Mobile Ticketing to the Rescue

Mobile Ticketing to the Rescue

Flexibility, scalability using adopted cryptographic platforms

When Public Transport Operators (PTOs) were hit by the pandemic, it reduced their sales volumes dramatically. One challenge was the difficulty of distributing and selling physical tickets. Over the past two years, however, there has been a digital transformation that will enable PTOs, both in the near term and post-pandemic, to operate with much greater flexibility and resiliency through mobile ticketing sales channels that are always available using Apps and smartphones.

PTOs will also be able to directly reach customers with tailored offers that create new revenue streams and digital engagement opportunities.

To be successful, however, these mobile channels must be secure and fraud-free. This is possible in a flexible and scalable way by using widely adopted cryptographic mobile ticketing platforms that support open standards.

Moving to Mobile Ticketing
In the two years since the pandemic started, contactless fare payments have seen a drastic increase across the globe. In its report, Smart Ticketing Market – Growth, Trends, COVID-1 Impact, and Forecasts (2022-2027), the research firm Mordor Intelligence mentioned that contactless payments in transportation applications are playing a very crucial role in helping to safeguard people as the world continues its fight against the rapid spread of the COVID-19 pandemic.

The next step is to bring this contactless experience to mobile platforms with the convenience and security of a smartcard. Only then can consumers have the simplicity of mobile ticketing without the worry of fraud or potential hacking of digital tickets hosted in smartphones.

Mobile solutions based on QR codes have introduced inherent security and ergonomic risks. Instead, PTOs need ticketing solutions based on microprocessors with cryptographic capabilities that provide a much more secure and stable foundation for ticketing. They also must support open, community-led standards. An open, competitive ecosystem supported by certification ensures that user needs are embedded throughout the entire product cycle.

One place where this approach has been embraced is the Paris Region, which Mordor’s report describes as one of the largest transit networks worldwide. The region offers travelers the benefits of contactless mobile ticketing that is compatible with existing contactless readers using the Calypso open transit standard from the Calypso Networks Association (CNA).

CNA’s open, secure Calypso ticketing standard is relied on by public transportation networks and cities around the world. It has been adopted in more than 25 countries and more than 170 cities globally, enabling PTOs to effectively fight fraud since tickets cannot be duplicated, transferred or altered. Prior to any modification being made to a ticket hosted on a Calypso product, the Calypso chip is authenticated by the reader, as well as the reader being authenticated by the chip. To date, no Calypso card has suffered a security breach, and the standard supports fast throughput at transport locations during peak commute times, taking approximately 120 milliseconds to transact.

The CNA’s addition of the Calypso Host Card Emulation (HCE) standard has extended the success of Calypso to mobile devices. Additionally, CNA has created the Calypso HCE Security Certification (CHSC) program that combines a state-of-the-art evaluation methodology with the most stringent requirements of mobile security programs.

Building Mobile Ticketing Solutions on the Calypso Standard
Calypso specifications detail how to securely transmit a ticket data between a traveler’s card, a phone or watch for example, and a transport/mobility authority’s ticketing reader. This reader might be an access control barrier, vending machine or handheld reader. The specifications cover card personalization, purchase, reload, validation and control of tickets and transport contracts, and are based on existing standards to ensure seamless integration and support global interoperability.

The CNA also set a security baseline for Android mobile solution providers, verified by an independent laboratory. Even if PTOs are not fully aware of the security complexities, there is peace of mind that the solution is secure thanks to the steps that solution providers have proactively taken during the development process.

As an example, HID Global began working with the CNA in 2016, was the first Calypso certification for its HID SOMA Atlas™ operating system, and in 2017 the company began developing a version of its SOMA Atlas™ for the Android platform. HID adapted the root of a traditional microprocessor found in a smartcard for use with Android phones to create SOMA Atlas™ 4Digital, which uses Calypso HCE technology to create a secure digital ticketing solution. PTOs field tested it and found it offered the same transaction functionality in mobile as it did in a smartcard, and much quicker transactions times than QR Codes™ or EMV®-based solutions.

Mobile ticketing solutions are now available that support credential technologies such as MIFARE® along with the Calypso open standard. This provides the interoperability and flexibility to create the technological infrastructures underlying new secure mobile ticketing solutions.

Today’s platforms should include Software Development Kits (SDKs) that are fully certified to Calypso HCE standards. This speeds the deployment of physical and virtual credential solutions that are compatible with the verification processes of modern electronic ticketing systems. Because these solutions use smartphones, there is no need to install expensive validation devices on buses and subways.
PTOs should make sure that their mobile ticketing solution provider’s SDK enables them to greatly expand the range of devices that their customers can “tap to pay” for travel using Android smartphones and other NFC devices.

Additionally, passengers should also be able to use their mobile devices to add funds (“top-up”) their Calypso-based transport cards, making it even easier to pay and use public transport, while minimizing physical contact.

Future Opportunities
Building on CNA members’ CHSC work, it will also be possible to introduce new capabilities. This includes adding machine learning technology to the anti-fraud module of a back-end mobile ticketing system. This will allow a solution to automatically detect and respond to potential security breaches in real-time based on an analysis of typical traveler’s behavior.

COVID-19 has brought mobile ticketing to the forefront of modern transit system planning. Safety, convenience, and throughput continue to be important. Delays while passengers struggled to find and present a readable ticket had already caused long queues, disgruntled customers, and reputational damage to PTOs prior to the pandemic.

During the past two years, the physical tickets created unnecessary touchpoints in a world trying to minimize person-to-person and person-to-thing exposure during the pandemic. Moving to mobile transportation ticketing technology solves these problems while creating a seamless, intuitive user experience that is ideal for mass transit systems around the world.

This article originally appeared in the April 2022 issue of Security Today.

Featured

  • Seeking Innovative Solutions

    Denial, Anger, Bargaining, Depression and Acceptance. You may recognize these terms as the “5 Phases” of a grieving process, but they could easily describe the phases one goes through before adopting any new or emerging innovation or technology, especially in a highly risk-averse industry like security. However, the desire for convenience in all aspects of modern life is finally beginning to turn the tide from old school hardware as the go-to towards more user-friendly, yet still secure, door solutions. Read Now

  • Where AI Meets Human Judgment

    Artificial intelligence is everywhere these days. It is driving business growth, shaping consumer experiences, and showing up in places most of us never imagined just a few years ago. Read Now

  • Report: Only 44 Percent of Organizations are Fully Equipped to Support Secure AI

    Delinea recently published new research on the impact of artificial intelligence in reshaping identity security. According to the report, “AI in Identity Security Demands a New Playbook,” only 44% of organizations say their security architecture is fully equipped to support secure AI, despite widespread confidence in their current capabilities. Read Now

  • Interface Systems Enhances Safety and Communication at Texas Church and School

    Interface Systems, a managed service provider delivering business security, actionable insights, and purpose-built networks for multi-location businesses, today announced the successful completion of a major security upgrade for Bethesda Community Church and Bethesda Christian School in Fort Worth, Texas. Read Now

  • ASIS International Introduces ANSI-Approved School Security Standard

    ASIS International, a leading authority in security standards, is excited to announce the release of its American National Standards Institute (ANSI)-approved standard designed to provide a framework for developing, implementing, maintaining, and improving school security. The first comprehensive standard of its kind provides a critical benchmark for assessing and improving a school’s security posture regardless of size and funding. Read Now

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.