A number of important controls were identified in order to guarantee the most appropriate security. For example, the international payment schemes use a standard called PCI-DSS to set out the requirements for merchants accepting credit and debit card transactions, and heavy merchant fines are associated with any breach of these requirements. As a result, the requirements of PCI-DSS have been driving much of the security design of the new contactless system.
In addition to PCI-DSS, working with the transport operators, Visa, MasterCard and American Express has ensured that the security controls of the new system are fit for purpose and proportionate, and further prototyping work ensured that the security controls wouldn’t have a negative impact on the performance of the system.
The new system will mark a shift in emphasis from the "front lines" to the back office. Ticketing logic will migrate away from the card and card readers and to the back office instead. When a payment card is touched in or out, transactions will simply be collected throughout the day and journey fares calculated in the back office at the end of each day. This will eventually deliver a massive simplification at the reader end, since complex fare tables will no longer need to be held nor used at the card readers.
Once this upgrade is completed, the Oyster system will be able to recognize contactless debit and credit cards issued by Visa, MasterCard and American Express — as well as Oyster and ITSO cards — wherever Oyster is currently accepted on TfL and National Rail services.
Plans are also in place to enhance online customer accounts to make it even easier for passengers to see information about their travel history, their account and also query and make payments. Certain features of contactless payments will also be adapted to suit the public transport environment. For example, customers will never need to enter a PIN at the gate line or bus reader.
By utilizing this "contactless" environment, transport providers will be able to benefit from significant operational and cost savings, since cash-handling costs will be reduced, as well as smartcard issuance costs (due to more people using bank-issued payment cards). Not only is the cost of collecting, transporting and securing cash significant, the ability to minimize the use of cash will also reduce the risk of theft, particularly from buses.
Future developments of the system relate to the technology within contactless debit and credit cards. According to Consult Hyperion, contactless debit and credit card chips could soon have a Transit Data Area (TDA) added which will allow card readers to write transit data to the card so that a customer’s validity to travel can be checked more easily. Technological developments like these are continuing to drive progress in this area, thanks to the strategic collaboration between some of the world's leading mobile technology developers, smartcard manufacturers, service providers and standards bodies.