10 Questions to Ask Before Implementing an Open Payments Contactless Ticketing System for Public Transport
The ability simply to tap a contactless bank card or mobile wallet to travel is transforming the way passengers pay for public transport. In this article, we’ll explain how contactless ticketing (cEMV), often referred to as ‘Open Payments’ or ‘Open Loop Payments’, is revolutionizing fare collection and answer the most frequently asked questions about contactless EMV implementations.
We’ll deal with the following topics and tell you everything you need to know about the basics and signpost where you can find deeper insights.
- What is cEMV?
- What are the main benefits of Open Payments for public transport ticketing?
- What is Apple Pay/Google Pay and how does this deliver Open Payments for public transport ticketing?
- Why are Open Payments with an Account Based Back Office important?
- Which Open Payments model am I buying into?
- Which model is best?
- Which payment processor and acquirer should I use to collect payments?
- Do I need to install new on-board fare collection infrastructure to support Open Payments?
- Is my recommended fare collection infrastructure compliant with PCI standards?
- How do I introduce Open Payments alongside existing ticketing and payment systems?
- How can a system accommodate riders who don’t have a bank card, bank account or mobile phone?
The pace of change in the ticketing industry is accelerating as more agencies move away from issuing physical tickets to the convenience of using mobile phones and contactless EMV (cEMV) bank cards to ‘tap and ride’.
In our 2021 survey of transit agencies, 92 percent said they were planning fare payment innovations to bring riders back on board post-pandemic and more than a half are planning to introduce Open Payments using contactless bank cards and mobile phones.
Before we delve into the 10 questions to ask your supplier before implementing an Open Payments solution for public transport, there are some basics we wanted to cover for those just getting started.
What Is cEMV?
EMV literally stands for Europay, Mastercard and Visa, the three companies that developed the specifications for the standard. The ‘c’ prefix stands for ‘contactless’. EMV is a technical payments standard that ensures chip-based payment cards and terminals are compatible (can communicate with each other) around the globe.
For years EMV cards have been used for retailing around the world. The card uses an embedded microprocessor that connects to an EMV Point of Sale unit (PoS) via card insertion or a contactless tap, and it’s the latter which makes EMV cards interesting for public transport.
The contactless card or mobile device is held near to the PoS terminal (approx less than 2in/6cm away), and the payment account information is encrypted and exchanged during a secure conversation between card and terminal.
It’s this technology that enables seamless ‘tap and ride’ journeys across public transit systems – allowing riders to pay for fares by ‘tapping in’ on boarding and if appropriate ‘tapping out’ when they alight.
What Are the Main Benefits of Open Payments for Public Transport Ticketing?
Using cEMV cards offers many advantages for passengers, agencies and operators because they are both a secure token and authenticatable payment method in one. They are also already in passengers’ pockets and can be used across any transport system configured to accept contactless payments without needing to create an account. This means agencies do not need to issue plastic cards, saving money on material and issuing costs. It’s also really convenient for passengers who simply use the card already in their pocket. Not having to create an account before using a card on public transit provides passengers with the most seamless ticketing experience possible. This can also be enabled on passengers’ smartphones and smart devices through services such as Apple Pay and Google Pay.
What Is Apple Pay/Google Pay and How Does This Deliver Open Payments for Public Transport Ticketing?
Apple Pay and Google Pay emulate payment cards by using NFC and secure storage chips within smartphones to talk to a card reader within a validation device, as you would with a contactless bank card. Both Apple Pay and Google Pay link to a bank card which needs to be set up within their respective payment platforms before use. Apple and Google Pay effectively replace the plastic bank card in a digital environment and provide the user with extra information about the transaction. A benefit with Apple and Google Pay is that your funding card number, which is the number printed on the physical EMV card is never used but a digital card number is used. This adds an additional layer of security given that the funding card number cannot be determined from the digital card number.
Why Are Open Payments with an Account Based Back Office Important?
With an Account-Based Ticketing back office in place, passengers can be certain of getting the best value fare without needing to understand which fare they need to select – also known as fare capping. Tapping in – or tapping in and tapping out – to ride allows the back office to automatically calculate the best fare and charges the rider accordingly.
Account-Based Ticketing using contactless EMV bank cards and mobile wallets is the optimal way of delivering an Open Payments solution.
Account Based Ticketing also makes it easy to introduce new fares and smarter ticketing options as the ‘back office’ is easier to update than hundreds of locally hosted devices that previously had to be updated to enable new fares.
10 Questions to Ask Your Supplier before Implementing an Open Payments System
When exploring the options for Open Payments, there are a few key questions to ask to ensure the system – and the supplier selling it – will both meet your needs.
From features to security, design to deployment, usability to support, it is vitally important to tick all the boxes. Based on our experience with more than 150 transit agencies around the world, we believe the following questions cover the most salient topics that you should explore to ensure the solution you select is the right one for you.
1. Which Open Payments model am I buying into?
There are three principal ways to deliver contactless ticketing – but not all of these will suit every transit agency.
Model 1: Known Fare Model (no capping or transfers)
The customer taps their card at the start of each journey and a fixed fare is automatically charged. This model does not require an Account-Based back office and works well where an agency charges a simple flat fare for all journeys, but it can’t cope with more complex journeys, period passes or facilitate fare-capping. Some operators also use driver interaction where the passenger speaks to the driver to request a particular journey or discount, and the driver sets the desired fare amount before the rider taps their card to make payment. This interactive mode doesn’t particularly speed up boarding and agencies also pay per-transaction fees on every boarding event, which can be expensive.
Model 2: Aggregated – Pay as You Go Model or MTT
This model facilitates more complex pricing and multimodal journeys. It can combine multiple journeys and modes of transport into a daily charge based on where and how often the rider taps in (and optionally taps out). It can also enable free or reduced price transfers and additional fare-capping as passengers ‘earn’ return, daily, weekly or monthly passes, enabling passengers to tap around the transport network for several days until they reach the monthly pass value, at which point the system stops charging the passenger until the start of the next month. Riders can also register their cards for concessionary discounts, such as senior or disabled, and have their reduced fares calculated automatically.
Because the taps during a day are collected and analysed prior to setting the total fare for the day, they can aggregate them into a single transaction, avoiding separate card fees for each tap, saving the agency money.
This system runs off an Account-Based back office which means passengers do not need to buy a ticket before travel, they simply use their secure token (in this case a cEMV card) and are charged periodically (within a fare framework determined by the transit agency).
A good ABT system can also provide fare capping and similar advantages to other token types beyond cEMV cards, so that children and un-banked cash-only riders can also enjoy the same benefits, without paying more for a series of single tickets.
Model 3: Pre-purchase (Card as Credential to travel)
This model is more suited to long distance travel, pre-booked seats, high value season passes or agencies who don’t want to or cannot implement fare-capping across all their fare types, but still want the benefits of passengers bringing their own ticket. It requires the customer to purchase a ticket before they travel, for example using a web portal online and linking it to their account, which is associated with their cEMV card. Customers then use their contactless card as their token to travel, and enforcement devices associate the travel entitlement records from a back office system with a list of card tokens either downloaded for offline inspection, or checked online each time.
So which model is best?
For most agencies, we believe Model 2 is the best long term option – even if their immediate needs suggest a simpler solution is adequate in the short term.
The known price model (Model 1) is simpler to roll out, but there is very little flexibility to configure more complex fare frameworks at a later date. The pre-purchase model (Model 3) works well for specialist operators running a small number of routes (e.g. airport transfer shuttles) with no requirement for fare capping.
The aggregated ‘pay as you go’ model (Model 2) can deliver everything that Models 1 and 3 offer, but provides much greater flexibility and future-proofing down the line.
In the long term – even for agencies who want to initially trial known price Open Payments – it pays to work with a technical partner with the capability to upgrade to an aggregated Model 2 solution in future.
2. Which payment processor and acquirer should I use to collect payments?
An Open Payments fare collection system relies on third party processors (PSP) and acquirers (Merchant Bank Account Provider) to manage contactless payments. Open Payments in transit mode differs from retail mode and both the payment processor and acquirer must be certified in that geographic territory to process the more complex transit mode cEMV transactions that have zero value authentications, variable capture and debt collection which are sometimes very new functions never used by traditional merchants. We have experienced some payment providers that are able to process transit payments in one country, but unable to in others.
So it’s essential to select a payment processor and acquirer who both have experience in processing cEMV payments in transit mode and experience of working together. This will make the cEMV Level 3 certification process much easier to achieve.
3. Do I need to install new on-board fare collection infrastructure to support Open Payments?
It’s possible that your onboard ticket validators are already compatible with Open Payments, but even if this is the case, they may require an additional level of certification before they can be used to accept contactless fare payments.
Validators will need to be cEMV Level 1 and 2 certified including the transit mode extensions and suitable card tokenisation before they can be used to accept contactless fare payments. If your current validators don’t have those capabilities, you will need to procure new validators, or in some cases, get updated kernel firmware for the readers. Try to source these from a supplier who already has a strong track record in cEMV transit payments, with several thousand units in operation.
Tokenisation: for Transit cEMV Model 2 and Model 3
In order to support the temporary denial of ABT tokens that are not in good standing, such as a cEMV payment card that has run out of credit, a deny-list (or hotlist) of cards and tokens is occasionally downloaded to card validation devices to prevent further journeys by those cards until their cEMV automatic debt collection process has been successful and the card can be removed from the deny-list. Although normal ABT tokens can be listed simply as card numbers, the PAN (Payment Account Number) written on a payment card cannot be downloaded in a deny-list and saved on many handheld and bus mounted validation devices due to the risk of that list being stolen. Instead when each card is tapped on the reader, the validator will generate a cryptographic transformation of the PAN, known as the ‘Tokenised’ value, which is resistant to attempts to reverse it back into the original PAN. This token value is used in the ABT system to refer to the card, and to share it in deny-lists sent to the validator. When a new card is presented for travel, it is tokenised and the token compared to the deny-list before allowing it to travel. To ensure that the deny-list token matches the newly generated token from the reader for a given card, all readers must support the same tokenisation method. Many basic Model 1 merchant-mode EMV readers don’t support tokenisation at all, so it is important to agree which tokenisation method your system will use (this might be already chosen by the back office provider) and then all validation devices must support that tokenisation method in their secure firmware, to remove the requirement for PAN’s to be downloaded. An example tokenisation method is keyed SHA256 HMAC, which requires an agency-wide secret key to be installed in each reader to ensure identical token generation. There are other tokenisation methods that don’t require keys.
If your current validation units are Level 1 and Level 2 certified with transit capabilities and tokenisation, you will then need to secure cEMV Level 3 certification or ‘End to End’ certification for them. This level of certification also involves your processor and acquirer (see above) and the card scheme (payment network) so it’s important to have these arrangements in place prior to seeking Level 3 certification. It is important to note that the cEMV Level 3 certification is required for each card scheme, and is different for each card scheme, thus it is important to work with a payment processor and acquirer who have experience with open payments.
4. Is your recommended fare collection infrastructure compliant with PCI standards?
You will also need to demonstrate your validators, back office, business and maintenance processes comply with the Payments Card Industry Data Security Standards (PCI DSS) including Chain of Custody control for payment devices to ensure that payment devices haven’t been tampered with to add card skimming or cloning devices or exchanged for devices that will steal card numbers.
If your company has followed this regulation, then your validators should be OK to be updated to process Open Payments once the cEMV Level 3 certification has been obtained.
If Chain of Custody control records cannot be proven, the devices will need to be sent back to the suppliers to be inspected and recertified prior to securing Level 3 certification and key injection.
5. Does your contactless payment system work offline?
The prevalence of 4G and – increasingly – 5G data networks means that the requirement for contactless technology to work offline is becoming less of an issue; however, many contactless payment systems will continue to function in areas without network coverage, or during times that connectivity has failed. EMV transit specifications specifically allow for offline authentication and processing, and offline deny-list checking, so the latest generation contactless onboard validators will store the details of any transactions made offline and upload these once connectivity is re-established. In areas with patchy network coverage (such as remote rural areas, the urban canyon, underground or around bridges and bus depots) this very slightly increases the risk that an out-of-balance card freshly added to the central deny-list won’t have been downloaded to your vehicle yet and might get an additional journey, but provided your acquirer and processor have robust debt recovery strategies in place to automatically retry the transaction every few days for when the card balance is again paid up, the risk of incurring long-term bad debts is reduced.
6. How do I introduce Open Payments alongside existing ticketing and payment systems?
If you have rolled out a shared fare payment platform like Justride, then chances are that your back office and validation devices are already able to be updated to full model 2 cEMV ticketing including ABT and fare capping if desired. If the validators are too old, maybe swapping them for a newer cEMV unit, or a process loading updated firmware and cryptographic keys to them for cEMV is required. You will need to work with your provider to have a transit-capable payment processor and acquirer in place too.
If you are considering several different new ticketing technologies, then maybe fitting a new multi-format validator to the side of the legacy farebox, with a back office that provides those different options is the way to maintain optionality, while still leaving the legacy farebox in place on the vehicle to process cash and legacy closed fare cards. If the new ticket options prove popular enough, then as cash use declines onboard, eventually the legacy fareboxes can be retired, just leaving the new multimode validator, as implemented by Dayton RTA, Ohio.
We recommend installing multiformat readers to provide multiple channels which would allow an agency to trial a simple fixed price ticketing (Model 1) solution to test the concept, before unlocking the real benefits – for both operators and passengers – by upgrading to a Model 2 solution.
The new Open Payments infrastructure added could then be used in a wider rollout of a more comprehensive contactless aggregated Model 2 at a later stage if a more complex back office were procured, and the readers procured already supported an appropriate tokenisation method.
7. What are the customer service implications?
Where Open Payments have been introduced, customers are overwhelmingly positive towards them and uptake is generally swift – especially among younger demographics who are increasingly embracing a ‘cashless’ lifestyle. According to Research conducted by Visa in 2019, 94 per cent of 18-34-year-olds already prefer to use non-cash methods of payment.
As retailers’ experience indicates, painless payment solutions increase the likelihood of a customer buying a product or service. Four years after Open Payments were introduced across London’s transit system, 54 percent of pay-as-you-go journeys were paid for using cEMV cards.
The 2019 Visa study indicated that 49 per cent of UK commuters see the introduction of contactless payments as the single most significant improvement to their overall public transit experience. More recent Visa research conducted in 2021 indicated that 88 per cent of riders expect their local transit system to offer a contactless option to pay for their journeys.
Sometimes users will query entries on their payment card statements, which makes it useful to put descriptive entries in the transaction data submitted, and having a customer self-service web and mobile portal where they can register their payment card, view travel payment history and print out receipts for claiming expenses, without needing to call customer service agents.
The biggest potential customer service challenges will likely centre on riders being refused boarding because their cards are on ‘deny lists’ – but these are administered by your processor and acquiring partners who should be able to produce the data to explain the reason for their card not being accepted. Usually, in a well-designed Open Payments system, each time a card on the deny-list is tapped again it triggers a “debt collection” attempt to re-try the failed payment just in case the cardholder has paid their bill or topped up their card just prior to tapping.
There is also some potential for mischarging if a rider taps different cards on different vehicles or taps in and out with different cards (sometimes referred to as ‘card clash’, which occurs because multiple contactless cards are held towards the reader at the same time). Clear messaging is required to remind riders to use the same card at each end and for all linked journeys, and to avoid placing a whole wallet full of different cards on the reader at the same time.
8. How do you monitor uptake?
Contactless payment systems provide rich data on utilisation and journey patterns. Payments data remains encrypted, but the journey data is available to transit agencies and operators, providing more detailed insights into Open Payments usage patterns – pretty much in real time.
Having access to this data in aggregate will quickly indicate acceptance and uptake of contactless payments and could potentially highlight any barriers to adoption or areas where awareness is lower.
Transit agencies should make sure their use of the Open Payments travel data is consistent with the terms and conditions of carriage, and that they respect users’ privacy when using aggregated travel data, rather than specifically targeting users individually, which could cause a consumer backlash.
9. How will your system accommodate riders who Don’t have a bank card, bank account or mobile phone?
Let’s be clear; switching on contactless ticketing using bank cards and turning off all other ticketing media is simply not a possible, equitable or inclusive option. Open Payments are just another layer to a ticketing mix that must continue to include options for unbanked riders. These could include convenience store bill payment networks offering thermal barcode tickets on receipt paper for low-value pre-purchased tickets, cash digitisation or cash top-ups for Stored Value Accounts associated with local ID cards, mobile apps, or Account Based Ticketing smartcards for the unbanked.
The good news is, every rider no matter their banked or technology status can have a ‘Tap and Ride’ experience making taking transit easier than buying a cup of coffee. It’s not limited to those with contactless bank cards or mobile phones. If you select the right Account-Based Ticketing platform it can accommodate all these ticketing channels alongside contactless bank card payments. And with the right promotion, passenger adoption of contactless payments will increase, taking the strain off the current ticketing infrastructure and allowing you to run down legacy systems over time, reducing and maybe even eliminating cash on board, providing improvements to journey times and reducing capital and business processes around cash for the agency.
10. Where is your future roadmap headed?
The pace of change in payments technology continues to accelerate, and riders’ expectations of how they pay for journeys are changing almost as quickly. Getting ‘locked into’ a bespoke fare collection system that doesn’t have the flexibility to support new innovations in payments technology in the future could prove costly.
How does your agency see the bigger picture unfolding? Will your customers expect you to offer wider connectivity and interoperability between neighbouring transit systems or specialist operators such as airport shuttles? Would you be comfortable insisting that your customers carry your closed loop smart card in their wallets when they can use their bank card to pay to travel on your competitors’ buses, or pay for transit wherever they travel using global apps they already downloaded like Uber, Moovit and more?
Ensure the Open Payments system you choose has a robust future-proof roadmap so the solution you buy today will continue to meet passenger needs in the future.
Fare Payments as a Service (FPaaS) and Open Payments
While it is possible to deliver Open Payments with a bespoke system using proprietary software and hardware, for many transit agencies, a future-proof ‘open loop’ approach may be more cost-effective to implement and offer greater flexibility.
Payment technology is moving forward at a rapid pace and new advances could be costly and complex to implement for agencies that are locked into a solution with a bespoke supplier.
This perhaps explains why 42 per cent of transit authorities are planning to adopt a Fare Payments as a Service (FPaaS) delivery model for fare collection in the future compared to only 17% sticking with bespoke systems. FPaaS makes it easier to introduce a raft of fare payment innovations – including an Open Payments solution, and know that the next new technologies will be added to their platform over time, without needing to guess what they will be or future proof their procurement today.
Using a Fare Payments-as-a-Service delivery model can also unlock many more ticketing innovations and benefits for both transit operators and riders.
Watch Masabi introduce FPaaS for public transport here.
FPaaS solutions are swifter and more cost-effective to implement and update and offer a flexible, inclusive future-proof roadmap for the delivery of a whole suite of Mobility as a Service (MaaS) innovations that are coming down the track.
Masabi’s Justride is the leading fare payments platform for public transport, helping agencies move away from expensive bespoke fare collection systems by enabling the delivery of Fare Payments-as-a-Service.
Justride is a single platform configured in different ways for all partners. Transit agencies benefit from the latest ticketing innovations delivered quickly and cost-effectively, with regular feature updates everyone on the platform benefits from.
For more information download our Contactless Ticketing (cEMV) Look Book.
This article was originally published by Masabi.