The “isRecovered?” attribute

So far the tech giants seem to be the coronavirus winners, with a massive surge in digital communications and online orders. The impact on lift sharing companies is less clear.

The guidance from both Uber and Lyft says that if they are notified (by a public health authority) that a driver has COVID-19 they may temporarily suspend the driver’s account. It is not exactly clear how this would work.

That got us wondering whether digital identity systems, that we spend so much time talking about, could help. It seems to me there are two potential identity questions here:

1.       Is the driver who Uber or Lyft thinks it is?

2.       Does the driver have coronavirus?

The first question should be important to Uber and Lyft at any time. Ok, for the moment they want to be sure that they know who is driving to give them a better chance of knowing if the driver has the disease. But there are all sorts of other reasons why they might want to be sure that the driver is who they think it is – can the person legally drive for one.

The second question is harder. Just because the driver doesn’t have the virus today, doesn’t mean he or she won’t have it tomorrow. Maybe, perhaps the ability to share an isRecovered? attribute that says “I’ve recovered from the illness” would be useful when we start to see the light at the end of this tunnel we are entering. And the ability to share that anonymously might be helpful too – providing assurance to both driver and passenger.

All this to one side, the guidance from both Uber and Lyft outlines financial measures they are putting in place to provide security to drivers that self-isolate. That is a great example of responsibility providing the incentive and support required to allow their drivers to do the right thing.

Transport Ticketing Global 2020

We were at TTGlobal (28-29 Jan 2020) this year for the fifth year running. It was a much bigger event in Kensington Olympia, London, with around 30% more attendees. This blog is a summary of how the two days went for us.

Day 1

The Plenary session had a surprise guest in the form of the Future of Transport Minister, George Freeman. He spoke eloquently about subjects very close to our hearts:

  • Seamless end-to-end ticketing
  • Integrated PAYG
  • Sustainability: he explained that the emissions of the transport sector are expected to double by 2050 unless something radical is done.

I have written before about a shift in government thinking about mobility that seems to be taking place. Let’s hope this signals more of the same and is followed with positive, decisive action.

Our CEO, Neil McEvoy, moderated the plenary panel on ‘the role of ticketing and urban transport policies in delivering MaaS,’ with panellists from:

  • Visa
  • Mastercard
  • Government of the city of Buenos Aires, Argentina
  • Dallas Areas Rapid Transit, USA
  • Uber

Picture1

It was felt that to meet public policy objectives on congestion, air quality and CO2 emissions, facilitating multi-modal, door-to-door, everyday journeys would be key. Facilitating journeys outside of a traveller’s home city or region is welcome but won’t meet wider goals alone.

Highlight of the rest of Day 1 included:

  • An update on the Future of Oyster from Transport for London. There are still no plans to turn it off, though the uptake of bank cards by the travelling public continues to rise steadily.
  • The Masabi presentation about Fare Payments as Service which was the subject of a recent podcast I made with Ben Whitaker.
  • Contactless bank card ticketing has come of age. There were lots of presentations about cEMV roll outs. Visa announced that they have solutions to the classic problems with bank cards (they don’t work for the unbanked or family groups). Contact them if you want to learn more.

Day 2

I moderated a panel about the future of ticketing technologies with panellists from:

  • Deutsche Bahn, Germany
  • GVB, Netherlands
  • The Human Chain, UK
  • Department for Transport, UK

Picture2

We made a whistle-stop tour of up and coming technologies relevant to the different actors in the Mobility ecosystem, ranging from big data and augmented reality for Data Providers to Open Banking and distributed ledger technology for Maas Providers.

Other highlights for me from Day 2 included:

  • The UK’s Rail Delivery Group’s presentation on developing insight from barcode data, linking tickets sold with tickets scanned to inform revenue protection.
  • An update from Transport for the North on their Integrated and Smart Travel activities.
  • A presentation by MOTC about the difficulties faced by Qatar which currently is massively dependent on the private car and their plans to address the congestion problems they face.

Exhibition

I spent most of my time in the exhibition hall talking with contacts and vendors. I wish there had been time to attend more of the presentations.

I took the opportunity to record another podcast while at the event. This time with Eric Reese, CEO of ByteMark over from New York.

Awards

Once again, I was delighted to be one of the panel of judges for the awards presented at the Gala Dinner and Awards held at the Science Museum and hosted by comedian Phil Wang. It was decided by the judges to introduce a Highly Commended tier this year within each award category. This is in recognition that the standard or submissions was generally high. So, while Moscow won the Best Smart Ticketing Programme 2020, both of the following were Highly Commended:

  • Flowbird Transport Intelligence & Lothian Buses for their smooth role out of contactless payments card acceptance in Edinburgh in time for the Edinburgh Festival dramatic rise in population and bus usage;
  • Rail Delivery Group & Cubic Transportation Systems for the delivery of barcode ticketing under budget and achieving collaboration between 19 Train Operating Companies.

Overall, the event was a great success and great fun to be part of. Here’s to next year.

At Consult Hyperion we have experience globally with transport and mobile ticketing and deploying the latest technologies. If you would like to learn more, give us a call.

Consult Hyperion’s Live 5 for 2020

At Consult Hyperion we take a certain amount of enjoyment looking back over some of our most interesting projects around the world over the previous year or so, wrapping up thoughts on what we’re hearing in the market and spending some time thinking about the future. Each year we consolidate the themes and bring together our Live Five.

2020 is upon us and so it’s time for some more future gazing! Now, as in previous years, how can you pay any attention to our prognostications without first reviewing our previous attempts? In 2017 we highlighted regtech and PSD2, 2018 was open banking and conversational commerce, and for 2019 it was secure customer authentication and digital wallets — so we’re a pretty good weathervane for the secure transactions’ world! Now, let’s turn to what we see for this coming year.

Hello 2020

Our Live Five has once again been put together with particular regard to the views of our clients. They are telling us that over the next 12 months retailers, banks, regulators and their suppliers will focus on privacy as a proposition, customer intimacy driven by hyper-personalisation and personalized payment options, underpinned by a focus on cyber-resilience. In the background, they want to do what they can to reduce their impact on the global environment. For our transit clients, there will be a particular focus on bringing these threads together to reduce congestion through flexible fare collection.

So here we go…

1. This year will see privacy as a consumer proposition. This is an easy prediction to make, because serious players are going to push it. We already see this happening with “Sign in with Apple” and more services in this mould are sure to follow. Until quite recently privacy was a hygiene factor that belonged in the “back office”. But with increasing industry and consumer concerns about privacy, regulatory drivers such as GDPR and the potential for a backlash against services that are seen to abuse personal data, privacy will be an integral part of new services. As part of this we expect to see organisations that collect large amounts of personal data looking at ways to monetise this trend by shifting to attribute exchange and anonymised data analytics. Banks are an obvious candidate for this type of innovation, but not the only one – one of our biggest privacy projects is for a mass transit operator, concerned by the amount of additional personal information they are able to collect on travellers as they migrate towards the acceptance of contactless payment cards at the faregate.

2. Underpinning all of this is the urgent need to address cyber-resilience. Not a week goes by without news of some breach or failure by a major organisation putting consumer data and transactions at risk. With the advent of data protection regulations such as GDPR, these issues are major threats to the stability and profitability of companies in all sectors. The first step to addressing this is to identify the threats and vulnerabilities in existing systems before deciding how and where to invest in countermeasures.

Our Structured Risk Analysis (SRA) process is designed to help our customers through this process to ensure that they are prepared for the potential issues that could undermine their businesses.

3. Privacy and Open Data, if correctly implemented and trusted by the consumer, will facilitate the hyper-personalisation of services, which in turn will drive customer intimacy. Many of us are familiar with Google telling us how long it will take us to get home, or to the gym, as we leave the office. Fewer of us will have experienced the pleasure of being pushed new financing options by the first round of Open Banking Fintechs, aimed at helping entrepreneurs to better manage their start-up’s finances.

We have already demonstrated to our clients that it is possible to use new technology in interesting ways to deliver hyper-personalisation in a privacy-enhancing way. Many of these depend on the standardization of Premium Open Banking API’s, i.e. API’s that extend the data shared by banks beyond that required by the regulators, into areas that can generate additional revenue for the bank. We expect to see the emergence of new lending and insurance services, linked to your current financial circumstances, at the point of service, similar to those provided by Klarna.

4. One particular area where personalisation will have immediate impact is giving consumers personalised payment options with new technologies being deployed, such as EMV’s Secure Remote Commerce (SRC) and W3C’s payment request API. Today, most payment solutions are based around payment cards but increasingly we will see direct to account (D2A) payment options such as the PSD2 payment APIs. Cards themselves will increasingly disappear to be replaced by tokenized equivalents which can be deployed with enhanced security to a wide range of form factors – watches, smartphones, IoT devices, etc. The availability of D2A and tokenized solutions will vastly expand the range of payment options available to consumers who will be able to choose the option most suitable for them in specific circumstances. Increasingly we expect to see the awkwardness and friction of the end of purchase payment disappear, as consumers select the payment methods that offer them the maximum convenience for the maximum reward. Real-time, cross-border settlement will power the ability to make many of our commerce transactions completely transparent. Many merchants are confused by the plethora of new payment services and are uncertain about which will bring them more customers and therefore which they should support. Traditionally they have turned to the processors for such advice, but mergers in this field are not necessarily leading to clear direction.

We know how to strategise, design and implement the new payment options to deliver value to all of the stakeholders and our track record in helping global clients to deliver population-scale solutions is a testament to our expertise and experience in this field.

5. In the transit sector, we can see how all of the issues come together. New pay-as-you-go systems based upon cards continue to rollout around the world. The leading edge of Automated Fare Collection (AFC) is however advancing. How a traveller chooses to identify himself, and how he chooses to pay are, in principle, different decisions and we expect to see more flexibility. Reducing congestion and improving air quality are of concern globally; best addressed by providing door-to-door journeys without reliance on private internal combustion engines. This will only prove popular when ultra-convenient. That means that payment for a whole journey (or collection or journeys) involving, say, bike/ride share, tram and train, must be frictionless and support the young, old and in-between alike.

Moving people on to public transport by making it simple and convenient to pay is how we will help people to take practical steps towards sustainability.

So, there we go. Privacy-enhanced resilient infrastructure will deliver hyper-personalisation and give customers more safe payment choices. AFC will use this infrastructure to both deliver value and help the environment to the great benefit of all of us. It’s an exciting year ahead in our field!



MaaS Solutions Using Mobile Wallets

I was delighted to have the opening speech at the Transport Card Forum (TCF) in London in which I talked about Mobile Wallets. At the previous meeting there was a presentation about mobile ticketing and a member of the audience asked why there was no mention of the use of mobile wallets. I tended to agree since most of our mobile ticketing projects have been about clever ways of using mobile wallets to get around the technical barriers associated with barcodes, HCE and the like.

There is a problem which Transport Scotland have termed the “Glasgow Conundrum”. Within one city or region, a passenger door-to-door journey might consist of several legs and each of these legs might be services by a different transport operator. Each operator might use a different ticketing technology and accept payments in different limited ways. From a customer point of view, it stinks; integration is what they need. But it is clear that there are two distinct questions:

  1. 1. How can the customer pay for travel rights?
  2. 2. How can the customer prove they own travel rights when travelling?

Payments

Ideally the payment mechanism would be decoupled from the type of travel rights and the transport operator. MaaS Providers should be free to accept payments from whatever means suit the customers. If you are interested in this aspect of things, download our white paper: MaaS Payments, a billion dollar opportunity. The download includes a discount code for Transport Ticketing Global 2020 where I will be chairing a panel again in January and judging the awards entrants.

Travel rights

The multiple legs that make up the end-to-end journey might be thought of as what the rail industry called ‘split ticketing’. Rather than having a single ticket, you can buy single tickets for each part of the journey and sometime (usually where Train Operator boundaries are crossed) this can work out cheaper. Mobile apps are very good at hiding this sort of complexity from the passenger and one can imagine that, using geolocation services, the app can decide which ticket should be presented when in order to sail through the gates and turnstiles. And all the split tickets could be stored in the mobile wallets.

Meanwhile, the sales of tickets are diminishing as the areas offering Pay As You Go (PAYG) continue to expand. Project ‘Oval’ round London is seeing the imminent expansion of PAYG contactless bank cards as far as Reading on the new Elizabeth Line from January 2020. For various reasons, Oyster will not be able to be used as far out. So, once again we are seeing contactless bank card technology reaching further than Oyster. There are government plans (election permitting) to add hundreds more rail stations to the TfL PAYG scheme.

London is not the only game in town, and we see other PAYG schemes around the UK. The continued expansion of PAYG represents improved customer experience but is not great news for retailers of travel rights unless they can find a way to sell PAYG and make a profit.

If the PAYG area accepts contactless bank cards (like London), then mobile wallets can be used to allow passengers to travel seamlessly in these areas. Citymapper launched a plastic prepaid Mastercard for this purpose for residents of London only in April 2019. It has recently become available as a virtual card using mobile wallets on both Android and Apple iOS devices. By contrast, the UK smart ticketing standards, ITSO, has partnered with Google and Google Pay wallet has been customised for ITSO so that now ITSO tickets can be loaded into the mobile wallets of Android phones only.

So, lots of choices. And the Glasgow Conundrum continues to some extent, though I can see MaaS Providers apps being able to hide this complexity if they get it right. I was very happy to recently have Ben Whitaker round at Chyp towers explaining Masabi’s take on automatic fare collection using mobile apps. We made a podcast about their Fare Payments as a Service and Ben’s views on where MaaS is going which I found very interesting.

At Consult Hyperion we have a lot of experience with smart ticketing, mobile ticketing and, in particular, mobile digital wallets. If you would like to learn more, give us a call.

Digital Wallet Ticketing

I’ve just been in Bristol at the annual Transport Card Forum (TCF) two-day event. I was on the agenda as chair of Working Group 27 giving the final report on progress. The report will be going to DfT shortly and thereafter available to TCF members via the website. I’ve been attending TCF for many years and it is impossible not to notice how very slowly things change in transport ticketing.

One piece of our recent advice to a sub-national transport body, when hired to outline their smart ticketing strategy can be summarised as: do not seek government funding to implement a region-wide (expensive) smart ticketing solution, but rather look at what already exists and how these ticketing schemes might be brought together to meet the needs of the various travelling customer types in the region. In this context, I was pleased to hear mention of software development kit (SDK) offerings from Masabi and FAIRTIQ giving me hope that the transport ticketing industry is moving in the right direction. For example, Masabi using their SDK to insert their ticketing technology into the Uber app for trials in Denver, Colorado.

A recurring theme at the event was operators reporting how PAYG solutions are proving popular with customers and how they are eroding the other forms of ticketing such as season tickets. This is an increasing area of concern for clients we are working with, most notably in terms of cash flow and forecasting but also technically. Some of our current work is helping clients deal with the array of ticketing solutions they are operating and how to rationalise these in the light of the way that the automated fare collection (AFC) industry is moving and responding to customer needs. Consumer demands will continue to drive change in their purchase patterns as flexible and remote working opportunities increase.  

It is not uncommon for a transport operator to support all of the following:

  • Paper tickets as the only medium interoperable at all acceptance points for all customer types.
  • Legacy smart card solutions based on 1990s technologies where the operators were focussed on owning the customer by issuing them with a smart card.
  • Barcodes as a cheaper alternative to smart cards that can also go paperless if delivered to mobile phones.
  • Mobile ticketing solutions based on bar code or flash pass, sometimes with low security levels and high fraud levels. Some using the ‘software only’ HCE innovations which Apple will not currently allow.
  • Open-loop (EMV bank card) PAYG solutions which have grown out of our work with TfL in 2008-14. These are intended to increase ridership and reduce costs by using the bank card in the customer’s pocket, but because they are one card per passenger, they do not cater for group tickets or for those not having (e.g. children) or not wishing to use bank cards. This could be addressed on buses by introducing a ‘retail model’, but this would require driver interaction to determine the price of the ticket before purchase and slow down bus boarding.

Operators are transport providers and their core business is providing transport services, not running ticketing solutions. The last thing they want is to be maintaining systems that have to be able to handle multiple different front ends, though many of them find themselves doing so. The classic example is TfL’s intention to switch off Oyster when open-loop was up and running, but they not yet managed to achieve this.

Our recent work with clients about how to use Digital Wallet Ticketing in a customer’s smart phone to unify their disparate ticketing solutions is proving popular.  This has been both in sports stadiums and transport ticketing. Digital Wallet Ticketing was not much discussed at TCF19, which I guess is a sign of how slowly things move within the transit ticketing community. We believe DWT is the future.

We have a wealth of experience over several years of designing and building DWT solutions. Let us know if you’d like a chat about how this might work for you, be it payment, identity or ticketing.

Mobility policy: the way forward is unclear

We’ve been thinking about Mobility as a Service (MaaS) for some time. I remember suggesting its consideration in a meeting with a UK sub-national transport body (STB) in 2016 and the question being ‘Isn’t MaaS just a buzz-word?’ In December 2018, the UK Government Office for Science issued a review, ‘MaaS in the UK: Change and its implications’. It was commissioned as part of the UK government’s Foresight Future of Mobility project.

While the review contains the usual disclaimer, ‘this document is not a statement of government policy’, there is actually a lot of change happening in transit-related policy, based around the opportunities presented by technology and the need to provide convenient services for the travelling public, while limiting the impact on the environment. The Williams Rail Review was launched by the Department for Transport in 2018, taking evidence through 2019, with a view to implementation starting in 2020. Its purpose is to put passengers at the heart of the railway of the future, while taking into account the needs of operators and the taxpayer.

The Rail Delivery Group has responded to the Williams review. They report that eight out of ten people feel the current system should be overhauled, while nine out of ten are in favour of smart or electronic ticketing. They also describe the need to include a range of flexible options to support passenger choice. Integrated and Smart Ticketing offers a way of achieving these goals, incorporating flexibility to accommodate a variety of services in a format that is convenient for passengers.

The Rail Delivery Group itself has undertaken a consultation on simplification of fares, resulting in the publication of the ‘Easier Fares for All’ report. They received around 20,000 responses to the consultation, with very strong support for simplification of fare structures. At present, there is a huge variety of fare products available, which means that a passenger can never be sure of getting best value. The priorities highlighted by responses to the consultation were value for money, fair pricing, simplicity, flexibility and assurance. MaaS is specifically mentioned as a goal in the report, to be achieved by simplification of fare structures and implementation of appropriate technologies. Account-based ticketing, to include capping and integration with other modes of transport such as buses and trams, was also considered desirable.

Even before all this, the UK government had policies in place that would seem to be ideal for the encouragement of MaaS implementations. These included:

  • Department for Transport:
    • MaaS could offer an opportunity to support the DfT’s high-level policy commitments, namely: Boosting economic growth and opportunity, Building a One Nation Britain, Improving journeys, and Safe, Secure and Sustainable Transport. Specifically, MaaS would offer a greater level of integration between modes of transport and enable passengers to have confidence in choosing a variety of different options for their journey. This could encourage individuals to choose public transport more often, promoting social cohesion and sustainability.
    • The DfT’s Single Departmental Plan (SDP) 2015-2020 outlines the progress made in supporting the Department’s high-level policy commitments. The SDP’s commitments cross a range of transport sector delivery areas and illustrate DfT’s engagement in many initiatives that support the development of MaaS, These include capping of fares, introduction of more flexible part-time season tickets, focusing on accessibility to enable people with disabilities to have confidence in public transport provision.
  • Department of Health:
    • To support active lifestyle objectives – perhaps through engaging the travel behaviour change capabilities of MaaS. This is typified by initiatives by TfL to encourage people to walk or cycle rather than taking the tube.
    • Reducing respiratory and air quality related health issues – perhaps through engaging with MaaS Providers to manage travel patterns in areas with poor air quality. This could include managing the types and numbers of vehicles permitted in an area. This can be achieved in a number of ways, such as using bus lanes to promote public transport and giving low emissions vehicles exemptions to congestion charging.
  • Department for Business, Innovation and Skills:
    • Supporting innovation and growth, particularly in the sharing economy. This could include car sharing, ride sharing and other innovative approaches to transport and ticketing.
    • Supporting new markets for Connected and Autonomous Vehicles (CAV). This might include provision of autonomous vehicles for use by visitors within a tourist area or more effective monitoring of the use of hire cars in and around airports.

At the time of writing, the government has tabled secondary legislation, expected to pass very shortly, to mandate net-zero carbon emissions throughout the economy by 2050. MaaS is expected to be a key enabler in reaching this goal by offering a range of more convenient alternatives to individual passenger car journeys. These might include ride sharing, car sharing, or simply bus and train services that are better tailored to local needs. Paying for a recharge of electric vehicle at (say) a park and ride centre, potentially at a discount to that available commercially in city centre car parks might be considered.

The UK government has described its support for transformation in the area of mobility in its paper “Future of mobility: urban strategy”. It promotes safe and secure mobility services designed around the needs of the individual, which prioritise active travel such as walking and cycling. It also highlights the key role of mass transit, with the aim of reducing congestion and emissions. Creative use of published data is seen as an important tool in managing an integrated mobility ecosystem.

The MaaS Alliance and UK Transport Systems Catapult commissioned a survey in spring 2017 to generate data on the critical regulatory enablers and barriers for the development and full deployment of MaaS. It is worth noting that policy targets on emissions are likely to have a positive effect on MaaS market developments.

A recent report by the House of Commons Transport Committee concluded:

The key choices the Government can make are on its approach to the governance around MaaS in the areas of incentivising data sharing; introducing a regulatory framework such as a code of conduct and ensuring passenger rights are protected.

Finland was the first country to regulate to facilitate the pre-conditions necessary for MaaS. Their Act on Transport Services (also known as the Transport Code) was adopted in April 2017. All provisions in the Act entered into force by July 2018. It promotes customer-oriented, market-based transport services on a competitive basis. It aims to enable new technologies and digitalisation into the transport sector. It obliges transport operators to make essential data available and provides for the interoperability of ticketing and payment systems. The presentation in January at TTG19 from Minna Soininen, Director of the Finnish Public Transport Association, was less than glowing about the progress to date since regulation, indicating that the way forward is still not clear.

A lot has changed since our STB meeting in 2016. Our recent work with another STB uncovered a shift in thinking. A facilitation role is being sought and there is openness to forming partnerships with a wide range of mobility providers. There is a great deal of uncertainty about the future of MaaS and therefore future policy makers are looking at how to better deal with uncertainty and avoid committing too strongly to the early adopters.

If you’re interested in finding out more, please contact: sales@chyp.com

Rail usage up, so what?

The Office of Rail and Road (ORR) has just made a quarterly statistical release for Passenger Rail Usage. So what?

There are relevant economic and social trends to which public-sector bodies must respond with transport policies:

  • Circa 60% of the UK population lives in cities. Congestion is a real problem which in turn leads to increased pollution and reduced air quality.
  • As a population, we travel substantially less today than we did one or two decades ago.
  • We are travelling less by car and more by train and bike. Fewer of us are getting driving licences, and we are getting them much later in our lives.

A key response to these trends is to try to drive modal shift from privately owned cars to mobility as a service (MaaS). Rail is a key mode in MaaS solutions, and Rail, in the UK, is undergoing a root and branch review which was announced by Chris Grayling and the Department for Transport in September 2018. Keith Williams is leading the review, supported by an expert panel. Amongst other things, it will look at the structure of the whole rail industry, regional partnerships and improving value for money for passengers and taxpayers. Any emerging reform plans will be implemented from 2020.

One can imagine that there are many problems to be addressed as part of this review and that fares and ticketing might not get much of a look in. However, the ‘value for money for passengers and taxpayers’ part seems significant.

In a February meeting with DfT about the future of fare collection and transport payments, Consult Hyperion was asked to respond to the recent Rail PAYG Consultation covering:

  • what a Pay-As-You-Go (PAYG) travel area is, and how it would work in general
  • where a PAYG travel area could cover
  • the changes to fares that could be made within the area

The consultation ran from February to the end of April 2019 and now the Department for Transport is considering the responses.

In the context of this activity, the ORR statistical release makes perhaps more interesting reading than it otherwise would have done.

 “Passenger journeys using ordinary tickets increased by 5.0% in 2018-19 compared to the previous year. This was driven by a 6.9% growth in anytime tickets. In contrast, the number of passenger journeys made using season tickets fell for the third consecutive year, down 0.4%. Market share of season ticket journeys was 36% in 2018-19, down from 48% a decade ago.”

These would seem like exactly the right market conditions for introducing PAYG on rail beyond London. Today’s passengers cannot easily predict their journeys in advance, but would like to be rewarded for frequency of travel; which, by choosing Rail, will help meet social and environmental goals. Granted, PAYG is not well suited to long-distance Rail if ticket prices are high, but there are many train journeys that are in the right price bracket.

In time, it would seem desirable to phase out season tickets. Ticketing should be tailored to the increasingly flexible patterns of work: perhaps for a specified number of days per month or the use of digital carnet tickets (to be enabled prior to departure). It would seem that smartphone apps are ideal for handling this.

Flexibility is also required within each day. Passengers travelling out in off peak times frequently don’t know until they start their return journey whether it will be peak or off-peak. In addition, designations of peak and off-peak are complex, localised and require further study.

A PAYG solution which focuses primarily on the gate line may limit subsequent progress. Mobile ticketing has an important role to play. It provides the means to offer a variety of ticket types on a single device and is comparatively easily updated. It also offers much greater flexibility for passengers travelling from unmanned stations, where gate lines don’t generally feature, and ticket machines are frequently vandalized. Another benefit of mobile ticketing is the quality of travel data that can be collected (while respecting passenger privacy).

We have recently been advising three UK Sub-national Transport Bodies (STBs) and recently facilitated a transport operator workshop to discuss options for fare collection and transport payments. The thing that the operators seemed most excited about was PAYG.  The kind where customers just turn up and travel without having to worry about the tariffs in advance and trusting that they will be charged a fair price. Inevitably, the discussions dipped into which technologies are good at this and which are bad, but the fact remains, they are clear what their customers want and truly believe that by giving them what they want, they will receive increased ridership in return.

Clearly, this is what Transport for London already provides and their offering is slowly extending out from London into the SE region, for example to Gatwick Airport. However, the open-payment-based PAYG models (using contactless bank cards) are limited in the amounts up to which fares can be aggregated before payment is taken. This is for reasons of risk of payment for the journey never being received, but it also makes sense from the point of view of the customer who does not want to travel on trains all day not knowing how many hundreds of pounds they will be charged at the end and they also want to benefit from any available capping of fares.

What is needed is flexibility. Open-loop transit payments are better than conventional card-based transport cards for travelling within cities. As we have said before, open-loop transit payment suffers from the passenger identifier (their bank card) being tightly coupled to just one of their payment mechanisms (one of their bank accounts). We have been exploring other mobile-based solutions with the Rail Delivery Group (RDG) recently and are hopeful that such customer-centric alternatives will emerge soon.

If you’re interested in finding out more, please contact: sales@chyp.com

Getting RID of SAM

Simon Laker and I recently published an article about open-loop transit payments in the US and how they are catching up with the UK with significant US launches planned for 2019 and beyond. It was very interesting to look back, draw the timeline and, with the benefit of hindsight, see why the major US cities tried to be first but ended up being seven years or so behind the 2012 London launch on buses.

Whilst it is fun to look back, we spend most of our time making the future. Over the last year we have been back working with TfL to help determine the best revenue inspection solutions for open-loop transit operators. While the majority of bus operators might not care much about revenue inspection (the potential fare dodger has to board the bus and this usually requires walking past the vigilant gaze of the bus driver), revenue protection through inspection is a significant requirement for city-based smart ticketing schemes.

Back in 2011 we helped TfL choose their current revenue inspection device (RID) hardware which is now no longer manufactured. At that time, there was no single off-the-shelf device hardware which could meet TfL’s need and therefore, hardware customisation was needed.  Now is the time to look for opportunities for replacing these bespoke devices with more cost-effective solutions.

One of our specialisms is adapting devices without secure hardware to become secure enough to handle transactions involving payments and identity, such as ticketing. There are approaches known as host card emulation (HCE) and host terminal emulation (HTE) that we have been working on since 2007 before they were named in 2012 as part of the open-source Android OS. The idea is that ‘software-only’ approaches can be used, without any secure hardware, to secure cryptographic secrets (e.g. keys) used to secure transactions. Traditionally, tamper-resistant smart card chip hardware is used to store the keys, and similar chips, known as secure hardware modules (SAMs) are used in terminals needing to communicate securely with smart cards.

In 2015 we worked with ITSO to design how ITSO can work securely enough on mobile devices without secure hardware. Android Pay launched in the same year. This approach is now being exploited by the ITSO on Mobile solutions from the likes of Rambus.

We helped Barclaycard be the first UK bank to launch a software-only banking payment app that works on mobile devices without using SAMs in 2016. This was all card emulation. When we want a mobile device to act as a RID without a SAM, then it is terminal emulation and it is harder. The card merely has an antenna in which a current is induced when the antenna is placed in the reader electromagnetic field. The reader has to produce that field. The hardware in most mobile devices on the market is not certified to act as a reader for accepting payment cards. You may have noticed that when small merchants use their phones to accept contactless cards, they use an additional device from organisation such as PayPal, Square or iZettle. 

In 2018, we produced a software-only app for an Android phone that can be downloaded and installed on any phone and securely accept contactless payment cards. No secure hardware, no SAMs. It works, but the payment industry is playing catch up and it was not possible to certify such a merchant payment terminal to the satisfaction of the payment card industry. In January, PCI released new documentation aimed at this purpose. Exciting times are ahead. We are currently helping TfL engage with the market to see whether RID solutions based on off-the-shelf Android devices might be used as the next generation RID.

We have a wealth of experience over the last two decades, designing and building software-only solutions. Let us know if you’d like a chat about how this might work for you, be it payment, identity or ticketing.

Loosely-coupled MaaS payments

I was a panellist discussing the barriers to mobility as a service (MaaS) at the Transport Ticketing Global (TTG19) conference in London in January. In fact, many of the presentations over the two-day conference were about MaaS and reasons why it is proving very hard to deliver. Perhaps one of the most mature MaaS offerings is the one from MaaS Global branded as ‘Whim’ which launched in the UK in the West Midlands but, by their own admission, has struggled to gain a foothold.

Until recently, MaaS providers have avoided London. We have seen some excellent journey planning apps exploiting Transport for London’s (TfL)  open APIs, but nobody was going that extra mile and actually proving a complete MaaS solution in a single app that allow both planning journeys together with payment and ticketing (i.e. proving authority to travel when entering the transit network). TfL has been very clear that they will not provide any cut of the fares to MaaS providers, so they will have to find other ways to make a profit.

So, the announcement from CityMapper that they are about to launch a MaaS solution in London surely doesn’t make any sense? Given the above barriers to MaaS and the high complexity of London’s public transport network, why on earth would you start there?

The answer is payments and identity, two of our favourite topics. These are services needed in order to offer account-based ticketing (ABT) and ABT is a corner-stone of MaaS. Passengers need to identify themselves to their customer account so that their journey charges can be calculated. Payment for the journeys needs to be handled in a way that is suitable to the particular customer.

One of the barriers I suggested on the TTG19 panel is that payment and identity are too ‘closely coupled’ in modern account-based ticketing offerings. I am old enough to remember the emergence of service oriented architectures in the ‘noughties’. The idea was that by ensuring services are ‘loosely coupled’, they can freely evolve without affecting consumers or implementations. I argued that if everyone rushes to implement the open-loop payment models with the payment networks like TfL has done, then we will be left with fare collection services that are highly dependent on the payment schemes and constrained from evolution. The identifier the passenger uses at the gate is their bank card (or its emulation on mobile or wearable devices). This identifies them to their ABT travel account but it also identifies their means of payment. Some would say this is convenient, I am suggesting it is too closely coupled and will stifle innovation.

Open banking APIs are a subject close to our hearts at the moment. The APIs are very new and they seem not to be thinking about transit payments at this stage. However, one could imagine that there could be future open banking APIs that would allow passengers to consent to transit payments from their bank to their MaaS provider without the need for the payment networks in between. I expect this will be subject of future blogs or white papers from Chyp.

The reason CityMapper is launching in London is that all the public transport modes accept open-loop payments and the CityMapper solution to payments and identity is to provide their MaaS customers with a Mastercard-branded prepaid card, ‘Pass’. CityMapper will offer a subscription model at a discount on TfL prices and any travel on TfL modes outside of this will simply use the prepaid bank card like any other.

This works for all London public transport modes, but there are very few other cities that have committed so totally to the open-loop models. It will be interesting to see whether CityMapper can make a profit and if they do, whether they can replicate it outside of London. Right now, it looks like they are using investment funding and planning on taking a loss to start with since they are offering to undercut the TfL fares and as stated above TfL has said they will not offer discounts to Maas providers. Or perhaps city mapper is planning on selling advertising space or plans to sell anonymised travel data to make up the shortfall? Only time will tell.

Meanwhile, may all your transit tokens be loosely coupled and your payment instruments plentiful.

 

Consult Hyperion’s Live 5 for 2019

It’s that time of year again. I’ve had a chat with my colleagues at Consult Hyperion, gone back over my notes from the year’s events, taken a look at our most interesting projects around the world and brought together our “live five” for 2019.  Now, as in previous years, I don’t expect you to pay any attention to our prognostications without first reviewing our previous attempts, otherwise you won’t have any basis for taking us seriously! So, let’s begin by looking back over the past year and then we’ll take a shot at the future.

Goodbye 2018

As we start to wind down 2018, let’s see how we did…

  1. 1. Open Banking. Well, it was hardly a tough call and we were bang on with this one. We’ve been working on open banking projects in the UK, on the continent and beyond. What seems to be an obviously European issue, is of course a global one and we’ve been helping the global payment brands understand the opportunities. Helping existing market participants and new market entrants to develop and implement responses to open banking has turned out to be intellectually challenging and complex, and we continue to build our expertise in the field. Planning for the unintended consequences of open banking and the potentially un-level playing field that’s been created by the asymmetry of data, was not the obvious angle of opportunity for traditional tier one banks.

  2. 2. Conversational Transactions. Yes, we were spot on with this one and not only in financial services. Many organisations are shifting to messaging channels for customer support and for transactions, in both the banking and retail sectors. The opportunity for this continues with the advancements of new messaging enablers, such as the GSMA backed RCS. But as new channels for support and service are introduced to the customer experience, so are new points of vulnerability.

  3. 3. The Internet of Cars. This is evolving although the security concerns that we spoke about before, continue to add friction to the development of new products and services in this area. Vulnerabilities to card payments or building entry systems are security threats, vulnerabilities to connected or autonomous vehicles are potentially public safety threats.

  4. 4. Artificial Intelligence. Again, this was an easy prediction because many of our clients were already active. Where we did add to thinking this past year, it was about the interactive landscape of the future (i.e. bots interacting with bots) and how the identity infrastructure needs to evolve to support this.

  5. 5. Tokens/ICOs. Well, we were right to highlight the importance of “tokens” (the basis of Initial Coin Offerings, or ICOs) and our prediction that once the craziness is out of the way, then regulated token markets will become significant looks to be borne out by mainstream commentary. At Money2020 Asia in Singapore, I had the privilege of interviewing Jonathan Larsen, Corporate Venture Capital Manager at Ping An and CEO of their Global Voyager Fund (which has a $billion or so under management). When I put to him that the tokenisation of assets will be a revolution, he said that “tokenisation is a really massive trend… a much bigger story than cryptocurrencies, initial coin offerings (ICOs), and even blockchain”.

As we said, 2018 has seen disruption because the shift to open banking, starting in the UK,has meant the reshaping of financial services while at the same time the advance of AI into the transaction flow (transactions of all types, from buying a train ticket to selling corporate bonds) begins to reshape the way we do business.

Hello 2019

This year we are organising our “live five” in a slightly different way, listing them by priority to our clients rather than as a simple list. So here are the four key technologies that we think will be hot throughout the coming year together with the new technology that we are looking at out of the corner of our eyes, so to speak. The mainstream technologies are authentication,cross-sector digital identity, digital wallets for ticketing and secure IoT in the insurance sector. The one coming up on the outside is post-quantum cryptography.


So here we go…


  1. 1. With our financial services customers we are moving from developing strategies about open banking to developing implementation plans and supporting the development of new systems and services. The most important technology at the customer interface from the secure transactions perspective is going to be the technology of Strong Customer Authentication (SCA). Understanding the rules around which transactions need SCA or not is complicated enough, and that’s before you even start working out which technologies have the right balance of security and convenience for the relevant customer journeys. Luckily, we know how to help on both counts!

As it happens, better authentication technology is going to make life easier for clients in a number of ways, not only because of PSD2. We are already planning 3D Secure v2 (3DSv2) and Secure Remote Commerce (SRC) implementations for customers. Preventing “authentication friction” (using e.g. FIDO) is central to the new customer journeys.

  1. 2. Forward thinking jurisdictions such as Canada and Australia have already started to deliver cross-sector digital identity (where in both cases we’ve been advising stakeholders). New technologies such as machine learning, shared ledgers and self-sovereign identity, if implemented correctly, will start to address the real issues and improvements in know your customer (KYC), anti-money laundering (AML), counter-terrorist financing (CTF) and the management of a politically-exposed person (PEP).  The skewed cost-benefit around regtech and the friction that flawed digitised identity systems cause, mean that there is considerable pressure to shift the balance and in the coming year I think more organisations around the world will look at models adopted and take action.

  1. 3. In our work on ticketing around the world, we see a renewed focus on the deployment of real digital wallets. Transit and other forms of ticketing (such as for sporting events) are the effective anchor tenants of the digital wallet, not payments. In the UK and in some other countries there has been little traction for the smartphone digital wallet because of the effectiveness of the deployment and use of contactless cards. If you look in your real wallets, most of what your find isn’t really about payments. In our markets, payments alone do not drive consumers to digital wallets, but take-up might be about to accelerate. It’s one thing to have xPay put cards into a digital wallet but putting your train tickets, your sports rights and your concert passes into a digital wallet makes all the difference to take-up and means serious traction. Our expertise in using the digital wallets for applications beyond payments will give our clients confidence in setting their strategies.

  2. 4. In the insurance world we see the business cases building around the Internet of Things (IoT). The recent landmark decision of John Hancock, one of the oldest and largest North American life insurers, to stop selling traditional life insurance and instead sell only “interactive” policies that track fitness and health data through wearable devices and smartphones is a significant step both in terms of business model and security infrastructure. We think more organisations in the insurance sector will develop similar new services.  Securing IoT systems becomes a priority. Fortunately, our very structured risk analysis for IoT and considerable experience in the practical assessment of countermeasures, deliver a cost-effective approach.

  3. 5. In our core field of security, we think it’s time to start taking post-quantum cryptography (PQC) seriously not as a research topic but as a strategic imperative around the development and deployment of new transaction systems. As many of you will know, Consult Hyperion’s reputation has been founded on the mass-market deployments of new transactions systems and services and this means we understand the long-term planning of secure platforms. We’re proud to say that we have helped to develop the security infrastructure for services ranging from the Hong Kong smart identity card, to the Euroclear settlement system and from contactless payments to open loop ticketing in major cities. Systems going into service now may well find themselves overlapping with the first practical quantum computer systems that render certain kinds of cryptography worthless, so it’s time to add PQC to strategies for the mass market.

And there you have it! Consult Hyperion’s Live 5 for 2019. Brexit does not mean the end of SCA in the UK (since PSD2 has already been transcribed into UK law) and SCA means that secure digital identities can support transactions conducted from digital wallets, and those digital wallets will contain things other than payment instruments. They might also start to store transit tickets or your right to travel, health and fitness data for your insurance company. Oh, and all of that data will end up in the public sphere unless the organisations charged with protecting it start thinking about post-quantum cryptography or,as Adi Shamir (one of the inventors of public key cryptography) said five years ago, post-cryptographysecurity.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.