact the merchant. Entirely expected of course but I did confirm that Mobile Suica transaction attempts were not even showing on the Wells Fago system. They said it seems to be a ‘communications issue’… code word for: something’s not right on the merchant transaction authorization side.
I suspected a larger issue than just Apple Pay and an Android Suica user confirmed the same non-JP VISA problem with Google Pay Suica. I also alerted IT journalist Junya Suzuki who focuses on mobile payments. His first thought was something might be going on with the VISA Japan merchant acquirer side of the payment network. For reference, the merchant acquirer handles transaction authorization from the merchant side, ‘this transaction is clear to send to the card issuer.’ The issuer then clears the transaction with the customer account, ‘this customer is good to pay for this charge.’
Merchant acquirers are very secretive and nobody knows who is the merchant acquirer is for Mobile Suica/Mobile PASMO. Maybe they were tightening online transaction security…or something else. Everything was clear as mud though one source did say this:
An acquirer made the decision stopping handling cards issued in other countries… Another guy suggests Apple or such acquirer may face money laundering issue by registering Apple Pay with pre-paid Visa cards or such.
A reader asked me if Japan was banning non-JP VISA cards across the board along with a screenshot of Universal Studios Japan advance ticket sales page with a red colored important notice on the top that said: “We apologize that currently Visa and Mastercard credit cards issued outside Japan are not available until further notice.”
The evidence pointed to a larger problem than just Mobile Suica and PASMO. The USJ wording also suggests that JTRWeb have their hands tied ‘until further notice’ and echos what JR East PR told Suzuki san about the non-JP VISA recharge problem being beyond their immediate control. Something seems to be happening with the VISA merchant acquirer…but in different highly selective ways. For example why does Apple Pay Suica work with foreign issue Mastercard and AMEX but not VISA, or why does foreign issue VISA work for Apple Pay in-app purchases with Japanese apps like Starbucks, but not in-app purchase with JR East for Suica recharge?
Phishing attacks and VISA Touch promotion
It’s helpful to examine the impact of phishing attacks that hit NTT Docomo, Line Pay, PayPay and other QR code mobile payment services in late 2020, and JR East online services (Mobile Suica, JRE POINT, Eki-Net and VIEW card) in early 2022. Responses to phishing attacks has been slow, varied and vague. Companies like to say they value customer security but are short detailing what they’re doing about it. Probably because most of the nitty gritty details are hashed out with the card brand merchant acquirer, which is secret non-disclosure territory.
Docomo quickly suspended, then killed off, their problematic docomo koza e-paymnet service. Then Japanese credit card issuers got serious and responded by upgrading to EMV 3-D Secure v2 (3-D stands for three domains: merchant/acquirer domain, the issuer domain, and the interoperability domain), for browser and mobile app payments and are due to phase out 3-D Secure v1 by October 2022. EMV 3-D Secure is the EMV e-commerce browser and app authentication spec but card brands use their own naming.
JR East upgraded Suica App to 3-D Secure v2 for in-house credit card purchases and changed the JRE POINT Suica recharge process to make it more secure, but seemly little else. Scratch under the surface however and you’ll notice unannounced recharge security blocks and daily limits even in Apple Pay Suica. There are also new limits for certain Japanese issue cards registered in Suica App. Recharge with Revolut VISA for example is now limited to 3,000 JPY per day despite the fact that Suica App uses 3-D Secure v2. Clear as mud…again.
Which brings up to the most important point of the whole problem: why is the VISA payment network not accepting foreign issue cards for Apple Pay Suica and Google Pay Suica recharge when those digital wallets offer the highest levels of secure online transactions out there? A bumpy 3-D Secure v2 transition explains what’s happening for online sites who don’t use Apple Pay and have not updated to newer protocol. But the transition has been going on for a while now, and it certainly doesn’t explain what’s happening with Apple Pay Suica/PASMO and Google Pay Suica (Osaifu Keitai) merchant acquirer side which has nothing to do with EMV 3-D Secure.
Apple Pay comes with the extra security and guarantees that Apple provides to issuers and merchants, once a card is added to Apple Wallet, it is cleared for all things Apple Pay (ditto for Google Pay). This is why a plastic contactless card that doesn’t work on TfL open loop transit gates works when it is added to Apple Wallet. It’s the Apple Pay security guarantee difference.
VISA’s soft power play
So we circle back to foreign issue VISA again. Why are cards cleared for Apple Pay, cards that worked fine until August 5, suddenly not working? Is JR East shutting down recharge for foreign issue cards like Hong Kong Octopus and China T-Union do without telling us? So far JR East support says that all credit and debit cards that support Apple Pay in-app purchase are good to go. They certainly want inbound visitors to use Suica. What little evidence there is points to a change on the VISA merchant acquirer side. Everybody else seems to be doing what they always do.
The timing is perfect however when you consider that VISA is heavily promoting ‘VISA Touch’ EMV contactless and open loop transit. It’s very convenient for promoting VISA Touch open loop when Apple Pay Suica and PASMO are kneecapped as easy payment and transit options for inbound visitors.
VISA has a history of not playing nice with Japanese stored value cards on mobile. JP issue VISA cards didn’t work for Apple Pay in-app purchases and Suica recharge until last year, VISA waited 5 years to ‘resolve’ that issue. VISA cards still do not work with Mobile WAON and Mobile nanaco on Android and Apple Pay, they likely never will. My take is that VISA is happy with people buying things with VISA, they are certainly happy with people borrowing money at ATM machines with VISA, but they are not happy with people using VISA to move money into stored value prepaid cards for making payments, earning points, etc., that are not VISA.
Who knows? VISA has played hardball with Apple Pay in the Japanese market before, maybe they are doing so again. Perhaps they refuse to be an ATM-like recharge backend for Japanese e-money cards unless they also get ATM-like lending rate surcharges. They certainly want to promote open loop VISA Touch and Stera Transit at the expense Mobile Suica market and mindshare. You get the picture.
Junya Suzuki thinks the VISA merchant acquirers might be coming under pressure from potential money laundering risks. I say bunk, people have the right to move their money where they want to, after all we’re only talking a max Suica balance of ¥20,000 here. Whatever the reason let’s hope it is fixed, though I have learned over the years that card brand payment issues are never simple or solved quickly. Time will tell. At the very least we can mark this down as another skirmish in the ongoing digital payment turf wars.
JR East appears to be working to resolve the unexplained problem with the VISA merchant acquirer, updating the entire JR East credit card system with a series of special maintenance downtimes in November 2022. The work covered everything connected to credit card purchases: JR East station kiosks, VIEW ATMs, Mobile Suica, Eki-Net, etc.
After the last scheduled overnight maintenance session on November 30~December 1, select foreign issue VISA cards started working again for Apple Pay Suica and PASMO recharge but everything stopped again 2022-12-03.