Integration, that’s what you need

I’m pleased to be chairing a new working group in the DfT-sponsored Transport Card Forum (TCF). I’ll be reporting on progress to date at the annual two-day TCF event, TCF18, in Manchester in a couple of days’ time.

The new working group, WG27, is in search of a title. But first, let me explain what the objectives are.

There is clearly a desire to move towards progressively more integrated transport. Ideally, all forms of mobility would be working in concert: public and private modes available either on demand or timetabled to join seamlessly to ensure that passengers can get where they want when without the need for retaining their expensive and polluting personal cars.  Whether or not this end goal is fully achievable, there will be many ‘baby-steps’ to take along the way.

The working group’s objective is to consider the impact that this migration towards better integration will have. The idea is that we will consider this from the strategic, commercial and technical angles. After six months or so, the intention is that the WG will recommend how the integration can be achieved to benefit of all the stakeholders involved.

The reason Consult Hyperion is interested in being involved in this WG is because we believe that Mobility as a Service (MaaS) is the ‘direction of travel’ for the transport sector. We’ve been doing a lot of thinking about MaaS recently and have started working with our first MaaS-Provider client. It feels like something genuinely new and exciting. And it is interesting because no-one knows how it is going to turn out.

At the same time, the world of payments if having a bit of a shake up with the emergence of Open Banking. Watch this space for a White Paper from Chyp in the next few weeks giving our view on how MaaS payments will be done in the future.

The WG will recommend how the integration can be achieved to benefit of all the stakeholders involved.

Now, this got me thinking: what integration and what stakeholders?

At the WG kick-off meeting at our offices in Guildford, I proposed that we define the work packages to consider the problem from the four different stakeholder groups that are emerging industry work on MaaS:

  • Customer: The passengers themselves who need to get from ‘A’ to ‘B’.
  • Mobility aggregator (a.k.a MaaS Provider): Organisations that offers mobility services to passengers in a convenient way by aggregating the transport operator and data provider offerings and provide the digital platform that allows passengers to conveniently plan, pay for and make their journeys.
  • Data Provider: Organisations that aggregate relevant data from transport operators and other sources.
  • Transport Operator & Local Transport Authority: The public and private organisations that actually operate the transport modes.

So far, we have 15 volunteers to be contributors in the WG. More discussion is needed, but I am expecting that at least four work packages will emerge based on the above segmentation and the volunteers will work in the ones best suited to their skills and experience. There may be additional work packages added if we see the need for overarching subjects to be tackled by the WG such as data privacy and standards.

We are keen to know if there are more volunteers out there interested in contributing.

But what about the WG title, I hear you say? Well, the placeholder name for the group is ‘the end-to-end journey’. Suggestions for the group name are welcome. My favourite so far is ‘Weapons of MaaS Integration’.

 

Is HCE secure enough for transit ticketing?

Host Card Emulation (HCE) is the technology in mobile phones that enables them to emulate contactless smartcards, but more about that later.  The above question about HCE security was posed by a member of the Transport Card Forum committee when deciding the agenda for the June event in London. I was asked to speak on the subject and this blog is a summary of the presentation I gave.

Cryptography on smart cards

Smart card chips are tamper-resistant hardware running secure operating systems (OSs). They are expensive to design and certify as being secure. However, the design and certification is done once and they are manufactured in high volumes in order to drive the price down.

The cryptographic algorithms execute on the smart chip in order that the secrets they use need not be revealed to the outside world. Only the results of the cryptographic calculations emerge to be used by others within the scheme to achieve authentication, confidentiality and non-repudiation.

Typically, the secrets are loaded to the card before it is issued. Thereafter, it is assumed that the secrets cannot be compromised within the lifetime of the card (e.g. bank cards typically have a 3-year life). Therefore, the cards are not typically designed to allow the secrets to be changed after they have been issued.

Cryptography on mobile devices

As mobile phones became popular and began to be able to emulate contactless smart cards in the noughties, it was at first assumed that a smart chip (or secure element (SE) as they are sometimes known) within the mobile device would be needed to securely hold the secrets and execute the cryptographic algorithms without revealing the secrets. However, the smart card within the phone was typically the SIM card owned by the MNO and not convenient for third parties (e.g. transit operators and banks) to use.

One of the reasons clients like to engage with Chyp is that we have our own lab where we can put leading-edge technologies together in new and interesting ways.

In 2008, Chyp ran a trial of ITSO bus tickets on Nokia 6131 NFC clam phones on the NoWCard scheme in Cumberland.

The trial was considered a success and the trialists did not want to give up their phones. However, the need to load tickets to apps residing on the SIM remained a big inconvenience in the real world. And this factor stopped any such proposals from advancing into production beyond trial.

What is HCE?

Host Card Emulation (HCE) is an alternative to SE-based contactless smart card emulation. The ‘Host’ is the main processor within the mobile device. Typically, SEs within the mobile device are not used and clever software solutions are found instead to allow cryptographic algorithms to execute using secrets without revealing the secrets and without using secure hardware.

HCE timeline

Our work in the field of HCE began before the term was coined. We used to call it ‘NOSE’ which stood for ‘No Secure Element’.

  • 2007: We built prototypes in our lab using standard NFC controller chipsets found in mobile phones that allowed us to perform EMV transactions with contactless readers without using an SE. We were unable to implement this on mobile phones at the time since the mobile device operating systems did not allow it.
  • 2008: Our ITSO mobile ticket trial at NowCard showed that users liked the experience once the phone was provisioned, but provisioning to the SE remained a big barrier, so ‘NOSE’ could be popular in the future.
  • 2012: The term ‘HCE’ was coined by SimplyTapp who used an open-source Android OS called ‘CyanogenMod’ with extensions to allow HCE software implementations to work on mobile devices.
  • 2013: Bankinter (Spain) made an HCE implementation on Blackberry for Visa.
  • 2013: Google decided to allow HCE on the official Android OS release v4.4 known as ‘Kitkat’.
  • 2014: At the World Congress, both MasterCard and Visa made public announcements supporting HCE.
  • 2015: Android Pay launches using HCE on Android.
  • 2015 Chyp designs ‘ITSO with HCE’ for ITSO with the requirement to minimise changes to the existing ITSO infrastructure.

  • 2016: Chyp advise on the Barclays contactless mobile first UK bank HCE solution.
  • 2016: Amex Pay launches with HCE on Android.
  • 2017: Transport for the North trial of ‘ITSO with HCE’ between Leeds and Huddersfield.
  • 2017: ITSO announces working with Nexus (Newcastle) and a ‘global digital distributor’ to bring HCE to the North East.
  • 2018: ITSO on Mobile HCE trials start with Google Pay using the Google wallet on Android phones. Trials are taking place in the West Midlands (TfWM) and the North East (Nexus).

Rambus and ACT both currently have working HCE solutions for ITSO on mobile devices and are waiting for ITSO to carry out the testing and certification before they can be deployed on live ITSO schemes.

Challenges remaining

While HCE implementations free us from the inconvenience of provisioning apps to SEs within the mobile device, they are not without their challenges. In addition to the provisioning of short-life secrets described above, there are the following challenges:

  • Each HCE implementation is unique and will have aspects of its implementation that are not off-the-shelf and already certified as secure. Typically, penetration testing will be needed to show that the HCE transit app is secure enough and that tickets cannot be easily faked or cloned. This is bespoke testing carried out by specialists.
  • Mobile handsets are constantly evolving. Typical customers replace them every two years with a newer generation. HCE apps should be maintained to ensure they are available to use on as many of the handsets in use as practical.
  • Mobile OS updates mean that you need to allow for all the possible combinations of handset running all the possible OS versions.
  • Security is an arms race. Regular reviews of the latest known attacks are needed and potential updates made to the HCE app in order to remain secure.

So, can HCE be secure enough for transit ticketing? Well, yes, you can imagine, if it can be secure enough for banking, it can be secure enough for ticketing. But HCE implementations are difficult to implement and deploy. They require a dedicated and experienced team and constant maintenance as attacks and handsets and OSs evolve. So, it will be interesting to see how many HCE transit implementations appear and remain on the scene to displace the traditional smart card or whether yet other mobile ticketing solutions replace them altogether.

London taking contactless for half of PAYG

Four years ago Consult Hyperion completed a transit project which changed not only the way people paid for their travel, but cemented contactless in the vocabulary of the masses.  We were focussed on getting contactless bank cards to work for pay-as-you-go (PAYG) transit payments. This was a significant undertaking since it had not been done before and the customer proposition included a fair-price promise. This fair-price promise required the contactless bank card solution to mimic the existing Oyster “capping” which allows customers to travel without knowing the tariffs, trusting that they will only be charged the best price they could have got had they bothered to research it all beforehand. It required adding contactless payment card acceptance to all TfL readers and the building of a bespoke back office to support this new Account-Based Ticketing (ABT) where no travel information is stored on the card.

Convenience is king in mass transit. And our task was to meet the demands of one of the world’s busiest transit environments but make it cheaper to operate. The long-term vision was that by 2018, Oyster cards would be migrated to use the ABT back office and the legacy Oyster system would be turned off. The Oyster brand would remain alongside bank cards for those not using bank cards, but the technology powering this, would be changed to be ABT.

TfL and Consult Hyperion worked closely with the payment schemes to define the process of card acceptance and with the UK Card Association to establish a harmonized set of rules to balance risk between TfL and the card issuers.

The system launched on buses in 2012 and on the rest of the TfL Oyster network in 2014. Later in 2016 the privately-run river buses were added.

Fare collection costs were reduced from 14% to less than 9% of fare revenue. In 2016, 34% of TfL PAYG journeys were made using contactless bank cards (56% were Oyster and 10% were paper tickets). Is this good, bad or indifferent? Well, this figure needs to be understood in context:

  • Contactless bank cards were still rolling out. In 2015, less than half[1] of UK bank cards were contactless.
  • Not everyone has a bank account. In 2015, about 5%[2] of UK adults were unbanked and half of these did not want a bank account.
  • Loss of government subsidy and a mayor-imposed TfL fare freeze meant that the vision of turning the legacy Oyster system off had to be reconsidered. Existing Oyster users have no incentive to switch over to using their bank cards.
  • Not all foreigners arriving in London are keen to use their bank cards since they may be subject to bank charges back home, making Oyster the better choice for them.

Despite these barriers to the uptake of contactless bank cards, by April 2016, 9% of all UK contactless transactions took place on TfL services.[3] By 2018 (year 4 of acceptance of bank cards on the full Oyster network), the percentage of PAYG journeys made using bank cards (or their emulations on phones or wearables) has risen from 34% to approximately 50%.

Consult Hyperion were uniquely qualified to help TfL deliver their ambition.  Bringing in-depth knowledge and a heritage of working with the major payment networks and their detailed specifications for three decades, a solid understanding of proprietary transit technologies and practical experience of delivering innovative payment methods, outside of the retail community.

The team at Consult Hyperion is now involved across the globe working with transit agencies looking to emulate the success of London in their own cities. As well as Transport for the North in the UK, these projects have included working in countries where contactless success has outpaced the UK, such as Australia to territories where contactless payments are still emerging, like India and Colombia. Our US team has been working for a number of agencies who, today are developing systems capable of accepting contactless payment cards, even though issuance is less than 0.01%, in the hope that transit will drive banks to start issuing cards. There are early signs of success.

It is clear, that the success of TfL’s Future Ticketing Project has helped drive a sea-change in the payments and transportation industries that can save money in one industry and drive transaction volumes up in another. With our help, we are confident this success will continue.

 


[1] UK Cards Association Summary Statistics

[2] Financial Inclusion Commission 2015 Report

[3] UK Cards Association Contactless Transit Project Briefing – May 2016

 

Tickets via Mobile or TVM?—you decide

I often travel from Edinburgh to Leeds by train — pretty much every week in fact. I use the Trainline app (other apps are available) to search for train times. All sensible options I might care to consider (except perhaps for split ticketing) are displayed with their departure times and prices. I click on the one that I want, pay by card and download the barcode ticket to my mobile. All from one device all in seconds. It is very customer focussed because they know they will sell more that way and there is competition. I don’t even mind paying their booking fee and their credit card fee for the convenience.

I also travel regularly from UK airports by train to Consult Hyperion’s offices and use ticket vending machines (TVMs) to buy my train ticket when I arrive. I know I should just use the mobile ticket app even when buying tickets on departure, right?  Well, unfortunately that option is not always available so I revert to the TVM. On some routes I would need to ‘Print from a ticket machine using your payment card’ which is a horrible experience requiring not just the payment card but typing in a long code. With barcodes rolling out across the whole of the UK by the end of 2018, it will be possible for some to bypass the TVMs entirely.

It is not always possible to buy in advance since I don’t know when or whether the plane will arrive. On these occasions I buy a ‘ticket on departure’ from a TVM. These machines seem uniformly unpleasant to use compared to the mobile experience. The customer is required to select options such as which route they want to travel to their destination or what kind of ticket they require (peak, off-peak, etc) without being given the other information they need such as when the next train leaves and what time is peak time. It is a stressful situation even for seasoned travellers. Tourists have no hope.

But this is not news. The government published the Action plan for information on rail fares and ticketing in December 2016. Around the same time, RDG published a ten-point plan for the improvement of TVMs. More recently, a progress report was published in December 2017. Descriptions of how the actions relevant to TVMs in these reports will be achieved include:

  • Ticket vending machines will tell customers when they are configured to sell off-peak tickets so that the customer will know that by waiting (e.g. in 15 minutes) they can purchase a cheaper ticket or by going to the ticket office (!)
  • DfT and RDG will collaborate on a strategy to ensure a consistent high quality customer experience of ticket vending machines, including the role of the Ticket Vending Machines Design Guidelines; and consider whether these contain principles which should form the basis for obligations in future franchise agreements. (Due early 2018)

TVMs were originally introduced as queue busters at train stations for simple tickets only. However, the reality is that one third of passengers now use them and the options available are highly complex. So, in summary, it does not look as though the customer experience at TVMs is set to improve significantly any time soon due to all the constraints and even if it did, it would almost certainly be less good than the mobile app experience:

  • Ability to select and buy tickets from anywhere with internet connection with relevant information automatically supplied to aid decision making.
  • Delivery of tickets directly to the mobile device; no need to print anything out.
  • Better support for overseas visitors who will usually not want to have to understand the fares and routes details before travelling.
  • Freeing up space in crowded stations (you think we have problems, we are working in Mumbai where Churchgate station has same traffic as London Waterloo but 25% of the space)
  • Reduced costs from not having to operate so many ticket windows and TVMs.
  • Opening up the ticket retail market and promoting competition.
  • Easier to deploy enhancements due to simple app software updates.

Clearly, mobile is not the whole solution (having spoken to industry colleagues, it seems only about 10% of rail tickets in the UK are sold using mobile apps) but the legacy that is TVMs is a big part of the problem.

I was asked again this year to act as a judge for the TTG18 Transport Ticketing Awards. Imagine my excitement when I spotted not one, but two submissions for TVMs (Ticket Vending Machines) that solve the customer experience problem.

Both solution proposed are to provide an audio (and optional video) link to remote ticket clerks where simple advice can be given or the clerk can also remotely control the TVM’s user interface. While this might provide better accessibility for those unable to use the TVMs (e.g. signing for the deaf, or offering other languages). I realise it does not suit everyone, but I think I’ll stick with my smart phone app.

The train I am on today writing this blog is delayed by over two hours due a broken-down train ahead of us. This means that I will get a full refund due to the Delay Repay regulations. Yay!

We look forward to seeing you in London at TTG18 on 23 and 24 January. If you would like to meet with Consult Hyperion while visiting the event, let us know so we can book a slot.

Contact: Sam.wakefield@chyp.com

Crossing continents for knowledge sharing

Chyp believes that collaboration and knowledge sharing across markets can help the advancement of the industry and this is particularly true in transport ticketing. For example, we have found that our work for TfL with a large population and high journey count is not all directly applicable to smaller countries who cannot make such significant investments in infrastructure to serve small populations.

Mumbai-visit-TfN-in-Leeds

Recently, we have been working for MMRDA in Mumbai, India. While the environment is very different in some respect, compared to the UK, they have large passenger numbers and administer a system that makes extensive use of private transport operators, two factors similar to Transport for the North (TfN).

Sharing knowledge not only helps speed to market of deployments but creates a trusted environment and one with credibility. MMRDA asked Chyp to facilitate meetings for them in the UK with transport operators and suppliers in order that they could learn from those who have done it before or are planning to deliver a similar project. The result was a tour of the UK starting in London and taking in Transport for the North. The picture above shows the meeting which was held in Leeds and included presentations from:

Transport for the North

  • Alastair Richards (Director Integrated and Smart Travel (IST))
  • Jo Tansley Thomas (Programme Manager (IST))
  • John Elliott (ABT Back Office Requirements Team Lead (Consult Hyperion))

MMRDA

  • Ashish Chandra (PWC India)

Partnerships are hard to form. We hope that MMRDA will benefit from the organisations they met and their sharing in experience planning and deploying ABT in complex environments in the UK, remembering that differences can be as important to learn as similarities.

Paying for Transit

I recently presented at the Transport Card Forum 2017 in Birmingham. The subject I was asked to speak about was “How will we pay for transit in the future”. Knowing how slowly things move in the transport industry, the easy answer would have been, exactly as we pay now.

However, I thought it would be more helpful to assume that the answer is not cash, and to survey the categories of payments available and emerging today and put them into the context of paying for transit.

The direction of travel of the transit ticketing industry is to use Account Based Ticketing (ABT) and so I further assumed that ABT lies at the heart of any solution. Next, the travelling customer has a choice of media used to identify them to their payment mechanism.  This is ring 1.

ring1

These customer media can be categorised as either open- or closed-loop. Open loop means that they can be used to make payments generally, whereas closed loop means they can only be used within the transit ticketing scheme.

closed-open-loop-payment

Next comes the ‘authority to travel’ and ‘time of payment’ rings. Either the customer pays for authority in advance (e.g. season ticket) or they pay for it at the time of travel (e.g. pay on a bus or train) or they pay later. ‘Authority to travel’ might take the form of a ticket, but increasingly there will be no tickets issued. These are rings 2 and 3.

Time-of-payment

Finally, the outer rings (4 and 5) were added to show what kind of account might be used and how these relate to existing models such as those from the UKCA for the use of contactless bank cards in transit.

Models

The UKCA models on the left-hand side have been discussed in previous blogs. Models 1 and 2 are what are being used in the UK building on what was achieved in London on TfL between 2008 and 2014. UK buses are now implementing Model 1 (and some are implementing parts of Model 2). Transport for the North (TfN) is implementing Model 2 for the whole of the North of England. Model 3 seems to have been abandoned as too hard to run in parallel with the other models. Perhaps other technologies will continue to dominate, such as bar code and ITSO smartcard ticketing for Pre-purchased authority to travel on national rail. Perhaps there is no need for a third way?

But what about those unable to use, or who do not wish to use, their own contactless bank cards? The right-hand side shows the equivalent models needed for them. As the figure below shows, there are two options for them, Either:

  • They fund a pre-paid transit account (a bit like loading value to an Oyster card, but value is loaded to the account instead for ABT. Or …
  • They allow payment to be taken directly from their payment account outside of the transit scheme. Payment is claimed from an open-loop account such as a payment card, bank account, online wallet (PayPal, Google Wallet, etc.).

The challenge for the latter option is that the transit scheme will struggle to manage the risk since the cannot tell whether the payment account has funds in it to pay for travel. Therefore, the preference at this stage is likely to be for for pre-paid transit accounts. And, therefore, this is what is likely to be chosen by TfN and other places as their solution for those not using bank cards with ABT schemes.

Focus-on-closed-loop

Thanks are due to my colleague, Alex Lithgow Smith, for developing my original idea of the rings showing aspects of payment in transit.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.