Are Transit Operators Ready to Look Beyond the Mag-Stripe?

The opportunity to perform offline transactions is really beneficial for transit operators who are now able to assure that they are at the very least dealing with a genuine card through the offline authentication method. The majority of contactless EMV cards are now issued supporting the highest level of dynamic data authentication.

On the flip side, the card reader interaction time with EMV cards does take longer than the equivalent time taken for magnetic stripe. However, compared with the end-to-end transaction time required to authorize a magnetic stripe, EMV offers a comparable alternative.

The payments schemes have also specified a data area that can be used by merchants to record tap data in the future. This could be used in the transit space for capping calculations, other payment models and revenue inspection.

What Should Transit Operators Do?

New merchants in the United States, including transit operators, are now caught in limbo and waiting to see if and when the EMV acceptance finally comes. Migration will have to be driven either by overwhelming merchant demand, which as we have seen has already started, and/or government directive, where some banks are pushing the government to act.

Either way, sooner or later, it seems likely that EMV will come to the United States. Without EMV, the United States opens itself up to all card fraud as it migrates away from EMV-adopting areas to the weakest link in the payments chain. Therefore, the message for transit operators thinking about rolling out payment card adoption is: “Go EMV capable now!”

EMV capable readers are also capable of reading contactless magnetic stripe cards. All payment readers have to be capable of communicating with cards of the least common denominator and therefore, the benefits on EMV can be realized now at the same time as meeting the needs of most of your customers who are still on existing technology cards. Those cards that are issued as EMV in the United States or come visiting from overseas can be authenticated, thereby guaranteeing to the transit operator that it is a genuine card from a genuine issuer, while magnetic stripe cards request the existing online mechanisms.

Of course these readers will be more expensive than standard magnetic stripe readers; they are capable of advanced cryptographic functions — but wait. Actually all modern readers should have these capabilities now due to the requirements of PCI-DSS to encrypt all payment-related data. Therefore, why pay more for EMV + Magnetic Stripe + PCI when Magnetic Stripe + PCI fundamentally have the same core cryptographic functions?

Transaction Models

Three key areas to consider when designing a new ticketing infrastructure are the scope of the network, interoperability and the likely cost savings. Urban operators have different priorities to their inter-urban or rural counterparts. Speed and self-service are both key in the urban environment, while inter-urban operators need to offer a greater range of customer-focused products and services, perhaps including integrated ticketing with connecting urban or rural services.

“Pre-issued” media, such as the bank credit or debit cards, offer the opportunity to develop a ticketing or payment strategy with zero issuance costs, making use of a device that the passenger already carries and which is fully interoperable worldwide. But current payment cards are read-only. As a result, transaction data, value top-ups and ticketing products cannot be stored on the card. Plans are in place to introduce payment cards that can hold transient data, supporting possible future ticketing applications. Meanwhile, the operator can choose to use the card to collect a payment at the “point of tap” or sometime later. In this case, a new “middle-office” infrastructure would collect the taps and charge an “end-of-day” amount.

Mifare media, used in a closed network, can use the card as the primary device and maintain shadow data in the back office. In this case, all tickets and value are held on the card and the fare calculation is carried out by the reader at every tap. If payment cards are selected, two basic options are available. In a reader-focused model, a payment transaction is performed and value is taken from the card’s offline balance. At the end of the day, the transactions are settled via a merchant acquirer. In a back-office model, the tap would authenticate the card and harvest payment data, but the real transaction would be performed later, after the fare had been calculated.