Category: Public Sector and NGO

Would you use the NHSX app?

7th May 20207th May 2020by Steve PanniferLeave a comment

I listened with interest to yesterday’s parliamentary committee on the proposed NHSX contact tracing app, which is being trialled on the Isle of Wight from today. You can see the recording here.

Much of the discussion concerned the decision to follow a centralised approach, in contrast to several other countries such as Germany, Switzerland and Ireland. Two key concerns were raised:

1. Can a centralised system be privacy respecting?
Of course the answer to this question is yes, but it depends on how data is collected and stored. Cryptographic techniques such as differential privacy are designed to allow data to be de-indentified so that is can be analysed anonymously (e.g. for medical research) for example, although there was no suggestion that NHSX is actually doing this.

The precise details of the NHSX app are not clear at this stage but it seems that the approach will involve identifiers being shared between mobile devices when they come into close proximity. These identifiers will then be uploaded to a central service to support studying the epidemiology of COVID-19 and to facilitate notifying people who may be at risk, having been in close proximity to an infected person. Whilst the stated intention is for those identifiers to be anonymous, the parliamentary debate clearly showed there a number of ways that the identifiers could become more identifiable over time. Because the identifiers are persistent they are likely to only be pseudonymous at best.

By way of contrast, a large team of academics has developed an approach called DP-3T, which apparently has influenced designs in Germany and elsewhere. It uses ephemeral (short-lived) identifiers. The approach is not fully decentralised however. When a user reports that they have COVID-19 symptoms, the list of ephemeral identifiers that user’s device has received, when coming into close proximity to other devices, is shared via a centralised service. In fact, they are broadcast to every device in the system so that risk decisioning is made at the edges not in the middle. This means that no central database of identifiers is needed (but presumably there will be database of registered devices).

It also means there will be less scope for epidemiological research.

All of this is way beyond the understanding of most people, including those tasked with providing parliamentary scrutiny. So how can the average person on the street or the average peer in Westminster be confident in the NHSX app? Well apparently the NHSX app is going to be open sourced and that probably is going to be our greatest protection. That will mean you won’t need to rely on what NHSX says but inevitably there will be universities, hackers, enthusiasts and others lining up to pick it apart.

2. Can a centralised system interoperate with the decentralised systems in other countries to allow cross border contact tracing?
It seems to us that whether a system is centralised or not is a gross simplification of the potential interoperability issues. True, the primary issue does seem to be the way that identifiers are generated, shared and used in risk decisioning. For cross border contact tracing to be possible there will need to be alignment on a whole range of other things including technical standards, legal requirements and perhaps even, dare I say it, liability. Of course, if the DP-3T model is adopted by many countries then it could become the de facto standard, in which case that could leave the NHSX app isolated.

Will the NHSX app be an effective tool to help us get back to normal? This will depend entirely on how widely it is adopted, which in turn will require people to see that the benefits outweigh the costs. That’s a value exchange calculation that most people will not be able to make. How can they make a value judgment on the potential risks to their civil liberties of such a system? The average user is probably more likely to notice the impact on their phone’s battery life or when their Bluetooth headphones stop working.

There’s a lot more that could be said and I’ll be discussing the topic further with Edgar Whitley, Nicky Hickman and Justin Gage on Thursday during our weekly webinar.

Rail usage up, so what?

19th June 20197th August 2020by John ElliottLeave a comment

The Office of Rail and Road (ORR) has just made a quarterly statistical release for Passenger Rail Usage. So what?

There are relevant economic and social trends to which public-sector bodies must respond with transport policies:

Circa 60% of the UK population lives in cities. Congestion is a real problem which in turn leads to increased pollution and reduced air quality.
As a population, we travel substantially less today than we did one or two decades ago.
We are travelling less by car and more by train and bike. Fewer of us are getting driving licences, and we are getting them much later in our lives.

A key response to these trends is to try to drive modal shift from privately owned cars to mobility as a service (MaaS). Rail is a key mode in MaaS solutions, and Rail, in the UK, is undergoing a root and branch review which was announced by Chris Grayling and the Department for Transport in September 2018. Keith Williams is leading the review, supported by an expert panel. Amongst other things, it will look at the structure of the whole rail industry, regional partnerships and improving value for money for passengers and taxpayers. Any emerging reform plans will be implemented from 2020.

One can imagine that there are many problems to be addressed as part of this review and that fares and ticketing might not get much of a look in. However, the ‘value for money for passengers and taxpayers’ part seems significant.

In a February meeting with DfT about the future of fare collection and transport payments, Consult Hyperion was asked to respond to the recent Rail PAYG Consultation covering:

what a Pay-As-You-Go (PAYG) travel area is, and how it would work in general
where a PAYG travel area could cover
the changes to fares that could be made within the area

The consultation ran from February to the end of April 2019 and now the Department for Transport is considering the responses.

In the context of this activity, the ORR statistical release makes perhaps more interesting reading than it otherwise would have done.

“Passenger journeys using ordinary tickets increased by 5.0% in 2018-19 compared to the previous year. This was driven by a 6.9% growth in anytime tickets. In contrast, the number of passenger journeys made using season tickets fell for the third consecutive year, down 0.4%. Market share of season ticket journeys was 36% in 2018-19, down from 48% a decade ago.”

These would seem like exactly the right market conditions for introducing PAYG on rail beyond London. Today’s passengers cannot easily predict their journeys in advance, but would like to be rewarded for frequency of travel; which, by choosing Rail, will help meet social and environmental goals. Granted, PAYG is not well suited to long-distance Rail if ticket prices are high, but there are many train journeys that are in the right price bracket.

In time, it would seem desirable to phase out season tickets. Ticketing should be tailored to the increasingly flexible patterns of work: perhaps for a specified number of days per month or the use of digital carnet tickets (to be enabled prior to departure). It would seem that smartphone apps are ideal for handling this.

Flexibility is also required within each day. Passengers travelling out in off peak times frequently don’t know until they start their return journey whether it will be peak or off-peak. In addition, designations of peak and off-peak are complex, localised and require further study.

A PAYG solution which focuses primarily on the gate line may limit subsequent progress. Mobile ticketing has an important role to play. It provides the means to offer a variety of ticket types on a single device and is comparatively easily updated. It also offers much greater flexibility for passengers travelling from unmanned stations, where gate lines don’t generally feature, and ticket machines are frequently vandalized. Another benefit of mobile ticketing is the quality of travel data that can be collected (while respecting passenger privacy).

We have recently been advising three UK Sub-national Transport Bodies (STBs) and recently facilitated a transport operator workshop to discuss options for fare collection and transport payments. The thing that the operators seemed most excited about was PAYG. The kind where customers just turn up and travel without having to worry about the tariffs in advance and trusting that they will be charged a fair price. Inevitably, the discussions dipped into which technologies are good at this and which are bad, but the fact remains, they are clear what their customers want and truly believe that by giving them what they want, they will receive increased ridership in return.

Clearly, this is what Transport for London already provides and their offering is slowly extending out from London into the SE region, for example to Gatwick Airport. However, the open-payment-based PAYG models (using contactless bank cards) are limited in the amounts up to which fares can be aggregated before payment is taken. This is for reasons of risk of payment for the journey never being received, but it also makes sense from the point of view of the customer who does not want to travel on trains all day not knowing how many hundreds of pounds they will be charged at the end and they also want to benefit from any available capping of fares.

What is needed is flexibility. Open-loop transit payments are better than conventional card-based transport cards for travelling within cities. As we have said before, open-loop transit payment suffers from the passenger identifier (their bank card) being tightly coupled to just one of their payment mechanisms (one of their bank accounts). We have been exploring other mobile-based solutions with the Rail Delivery Group (RDG) recently and are hopeful that such customer-centric alternatives will emerge soon.

If you’re interested in finding out more, please contact: sales@chyp.com

Getting RID of SAM

23rd March 20197th August 2020by John ElliottLeave a comment

Simon Laker and I recently published an article about open-loop transit payments in the US and how they are catching up with the UK with significant US launches planned for 2019 and beyond. It was very interesting to look back, draw the timeline and, with the benefit of hindsight, see why the major US cities tried to be first but ended up being seven years or so behind the 2012 London launch on buses.

Whilst it is fun to look back, we spend most of our time making the future. Over the last year we have been back working with TfL to help determine the best revenue inspection solutions for open-loop transit operators. While the majority of bus operators might not care much about revenue inspection (the potential fare dodger has to board the bus and this usually requires walking past the vigilant gaze of the bus driver), revenue protection through inspection is a significant requirement for city-based smart ticketing schemes.

Back in 2011 we helped TfL choose their current revenue inspection device (RID) hardware which is now no longer manufactured. At that time, there was no single off-the-shelf device hardware which could meet TfL’s need and therefore, hardware customisation was needed. Now is the time to look for opportunities for replacing these bespoke devices with more cost-effective solutions.

One of our specialisms is adapting devices without secure hardware to become secure enough to handle transactions involving payments and identity, such as ticketing. There are approaches known as host card emulation (HCE) and host terminal emulation (HTE) that we have been working on since 2007 before they were named in 2012 as part of the open-source Android OS. The idea is that ‘software-only’ approaches can be used, without any secure hardware, to secure cryptographic secrets (e.g. keys) used to secure transactions. Traditionally, tamper-resistant smart card chip hardware is used to store the keys, and similar chips, known as secure hardware modules (SAMs) are used in terminals needing to communicate securely with smart cards.

In 2015 we worked with ITSO to design how ITSO can work securely enough on mobile devices without secure hardware. Android Pay launched in the same year. This approach is now being exploited by the ITSO on Mobile solutions from the likes of Rambus.

We helped Barclaycard be the first UK bank to launch a software-only banking payment app that works on mobile devices without using SAMs in 2016. This was all card emulation. When we want a mobile device to act as a RID without a SAM, then it is terminal emulation and it is harder. The card merely has an antenna in which a current is induced when the antenna is placed in the reader electromagnetic field. The reader has to produce that field. The hardware in most mobile devices on the market is not certified to act as a reader for accepting payment cards. You may have noticed that when small merchants use their phones to accept contactless cards, they use an additional device from organisation such as PayPal, Square or iZettle.

In 2018, we produced a software-only app for an Android phone that can be downloaded and installed on any phone and securely accept contactless payment cards. No secure hardware, no SAMs. It works, but the payment industry is playing catch up and it was not possible to certify such a merchant payment terminal to the satisfaction of the payment card industry. In January, PCI released new documentation aimed at this purpose. Exciting times are ahead. We are currently helping TfL engage with the market to see whether RID solutions based on off-the-shelf Android devices might be used as the next generation RID.

We have a wealth of experience over the last two decades, designing and building software-only solutions. Let us know if you’d like a chat about how this might work for you, be it payment, identity or ticketing.

Integration, that’s what you need

24th September 20187th August 2020by John Elliott3 Comments

I’m pleased to be chairing a new working group in the DfT-sponsored Transport Card Forum (TCF). I’ll be reporting on progress to date at the annual two-day TCF event, TCF18, in Manchester in a couple of days’ time.

The new working group, WG27, is in search of a title. But first, let me explain what the objectives are.

There is clearly a desire to move towards progressively more integrated transport. Ideally, all forms of mobility would be working in concert: public and private modes available either on demand or timetabled to join seamlessly to ensure that passengers can get where they want when without the need for retaining their expensive and polluting personal cars. Whether or not this end goal is fully achievable, there will be many ‘baby-steps’ to take along the way.

The working group’s objective is to consider the impact that this migration towards better integration will have. The idea is that we will consider this from the strategic, commercial and technical angles. After six months or so, the intention is that the WG will recommend how the integration can be achieved to benefit of all the stakeholders involved.

The reason Consult Hyperion is interested in being involved in this WG is because we believe that Mobility as a Service (MaaS) is the ‘direction of travel’ for the transport sector. We’ve been doing a lot of thinking about MaaS recently and have started working with our first MaaS-Provider client. It feels like something genuinely new and exciting. And it is interesting because no-one knows how it is going to turn out.

At the same time, the world of payments if having a bit of a shake up with the emergence of Open Banking. Watch this space for a White Paper from Chyp in the next few weeks giving our view on how MaaS payments will be done in the future.

The WG will recommend how the integration can be achieved to benefit of all the stakeholders involved.

Now, this got me thinking: what integration and what stakeholders?

At the WG kick-off meeting at our offices in Guildford, I proposed that we define the work packages to consider the problem from the four different stakeholder groups that are emerging industry work on MaaS:

Customer: The passengers themselves who need to get from ‘A’ to ‘B’.
Mobility aggregator (a.k.a MaaS Provider): Organisations that offers mobility services to passengers in a convenient way by aggregating the transport operator and data provider offerings and provide the digital platform that allows passengers to conveniently plan, pay for and make their journeys.
Data Provider: Organisations that aggregate relevant data from transport operators and other sources.
Transport Operator & Local Transport Authority: The public and private organisations that actually operate the transport modes.

So far, we have 15 volunteers to be contributors in the WG. More discussion is needed, but I am expecting that at least four work packages will emerge based on the above segmentation and the volunteers will work in the ones best suited to their skills and experience. There may be additional work packages added if we see the need for overarching subjects to be tackled by the WG such as data privacy and standards.

We are keen to know if there are more volunteers out there interested in contributing.

But what about the WG title, I hear you say? Well, the placeholder name for the group is ‘the end-to-end journey’. Suggestions for the group name are welcome. My favourite so far is ‘Weapons of MaaS Integration’.

London taking contactless for half of PAYG

26th April 20187th August 2020by John Elliott1 Comment

Four years ago Consult Hyperion completed a transit project which changed not only the way people paid for their travel, but cemented contactless in the vocabulary of the masses. We were focussed on getting contactless bank cards to work for pay-as-you-go (PAYG) transit payments. This was a significant undertaking since it had not been done before and the customer proposition included a fair-price promise. This fair-price promise required the contactless bank card solution to mimic the existing Oyster “capping” which allows customers to travel without knowing the tariffs, trusting that they will only be charged the best price they could have got had they bothered to research it all beforehand. It required adding contactless payment card acceptance to all TfL readers and the building of a bespoke back office to support this new Account-Based Ticketing (ABT) where no travel information is stored on the card.

Convenience is king in mass transit. And our task was to meet the demands of one of the world’s busiest transit environments but make it cheaper to operate. The long-term vision was that by 2018, Oyster cards would be migrated to use the ABT back office and the legacy Oyster system would be turned off. The Oyster brand would remain alongside bank cards for those not using bank cards, but the technology powering this, would be changed to be ABT.

TfL and Consult Hyperion worked closely with the payment schemes to define the process of card acceptance and with the UK Card Association to establish a harmonized set of rules to balance risk between TfL and the card issuers.

The system launched on buses in 2012 and on the rest of the TfL Oyster network in 2014. Later in 2016 the privately-run river buses were added.

Fare collection costs were reduced from 14% to less than 9% of fare revenue. In 2016, 34% of TfL PAYG journeys were made using contactless bank cards (56% were Oyster and 10% were paper tickets). Is this good, bad or indifferent? Well, this figure needs to be understood in context:

Contactless bank cards were still rolling out. In 2015, less than half[1] of UK bank cards were contactless.
Not everyone has a bank account. In 2015, about 5%[2] of UK adults were unbanked and half of these did not want a bank account.
Loss of government subsidy and a mayor-imposed TfL fare freeze meant that the vision of turning the legacy Oyster system off had to be reconsidered. Existing Oyster users have no incentive to switch over to using their bank cards.
Not all foreigners arriving in London are keen to use their bank cards since they may be subject to bank charges back home, making Oyster the better choice for them.

Despite these barriers to the uptake of contactless bank cards, by April 2016, 9% of all UK contactless transactions took place on TfL services.[3] By 2018 (year 4 of acceptance of bank cards on the full Oyster network), the percentage of PAYG journeys made using bank cards (or their emulations on phones or wearables) has risen from 34% to approximately 50%.

Consult Hyperion were uniquely qualified to help TfL deliver their ambition. Bringing in-depth knowledge and a heritage of working with the major payment networks and their detailed specifications for three decades, a solid understanding of proprietary transit technologies and practical experience of delivering innovative payment methods, outside of the retail community.

The team at Consult Hyperion is now involved across the globe working with transit agencies looking to emulate the success of London in their own cities. As well as Transport for the North in the UK, these projects have included working in countries where contactless success has outpaced the UK, such as Australia to territories where contactless payments are still emerging, like India and Colombia. Our US team has been working for a number of agencies who, today are developing systems capable of accepting contactless payment cards, even though issuance is less than 0.01%, in the hope that transit will drive banks to start issuing cards. There are early signs of success.

It is clear, that the success of TfL’s Future Ticketing Project has helped drive a sea-change in the payments and transportation industries that can save money in one industry and drive transaction volumes up in another. With our help, we are confident this success will continue.

[1] UK Cards Association Summary Statistics

[2] Financial Inclusion Commission 2015 Report

[3] UK Cards Association Contactless Transit Project Briefing – May 2016

Crossing continents for knowledge sharing

13th November 20177th August 2020by John ElliottLeave a comment

Chyp believes that collaboration and knowledge sharing across markets can help the advancement of the industry and this is particularly true in transport ticketing. For example, we have found that our work for TfL with a large population and high journey count is not all directly applicable to smaller countries who cannot make such significant investments in infrastructure to serve small populations.

Recently, we have been working for MMRDA in Mumbai, India. While the environment is very different in some respect, compared to the UK, they have large passenger numbers and administer a system that makes extensive use of private transport operators, two factors similar to Transport for the North (TfN).

Sharing knowledge not only helps speed to market of deployments but creates a trusted environment and one with credibility. MMRDA asked Chyp to facilitate meetings for them in the UK with transport operators and suppliers in order that they could learn from those who have done it before or are planning to deliver a similar project. The result was a tour of the UK starting in London and taking in Transport for the North. The picture above shows the meeting which was held in Leeds and included presentations from:

Transport for the North

Alastair Richards (Director Integrated and Smart Travel (IST))
Jo Tansley Thomas (Programme Manager (IST))
John Elliott (ABT Back Office Requirements Team Lead (Consult Hyperion))

MMRDA

Ashish Chandra (PWC India)

Partnerships are hard to form. We hope that MMRDA will benefit from the organisations they met and their sharing in experience planning and deploying ABT in complex environments in the UK, remembering that differences can be as important to learn as similarities.

AMLD4.1, AMLD5 or 5AMLD?

5th July 2017by Consult HyperionLeave a comment

I recently came across a statistic that surprised me.

Approximately 50% of new bank accounts are opened by customers that have recently arrived in the UK to work or study.

http://www.openidentityexchange.org/wp-content/uploads/2016/10/Digital-Identity-Across-Borders-FINAL-Feb2016-2.pdf

I had wrongly assumed that the majority of new bank accounts openings in the UK would be from students just about to go off to University, like my son, and that migration whilst high (as the media keeps telling us) would still be a minority. But based on some back-of-the-envelope calculations it appears that the 50% number is about right.

As the OIX report above points out, these new arrivals in the UK are very difficult to perform KYC (“Know Your Customer”) on due to the lack of data. They have no history in the UK. This is exactly where eIDAS should be able to step in. For example, a person arriving from France should be able to use their French government-issued eID as one piece of evidence to help meet KYC requirements. The proposed new AML legislation – the amendment to the fourth AML directive – which I have seen referred to as AMLD4.1, AMLD5 and 5AMLD, explicits call out to eIDAS as a potential solution.

There are however some issues with this:

Firstly, to become part of the eIDAS scheme, governments have to “notify” their eIDs into the scheme. To date only Germany has done so.

Secondly, eIDAS provides a switching infrastructure that makes all eIDs interoperable but initially this will only available to the public sector. If a private sector organisation, such as a bank, wishes to leverage an eID it will need to find another way to access or read it.

Thirdly, the mobile channel is becoming increasingly important with banks needing to be able to onboard customers directly in that channel, as well as performing identification and verification of existing customers when provisioning a mobile app. Several of the existing eIDs are smart-card based. These will only be readable by phones if the cards themselves are contactless (which many of them are). They will not however be readable on iPhones, even with the limited opening up of the NFC interface expected in iOS11.

There is clearly therefore a need for some alternative mobile based technology. Fortunately such technology exists in the form of mobile document and selfie capture and verification. One of the vendors in this space, Mitek, kindly commissioned Consult Hyperion to write a paper on this very topic which I had the privilege of presenting at Money2020 last week. You can download the paper here:

The gold standard for voting

28th December 2016by Consult Hyperion2 Comments

Electoral fraud isn’t a huge problem in the United Kingdom but it does happen, and it looks as if it’s been happening with increasing frequency in certain areas. So the government has decided to do something about it and they are going to introduce an “voter ID” scheme that will require people to provide some evidence of their identity when they go to vote, initially in local elections but presumably in general elections downstream.

The voter ID scheme will be trialed in 18 areas which have been identified by police and the Electoral Commission as being “vulnerable” to voting fraud, including Bradford, Birmingham.

From Voters will have to show passports to combat voter fraud in ‘vulnerable’ areas with large Muslim populations

And, as it happens, in my own dear Woking. But that is not the reason for my interest in the topic. My particular interest in electronic voting because it is one of the hard cases for digital identity. If we can figure out how digital identity can support something as complicated as electronic voting (complicated because of the requirements for secrecy, privacy, auditability) that shows it can be used for a wide variety of other applications. I’ve written before that I am in favour of electronic voting of some kind but I’m very much against remote voting, because I think that in a functioning democracy voting must remain a public act and if it is allowed in certain remote conditions then we cannot be sure that a voter’s ballot is either secret or uncoerced. While not the topic of this post, I think it is possible to imagine services where trusted third parties or electoral observers of some kind use mobile phones to go out and allow the infirm or otherwise housebound to vote.

We live in a Venmo world now, so if the under-30s want to vote using an app that tells their friends that they voted, or perhaps even how they voted, or perhaps allows them to add a funny picture or an acute comment, well so be it. But make it secure, and make them go down to the polling station to use it.

From Yes, we should make voting social, mobile and local | Consult Hyperion

So it is not beyond the wit of man to come up with alternatives to the postal vote. But that’s not what is being proposed. The UK government is not currently proposing an app or any other kind of electronic voting here, it is merely proposing to add a basic test of entitlement at the ballot box. The entitlement is to be established using the proxy of the voters identity. How will this identity be established and the entitlement authenticated? Well…

Local authorities will be invited to apply to trial different types of identification, including forms of photo ID such as driving licences and passports, or formal correspondence such as a utilities bill

From Voters in local elections will be required to show ID in anti-fraud trials | Politics | The Guardian

Wait, what? A utilities bill? I should explain here for any baffled overseas readers of this blog that the United Kingdom has no national identification scheme or identity card or any other such symbol of continental tyranny, so our gold standard identity document is the gas bill. I understand that these are notoriously difficult to forge and that the skilled artisans behind the North Korean $100 bill “supernote” threw down their tools in frustration when faced with the multiple layers of security that are part of the British Gas quarterly statement for residential users. The gas bill is a uniquely trusted document, and the obvious choice for a government concerned about fraud. By the way, if for some reason you do not have a gas bill to attest to your suitability for some purpose or other, you can buy one here (for theatrical or novelty use only).

Why is it that the government never ask me about this sort of thing? Since they don’t have an identity infrastructure, why don’t they use other people’s? I would have thought that for a great majority of the population, especially the more transient and younger portion of the electorate (e.g., my sons) social media would provide a far better means to manage this entitlement.

I judge it to be far harder to forge a plausible Facebook profile than a plausible gas bill, so if I turn up at the polling station and log in to the Facebook profile for David Birch (if there is a Facebook profile for a David Birch, incidentally, I can assure you it isn’t me) then they may as well let me vote.

From Special Feature: Electronic voting, electronic identity and electronic entitlement | Consult Hyperion

None of this will help, of course, because the main source of electoral fraud in the UK is not personation at the polling station but fraudulently-completed postal ballots. Indeed, this is precisely what has been going on in my own dear Woking, where four people were jailed for electoral fraud last year. As far as I can understand it from reading the various reports, including the source reports on electoral fraud in the UK, the main problem is that postal votes are being completed by third parties, sometimes in bulk. No proof of identity is going to make any difference to this and so long as we allow people to continue voting by post I can’t see how the situation will improve. I notice that the minister in charge of voting was quoted on the BBC today:

Constitution minister Chris Skidmore said “…In many transactions you need a proof of ID.”

From Electoral fraud: Voters will have to show ID in pilot scheme – BBC News

This is not, strictly speaking, true. In almost all transactions that we take part in on a daily basis we are not proving our identity, we are proving that we are authorised to do something whether it is to charge money to a line of credit in a shop, ride a bus or open the door to an office. In these cases we are using ID as a proxy because we don’t have a proper infrastructure in place for allowing us to keep our identities safely under lock and key while we go about our business. What you should really be presenting at the polling station is an anonymised entitlement to vote that you can authenticate your right to use. It is nobody at the polling station’s business who you are and, in common with many other circumstances, if you are required to present your identity to enable a transaction then we have created another place where identity can be stolen from.

The real solution is, of course, not using Railcards or football supporter’s cards, or indeed special-purpose election ID cards, but a general-purpose National Entitlement Scheme (NES).

From Special Feature: Electronic voting, electronic identity and electronic entitlement | Consult Hyperion

If memory serves, I think this is what my colleagues at consult Hyperion and I first proposed in response to a government consultation paper on a national identity scheme around 15 years ago. Oh well.

Account-based ticketing workshops

18th December 2016by Consult Hyperion2 Comments

We’ve been having a lot of fun in recent months leading workshops for transport operators about account-based ticketing. Sharing our recent experience with clients such as the UK’s Transport for London (TfL) and Transport for the North (TfN), Hungary’s BKK, New Zealand’s NZTTL, Belgium’s De Lijn and Stockholm’s Storstockholms Lokaltrafik (SL) and Singapore’s LTA.

The workshops are designed to help transport operators who are new to account-based ticketing understand the issues and options, including how Open-Loop bank cards can be blended with existing smart ticketing. A typical agenda covers the following subjects:

Trends

Customer propositions should drive everything
Smart ticketing trends
Technology roadmap
Benefits of ABT and Open-Loop

Architecture

Basic architecture overview
Generic architecture
Open loop vs closed loop (the back office)
Providing for the unbanked

Open-Loop solutions

Open loop implementatons in other countries
The 4-party model for payments
Transit Transaction Models (’Models 1-3’)
Transit Charging Framework (generic, global)

Compliance

EMV
PCI DSS
Working with a QSA

Our latest workshop was sponsored by Mastercard and hosted by Swedbank in Riga, Latvia, and had an audience of 40 including:

Transport operators
Government bodies
Industry suppliers
Media

We are looking forward to leading more similar workshops in 2017 across Europe.

Riga workshop sponsored by Mastercard and hosted by Swedbank.

Discussing a 'strawman' solution for Riga's needs. — Discussing a ‘strawman’ solution for Riga’s needs.

Open-loop payment in transit

17th March 2016by Consult Hyperion4 Comments

In my previous blog, I talked about the trends in smart ticketing systems leading to account-centric and open-loop payments which I want to consider in more detail in this blog.

‘Open-loop’ Payments

‘Open-loop’ is the term used for transit payment instruments which can also be used for generic payments outside of the transit system. By contrast, traditional transit payment smart cards (such as Oyster in London) have required customers to convert their money to transit-only funds stored in a transit account and used to pay for travel. Customers have been prepared to do this because of the benefits of speed of access to the transit system without having to stop to purchase tickets. However, the down-side is that they have to periodically load funds to their CTCs, such funds then being unavailable for other purposes unless a refund from the CTC is sought.

There are many payment instruments emerging, but the one which is currently most ubiquitously accepted by merchants is EMV, the smart debit and credit standard used by the large payment networks including MasterCard, Visa and American Express whose members are the banks. These Payment Schemes are currently lobbying the transit sector for their open-loop cards to be accepted as payment instruments within transit.

This approach has the obvious benefits that (i) fewer CTCs need to be issued by the transport operator, and (ii) customers can arrive in a city from anywhere in the world and travel using the bank cards in their pockets.

The leading example of open-loop payments in transit is London where all Oyster readers have accepted contactless EMV (cEMV) payment cards from across the globe since 2014. Other transit schemes already committed to rolling out acceptance of cEMV open-loop payments include the national OV-Chipkaart scheme in the Netherlands and MTA in New York.

UKCA Transit Framework Model

The country with the most practical experience of a large-scale open-loop payment transit deployment is the UK, and, in particular, Transport for London which now sees more than one million journeys per day using ‘contactless payment cards’, the generic term used to described all EMV-compliant contactless devices, including ApplePay.

The deployment in London was pioneering and occurred before any models existed for cEMV use in transit. Subsequently, a payment model framework has been developed by the UK Cards Association (UKCA) in conjunction with the transport industry. The Association’s members issue the vast majority of debit and credit cards in the UK.

UKCA has identified three models which are described below. Two of the models are ‘pay as you go’ (PAYG) and the third model assumes that a ‘travel right’ or PAYG balance has already been purchased.

The important point to understand is that UKCA models 1 and 2 exploit EMV payments and are therefore bound to EMV-issuing banks, which are communicated with via the Merchant Acquirer. These models are different from transit account-centric solutions which could accept pre-payment from any payment instrument, not just bank cards. Furthermore, the ‘token’ used to identify the passenger in the account-centric solutions can be either an open-loop (CPC) or a closed-loop (CTC) token.

This last point is important in relation to ‘unbanked’ passengers. It has been shown (e.g. Ventra in Chicago) that cEMV technology cards can be issued to the unbanked and used as smart ticketing ID tokens to access pre-purchased transit products.