What I should be able to do in a civilised society is to not have to care about any of this stuff. I should be able to get off the plane at SFO and walk on to BART by just tapping my phone. There are two ways to do this: load the transit applications into the phone, or get the transit system to accept “open” payment cards (the London solution). I have got a Samsung NFC phone, but sadly there’s no way to load a Clipper card into it, because Clipper uses DESFire and the phone NFC chipset doesn’t support this in hardware. At some point, I suppose, Clipper will have to upgrade to DESFire EV1 (not implemented in phone chipset either) because DESFire is compromised, but I don’t think that will be any time soon. Why will they have to upgrade? It’s because of security: you can clone certain kinds of MiFare cards because they rely on a proprietary security algorithm that was broken some time ago.
The case came to light when a counter worker at an unnamed railway station reported selling 100 cards to the same person, Nos says. Further investigation showed the cards were being manipulated so that they appear to have been uploaded with €150 in cash. The cards are then sold on to third parties via internet sites such as Marktplaats.[From DutchNews.nl – Public transport smart card fraud under investigation]
Oops. Oh well, this doesn’t mean you have to panic, abandon the current system and buy a new one immediately. It’s about risk management.
BART says there aren’t enough Clipper smart-card transit cheats to warrant card changes. The San Francisco Chronicle says there’s been a surge in the number of riders misusing Clipper cards, but officials decided Thursday that the number of cheaters hasn’t risen to a level that makes changes to the card necessary. Up to 200 commuters may be cheating the system each day.[From BART says not enough smart-card cheats for fix]
Transit is actually a very interesting to study when trying to understand the implications of the new network technologies on various stakeholders. For one thing, people in many cities never leave home without a transit card, so it’s an obvious focus for those trying to introduce new payment technologies.
Take the specific example of the “hacking” of transit cards. It’s not worth spending very large amounts of money on security for transit cards that have to cost very little in order to pay for transit fares that are even less. But if someone else has put a high-security system in place, then you might as well use it for transit: then the payment/ticketing security burden is at least shared and in some cases eradicated. Does transit then define the path for mobile contactless because it provides a clear win-win? Yes and no.
My prediction? ISIS and MNO initiatives will be successful in Transit. Retailers will migrate to a new commerce network that steers clear of Visa and MA.[From NFC – Announcements Galore ! « FinVentures]
This is a very interesting prediction. In the short term, transit is central to many markets but, as I wrote recently, there is every reason to imagine that the retailers, rather than MNOs or transit operators, will shape the longer-term evolution in the space, but we’ll return to that another time.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers