Contact-free public transport (Part 3)

person holding smartphone

This is the third of three blogs about technologies to support contact-free use of public transport.

The radio again – I hear that the Transport Minister for England had just reported that there have been fewer than 400 fines for people failed to wear face covering on public transport. More than 115,000 travellers have been stopped and reminded that face coverings are mandatory, and 9,500 people prevented from travelling.

Contact-free public transport (Part 2)

photo of a bus

This is the second of three blogs about technologies to support contact-free use of public transport.

Public transport operators have been making great efforts to make public transport safe during the pandemic. TfL recently launched a new app that makes it easier for passengers to plan their travel and avoid routes where they might come close to large numbers of people. There are claims that the rate of uptake of contactless by passengers has increased significantly since the pandemic and the demand for contact-free transactions on public transport. Visa recently offered a graph relating to global public transport contactless transactions. However, it is not clear what the actual contactless usage is since they are hidden behind month-on-month percentage increases which look enormous when the previous months had fallen off the proverbial cliff.

Contact-free public transport (Part 1)

buildings city clock downtown

This is the first of three blogs about technologies to support contact-free use of public transport.

I heard on the radio that, despite ministers encouraging people in England back to work in their offices, most are staying at home. Commuter trains are about one-third full and buses are about 40% full. During the COVID-19 pandemic, demand for public transport fell off a cliff as governments told their people to stay at home.  A major part of encouraging travellers to use public transport is the provision of systems that allow social distancing of passengers from staff, ideally eliminating the need to exchange physical tickets, cash and paper receipts.

Lockdown for transit

COVID-19 lockdown for transit

A couple of weeks ago I was delighted to host one of our weekly COVID-19 webinars. We discussed the impact of the global COVID-19 pandemic on public transport and how our technologies are likely to be used to help.

We had two panellists from Consult Hyperion (Neil McEvoy, CEO, and Simon Laker, Principal Consultant from our US office) and the guest panellist was Steve Cassidy from Fuse Mobility, a Scottish start-up providing Mobility as a Service (MaaS) software solutions.

The discussion was divided into three parts as follows:

  1. In the ‘Before Times’, MaaS was the direction of travel motivated by congestion and global warming. Will this continue to be the case?
  2. During the COVID-19 Lockdown, how can technology help facilitate safer essential travel?
  3. What will the ‘New Normal’ look like for mobility?

The Before Times

MaaS solutions – ones that integrate different existing transport providers to provide a near seamless door-to-door experience for consumers – were assumed to be the long term ‘direction of travel’ in order to address the mobility, congestion and pollution issues. Our MaaS Payments white paper in July 2019 showed that integration is key:

  • Modes
  • Ticketing
  • Payments
  • Journey planning
  • Hyperpersonalised packages

Lockdown

Many public transport operators are providing ‘enhanced Sunday services’. As most passengers stay at or work from home, we are seeing a decline in ridership of 75-95% across the globe. Changing patterns of user mobility when working from home means there are many fewer advance purchases in an uncertain future with tightly managed budgets. This is pushing us towards the future we already thought was coming where PAYG dominates and season tickets are irrelevant. Operator web sites are having to make special provision for customers claiming refunds on their season tickets which they can no longer use.

Meanwhile, we are seeing reports of levels of traffic being back at 1955 levels and the improvement of air quality leading to an estimated 1,752 avoided pollution deaths in the UK.

New Normal

For me, the most interesting technical development for coming out of Lockdown is the ‘Privacy-preserving contact tracing apps’ being proposed by various government and organisations across the globe. We have seen an unprecedented co-operation between Apple and Google in agreeing to modify their mobile device operating systems to accommodate such apps. The technology proposed is Bluetooth Low Energy (BLE) which uses radio waves over distances up to 10m. The technology is the same as has been tried without much success for running Be-In Be-Out (BIBO) transit payment schemes. These tend to suffer from not being able to detect accurately enough whether a potential passenger is on or off a bus, or just standing nearby. And they also suffer from being no more convenient to use than established technologies such as contactless cards and 2-D barcodes.

BLE will allow two contact tracing apps to detect each other and share anonymised information about being in contact that can be used later to alert potentially infected parties when someone declares themselves as having tested positive.

The UK government has rejected the proposals from Apple, Google and several others to instead prefer a centralised approach because they believe the alternative would lead to a delay in the reporting of symptoms, amongst other consequences. Only time will tell whether the UK population can be convinced to use the NHS app which launched a trial in the Isle of Wight on 4 May. Steve Pannifer recently blogged about this. And we discussed it on week 6 of our Webinars, the recording of which will be available on our website soon.

What will the future hold for public transport when lock down lifts? On the webinar we considered what plans China had in place at that time. The Shenzhen bus company paper about combatting COVID-19 covers the following points:

  • The virus will not be eradicated soon; extra precautions are needed against the spread of the virus.
  • Passenger will be screened using temperature checks.
  • Big data used will be used for planning the most important routes needed for getting passengers to work; mobility provided will be modified according to demand.
  • Passenger health data will be collected from apps. Presumably, like other contact tracing apps mentioned above.
  • Continued enforcement of a maximum of 50% passenger loading.
  • Voluntary passenger name and contacts registration in case needed later.

There is an opportunity for MaaS Providers post lockdown since the public are likely to be either using their private cars to avoid contact with others or else using on demand services.

The transit COVID-19 webinar recording is available to watch. Many thanks to our panellists for sharing their time and insights.

We continue to host weekly webinars every Thursday at 4pm BST. Let us know if you would like to register to attend.

The “isRecovered?” attribute

So far the tech giants seem to be the coronavirus winners, with a massive surge in digital communications and online orders. The impact on lift sharing companies is less clear.

The guidance from both Uber and Lyft says that if they are notified (by a public health authority) that a driver has COVID-19 they may temporarily suspend the driver’s account. It is not exactly clear how this would work.

That got us wondering whether digital identity systems, that we spend so much time talking about, could help. It seems to me there are two potential identity questions here:

1.       Is the driver who Uber or Lyft thinks it is?

2.       Does the driver have coronavirus?

The first question should be important to Uber and Lyft at any time. Ok, for the moment they want to be sure that they know who is driving to give them a better chance of knowing if the driver has the disease. But there are all sorts of other reasons why they might want to be sure that the driver is who they think it is – can the person legally drive for one.

The second question is harder. Just because the driver doesn’t have the virus today, doesn’t mean he or she won’t have it tomorrow. Maybe, perhaps the ability to share an isRecovered? attribute that says “I’ve recovered from the illness” would be useful when we start to see the light at the end of this tunnel we are entering. And the ability to share that anonymously might be helpful too – providing assurance to both driver and passenger.

All this to one side, the guidance from both Uber and Lyft outlines financial measures they are putting in place to provide security to drivers that self-isolate. That is a great example of responsibility providing the incentive and support required to allow their drivers to do the right thing.

Getting RID of SAM

Simon Laker and I recently published an article about open-loop transit payments in the US and how they are catching up with the UK with significant US launches planned for 2019 and beyond. It was very interesting to look back, draw the timeline and, with the benefit of hindsight, see why the major US cities tried to be first but ended up being seven years or so behind the 2012 London launch on buses.

Whilst it is fun to look back, we spend most of our time making the future. Over the last year we have been back working with TfL to help determine the best revenue inspection solutions for open-loop transit operators. While the majority of bus operators might not care much about revenue inspection (the potential fare dodger has to board the bus and this usually requires walking past the vigilant gaze of the bus driver), revenue protection through inspection is a significant requirement for city-based smart ticketing schemes.

Back in 2011 we helped TfL choose their current revenue inspection device (RID) hardware which is now no longer manufactured. At that time, there was no single off-the-shelf device hardware which could meet TfL’s need and therefore, hardware customisation was needed.  Now is the time to look for opportunities for replacing these bespoke devices with more cost-effective solutions.

One of our specialisms is adapting devices without secure hardware to become secure enough to handle transactions involving payments and identity, such as ticketing. There are approaches known as host card emulation (HCE) and host terminal emulation (HTE) that we have been working on since 2007 before they were named in 2012 as part of the open-source Android OS. The idea is that ‘software-only’ approaches can be used, without any secure hardware, to secure cryptographic secrets (e.g. keys) used to secure transactions. Traditionally, tamper-resistant smart card chip hardware is used to store the keys, and similar chips, known as secure hardware modules (SAMs) are used in terminals needing to communicate securely with smart cards.

In 2015 we worked with ITSO to design how ITSO can work securely enough on mobile devices without secure hardware. Android Pay launched in the same year. This approach is now being exploited by the ITSO on Mobile solutions from the likes of Rambus.

We helped Barclaycard be the first UK bank to launch a software-only banking payment app that works on mobile devices without using SAMs in 2016. This was all card emulation. When we want a mobile device to act as a RID without a SAM, then it is terminal emulation and it is harder. The card merely has an antenna in which a current is induced when the antenna is placed in the reader electromagnetic field. The reader has to produce that field. The hardware in most mobile devices on the market is not certified to act as a reader for accepting payment cards. You may have noticed that when small merchants use their phones to accept contactless cards, they use an additional device from organisation such as PayPal, Square or iZettle. 

In 2018, we produced a software-only app for an Android phone that can be downloaded and installed on any phone and securely accept contactless payment cards. No secure hardware, no SAMs. It works, but the payment industry is playing catch up and it was not possible to certify such a merchant payment terminal to the satisfaction of the payment card industry. In January, PCI released new documentation aimed at this purpose. Exciting times are ahead. We are currently helping TfL engage with the market to see whether RID solutions based on off-the-shelf Android devices might be used as the next generation RID.

We have a wealth of experience over the last two decades, designing and building software-only solutions. Let us know if you’d like a chat about how this might work for you, be it payment, identity or ticketing.

Can the automotive industry learn from the retail payments sector?

Trying to balance security and convenience provided by technological advancements isn’t new news. Nor is the latest hubbub around keyless vehicle entry and the obvious security risk. A recent video issued by West Midland Police, shows two criminals using information gathered from the electronic key to enter, start and drive away a car. Research reveals that this is a simple “Ghost and Leech” attack, where the boxes held by the thieves extend the read range of the key.  When the keyless entry system on the car was initially designed, the cost and size of these boxes confined the fraud to laboratory conditions.  Now however, the boxes are readily available on the internet, are smaller and require less power thus making them portable and a convenient tool for organized criminals.

Are the automotive OEMs or their suppliers recognizing these risks and developing countermeasures?

As any information security expert will tell you, you need to understand the threat landscape in which your vehicle will operate and ensure that all cost-effective countermeasures are included in its design prior to commercial launch. It is likely that that countermeasures will have to change over the lifetime of the vehicle, as new functionality is added, e.g. in-car payments, or, as highlighted above, the criminals find new ways of attacking of the car. And so, future proofing becomes front of mind.

The long development and product lifecycles associated with the automotive industry, compared with say smartphones, combined with high certification requirements surrounding any change to the vehicle, makes this difficult. The reputational and financial costs of recalling vehicles to insert a new piece of hardware or load new software, for examples, make the business case for such interventions difficult. Many owners are reluctant to upgrade their vehicles fearing that it will impede its performance. Others are prone to litigation on the grounds that the vehicle is not performing as advertised.

Even in the advent of software advances, there is still the problem of ensuring that the software upgrade is correctly implemented across all vehicles. The mobile network operators (MNOs) are working closely with the automotive OEMs to ensure that software upgrades can be remotely downloaded over the air to connected cars; this is still in its nascent stages. We know of electric car owners that have had to wait for 30 minutes in the morning whilst their cars rebooted and others that have had the functionality of their vehicle changed when the vehicle showed signs of being imported into a different country.  Does this process introduce new information security risks as criminals take advantage of inconsistencies in the version of the software loaded into different vehicles?

At Consult Hyperion we use the return on the criminal’s investment in the fraud to determine the probability that it will be committed; always low when the keyless entry system was initially designed and now, many years later, high.  The reputational or financial gains from such attacks allow us to evaluate the cost of a countermeasure against the potential losses if it is not implemented. Our clients’ risk appetite determines whether or not they make the investment.  We use our understanding about how technology is likely to evolve to assess how and when the current level of risk is likely to change and therefore when the investment in a countermeasure becomes crucial.

Consult Hyperion has around 20 years experience of managing information security risks within distributed systems deployed primarily within the global financial services industry. Whist the context in which the criminals deploy them is different, the techniques the criminals use are the same. The Ghost and Leech attack posed a potential threat to the use of contactless payment cards following the introduction of NFC technology in smartphones. The UK press ran multiple stories about how the phones could be used to collect account information from contactless cards in peoples’ wallets. Consult Hyperion was commissioned to analyze the data that could be collected by devices snooping on the contactless card transaction at the Point of Sale and the opportunity to use that data to buy other goods in another store. As a result of this analysis the UK banks agreed to add additional countermeasures into their systems, all of which had been recommended by the international card schemes. Their introduction was coordinated by APACS, now part of the UK Payments Administration, who had commissioned some of the earlier analysis.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.