The topic of open standards for automatic fare collection is heating up. Budget challenges and growing security threats are creating the need for highly secure fare collection systems that also provide interoperability and increase operators’ flexibility. Together with increasing availability of near field communication (NFC)-based smartphones, “stickers” and peripheral devices to the consumer market, these market forces are requiring transport agencies to think long and hard about their fare collection system alternatives. How an agency chooses to move forward will depend on how it can address considerations surrounding its existing infrastructure, intellectual property (IP) rights ownership and immediate goals. New or Upgrade? The easiest way for an agency to move to open standards is to build its system from scratch on open standards. For example, if an agency is considering replacing its existing fare collection system, the request for proposal (RFP) should require compliance with open standards. However, total replacement is usually not an option for many agencies and, for those, it may make more sense to identify specific components that can be replaced to begin the migration to open standards. Who Owns the Rights? The ease — or even feasibility — of migration depends on whether the agency owns the IP rights to its system. In many systems, the customizations and integrations include IP owned by the systems integrator. The agency must determine if it has the right to modify its system and share specifications with third parties. If the agency owns the rights, the process of migration to open standards is greatly simplified and can proceed on any schedule defined by the agency. However if not, the agency will likely have to purchase the rights. For example, a large European transit authority plans to deliver an open payment system within two years. To do this however, the authority had to pay millions of dollars to its system integrator. Purchasing rights can be cost-prohibitive, even for large, well-capitalized transit agencies but may provide an attractive return on investment in the form of reduced capital and operating costs in the future. The Best Places to Start If the agency owns or can obtain the rights to introduce open standards into its existing systems, where is the best place to begin? Because core systems are usually proprietary, the best opportunities for standardization are likely to be the devices at the “edges” of the network, such as payment vending machines, fareboxes and smartcard readers. Interface specifications can be shared with third-party providers of these devices to enable the new equipment to be interoperable with the core systems while also providing the means to introduce open standards compliance. Agency control of the card to reader interface is also important. If the agency has the rights to share and/or change its card data structure and the security associated with card to reader authentication, replacement of both cards and readers is feasible, enabling the introduction of more secure and more cost-effective products. If such rights do not exist, it will be more difficult for the agency to independently complete this type of upgrade. When new devices or smartcard readers are being added or are replacing existing devices, the agency should require that each device and the interface to/from that device is compliant with open standards and can support open standards-based payment cards. By requiring such compliance, the agency will ensure that it retains the right to procure and introduce new, open standards-compliant devices in the future and will not be tied to a single supplier or a single solution for security. Choosing a Truly Open Secure Standard The only truly open standard for secure transit fare collection solutions is the Cipurse open security standard, from the OSPT Alliance. The OSPT Alliance is a nonprofit organization that was formed by Giesecke & Devrient, Infineon Technologies, Inside Secure and Oberthur Technologies to help the transit community move toward the next generation of secure, cost-effective and flexible fare collection solutions through a global, multi-provider community. The Cipurse open security standard provides an advanced foundation for developing highly secure, interoperable, and flexible transit fare collection solutions. It is built on proven standards, including ISO 7816, AES-128, and ISO/IEC 14443-4 for securing multiple payment types. Cipurse-validated solutions can be used within existing application frameworks around the world while promoting cross-vendor system interoperability, reducing technology adoption risks, and increasing the industry’s responsiveness to market needs. The Cipurse open security standard also enables transit agencies to future-proof their fare collection infrastructures by ensuring interoperability with NFC mobile devices as they start to be deployed commercially. Why Start Now? As smartcard and mobile phone-based payment, loyalty and access solutions become widely adopted across the transportation industry, the industry becomes more attractive to fraud perpetrators. Traditional systems may have to be upgraded to address these threats and to meet security and compliance requirements. An open standards-based system is the only way to adapt and maintain your security posture without having to spend millions of dollars to an integrator each time security threats evolve. Agencies can also increase their procurement options while reducing costs. Traditionally, agencies purchased systems from a handful of known vendors and integrators. With a lack of competition, agencies had little choice but to pay a premium price for peace of mind. However, with an accepted open security standard, such as Cipurse, agencies can eliminate security and interoperability worries because certified products have been validated to deliver the levels of security required. This offers agencies more purchasing flexibility and stimulates a more cost-competitive marketplace. New open standards-based Cipurse products will appear on the market later this year. Now is the time to review your fare collection system strategy and plan for your next steps toward open standards. Laurent Cremer is executive director of the OSPT Alliance, an international association chartered to define a new open standard for secure transit fare collection solutions. It provides industry education, creates workgroup opportunities and catalyzes the development and adoption of innovative fare collection technologies, applications and services. Membership is open to transit operators, solution vendors, government agencies and other stakeholders in the transit ecosystem. For additional information, please visit www.osptalliance.org.
San Francisco Municipal Transportation Agency
