CONTACTLESS INTEROPERABILITY IN TRANSIT

Similar documents
NEXT GENERATION TRANSIT TICKETING

MOBILE PAYMENT SECURITY: BLE OR NFC

Mobile Near-Field Communications (NFC) Payments

Android pay. Frequently asked questions

PREVENTING PAYMENT CARD DATA BREACHES

American Express Contactless Payments

Transaction Security. Advisory Services

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

Payments Transformation - EMV comes to the US

Smart Card Fare Payment Solutions For Public Transportation

Euronet s Contactless Solution

Transaction Security. Test & Certification and Security Evaluation

What Merchants Need to Know About EMV

INTRODUCTION AND HISTORY

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

EMV Migration and Certification in the U.S. UL's View on Optimizing EMV Brand Certification Processes

OT PRODUCTS AND SOLUTIONS EMV-IN-A-BOX

The Future Of Cloud based Ticketing. Ernst Bovelander Director Advisory Services

MOBILE NEAR-FIELD COMMUNICATIONS (NFC) PAYMENTS

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

MasterCard Contactless Reader v3.0. INTRODUCTION TO MASTERCARD CONTACTLESS READER v3.0

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

Wayne EMV Solutions. Protect your business with a complete EMV Solution inside and out.

Your Reference Guide to EMV Integration: Understanding the Liability Shift

EMV Implementation for Acquirers: 11 Questions to Answer When Formulating Your EMV Device Budget and Timeline

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

PCI and EMV Compliance Checkup

Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER

A Secure and Open Solution for Seamless Transit Systems

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Bringing Mobile Payments to Market for an International Retailer

OT PRODUCTS & SOLUTIONS TRANSPORT

A Guide to EMV Version 1.0 May 2011

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

Transaction Security. Test Tools & Simulators

How Secure are Contactless Payment Systems?

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

Open Payment Fare Systems Save money through operational efficiencies.

EMV Chip and PIN. Improving the Security of Federal Financial Transactions. Ian W. Macoy, AAP August 17, 2015

welcome to liber8:payment

NFC in Public Transport

The Future is Contactless

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Implication of EMV Migration for the U.S. Transportation Industry. May 1, Implication of EMV Migration for the U.S. Transportation Industry

WIRELESS - GPRS iwl250 POS SOLUTION

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

Grow with our omni-channel payment processing technologies and merchant services.

Asian Payment Card Forum Growing the Business: Launching Successful Consumer Payments Products

Cloud based ticketing. Next generation fare collection

Chip Card (EMV ) CAL-Card FAQs

Information about this New Guide

Secure Financial Transactions Any Time, Any Place

Euronet Software Solutions Recharge Solution

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Private Label Payment Systems. White Label Systems

NACCU Migrating to Contactless:

Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies. Fiscal Service / Vantiv July 27, 2015

Meet The Family. Payment Security Standards

Best practices for choosing and integrating a mobile payments platform. A GlobalOnePay White Paper

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

EMV and Small Merchants:

HOW TO OPTIMIZE THE CONSUMER CONTACTLESS EXPERIENCE? THE PERFECT TAP

What is EMV? What is different?

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Latest and Future development of Mobile Payment in Hong Kong

The EMV Readiness. Collis America. Guy Berg President, Collis America

Preparing for EMV chip card acceptance

Commercial Banks. Payment transactions secured by G&D.

Card Technology Choices for U.S. Issuers An EMV White Paper

EMV mobile Point of Sale (mpos) Initial Considerations

Communication between contactless readers and fare media

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

EMV and Restaurants What you need to know! November 19, 2014

Apple Pay. Frequently Asked Questions UK

NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro

Transaction Security. Training Academy

Fundamentals of EMV. Guy Berg Senior Managing Consultant MasterCard Advisors

We make cards and payments work for people as a part of everyday life. We bring information to life

A RE T HE U.S. CHIP RULES ENOUGH?

NEWSLETTER PAX TECHNOLOGY. March Your Payment Partner of Choice

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

OpenEdge Research & Development Group April 2015

CANADA VS THE USA - THE CONTRAST AND LESSONS FOR MOBILE PAYMENTS

Euronet Software Solutions Integrated Credit Card System Improve your organization s marketability, profitability and revenue

Euronet Software Solutions ATM Management System Maintain and Expand Your Automated Service Offerings with a Secure, Flexible and Powerful Solution

Frequently asked questions - Visa paywave

Transcription:

NEW SCIENCE TRANSACTION SECURITY ARTICLE CONTACTLESS INTEROPERABILITY IN TRANSIT SUMMER 2014 UL.COM/NEWSCIENCE

NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction security technologies to comprehensive strategies for reliable mobile payment solutions, UL s New Science advances are helping to support compliance, interoperability and security for the latest transaction technology implementations. UL is working with customers across the industry, conducting stateof-the-art pilots; analyzing and assessing the security, functionality and interoperability of new and existing technologies; enhancing implementation processes; and developing unique migration architectures to help transition disparate systems to a new platform. NEW SCIENCE TRANSACTION SECURITY 2

WHY CONTACTLESS INTEROPERABILITY IN TRANSIT MATTERS In an increasingly urbanized world, the efficiency of mass transit is growing in importance. Contactless smart card technology in which a computer chip allows a card to communicate with a reader with a tap or by holding the card within 10 centimeters of the reader (i.e., by using a radio frequency [RF] interface) 1 has the potential to significantly enhance the speed, reliability and convenience of transit payments, given that public transport authorities and operators implement most interfaces today to be compliant with the ISO 14443 international standard. Unfortunately, significant interoperability (i.e., the ability of one device to successfully interact with another device) issues often emerge with these systems when other types of contactless cards are introduced. UL believes the marketplace is clearly trending toward more different ways to pay, and that addressing contactless interoperability is vital to facilitate the expansion of efficient mass transit systems. 2 CONTEXT Contactless payments offer significant benefits relative to existing systems. For consumers, contactless payment is more convenient. A consumer can simply wave or tap a payment card or mobile phone at the terminal to process a payment. In fact, the time saved has been quantified: according to one study, wait times were reduced by 14 to 20 percent in stores and 40 percent at drive-through establishments. Average transaction times also decreased by 10 to 40 percent. 3 Merchants benefit from contactless payments as well: 0102 002303 044050 059309 Contactless smart card technology has the potential to significantly enhance the speed, reliability and convenience of transit payments. Transaction times become faster, meaning that customers move more quickly through the payment process. Cash handling is reduced, payment terminal reliability is improved and payment processes are streamlined, improving operational efficiency and reducing operating costs. Customer spending, frequency of purchase and loyalty are enhanced, driving increased revenues. 4 In fact, MasterCard Canada has seen 25 percent increase in spending by users of its PayPass contactless credit card. Chase states that merchants have experienced 40 percent more average ticket sales with its Blink contactless card than with cash purchases, and that the frequency of everyday purchases increased by 35 percent when compared with traditional magnetic stripe credit cards. 5 3

Today, the mass transit industry in the U.S. and many other countries is pioneering contactless payment systems. 6 Since 2010, mass transit has been identified as the fastest growth area for contactless smart cards globally. 7 A key contributor appears to be strong demand in the broader marketplace. In a 2013 study, three out of four transit users in major cities said that electronic ticketing would make travel easier. 8 In another study, 66 percent said they would be likely to use a contactless tap-and-go (or wave-and-pay) method to pay for mass transit if it were an option. 9 Given the clear interest in these advancements, it is expected that half a billion people around the world will be using mobile devices as travel tickets by 2015. 10 As these systems have been implemented over the past few years, UL has observed that, despite compliance with the ISO 14443 international standard, a variety of interoperability issues with different fare management systems has emerged, including: An ISO 14443 compliant terminal unable to interact reliably with an ISO 14443 compliant card A 50 percent variation in operating distance for terminals of a single type and from a single supplier Terminals with a too weak or too strong RF field A contactless protocol tuned to one specific card type A sharp increase in communication reattempts when replacing a memory card with a generic microprocessor card 11 WHAT DID UL DO? At UL, we reviewed the field data and leveraged our deep organizational experience with transport authorities and operators to assess the interoperability issues emerging with contactless transit payment systems. Our initial observations include the following: A large number of contactless terminals and cards that claim to be ISO 14443 compliant fall short of the standard (which is possible because currently there is no ISO 14443 certification authority). A variety of interoperability issues in the interaction between contactless terminals and cards, as previously mentioned. 4

Many transit schemes are unable to switch from one card supplier to another, meaning that solving the resulting interoperability issues will be expensive and time consuming. Most near field communication (NFC)-enabled handsets are proven compliant with the more strict NFC Forum and EMV Contactless Level 1 specifications. Based on our observations, we believe that the existing ISO 14443 compliant transit terminals will continue to have many interoperability issues, which create severe hurdles to implementing contactless payment systems. We have developed a recommendation on how to address the existing interoperability issues and provide a rationale that details both commercial and technical benefits to our approach. 12 UL advises the transit industry to mandate the EMV Contactless Level 1 specifications for the contactless devices (both terminals and cards) used in transit payment schemes. In so doing, we believe the public transport industry can achieve global interoperability with its contactless interfaces. 13 Our recommendation is grounded in the experience of major payment companies (i.e., American Express, Discover, JCB, MasterCard, UnionPay and Visa) with their contactless cards. These companies faced the same interoperability issues as the public transport industry; however, they addressed the issues proactively by establishing EMVCo, an industry association that ensures worldwide interoperability and acceptance of secure payment transactions. EMVCo s work helps to protect the reputations of the payment brands, which could be damaged by interoperability issues because cardholders expect to be able to pay with their contactless cards anywhere in the world as long as a payment terminal carries the logo of the payment brand. 14 UL strongly advises the transit industry to mandate the EMV Contactless Level 1 specifications for the contactless devices (both terminals and cards) used in transit payment schemes. For card payments, EMVCo created guidelines for both the physical and functional aspects of contact and contactless payment transactions. To achieve interoperability on the contactless interface in payment, EMVCo specified a number of tests to verify implementations and established a full test and certification procedure with a number of globally accredited test labs. These procedures, known as EMV Contactless Level 1, are well defined and strict. 15 Because of the EMVCo specifications, the contactless interface for payments is now globally interoperable. Today, contactless cards issued by a bank in one country will be accepted by contactless payment terminals from another bank in any other country. In addition, most NFC handsets are certified in accordance with the EMV Contactless 5

Level 1 specifications and also benefit from global interoperability. As a result of employing a rigid certification scheme that is imposed on payment terminals, EMVCo currently offers a large platform that can be regarded as a de-facto standard for contactless compliance. 16 There are several commercial and technical benefits to our approach. Commercial Benefits 1. Larger market, lower prices Adopting the defacto market standard would open new opportunities for suppliers to offer their EMV-compliant devices for use in the transit scheme. The potential opportunity would be significant in an account-based setup in which much of the transit-specific programming logic would be moved from the front-end equipment to the back end. Such a setup would make it much easier for suppliers of EMV-compliant, front-end equipment to enter the transit market. 17 2. Future migrations become less difficult (strategic advantage) Achieving EMV Contactless Level 1 interoperability would establish a common technology foundation that would make future migrations involving changes to higher communication levels easier. This foundation would make it possible to go one step further and render the transit infrastructure suitable for EMV application acceptance. The infrastructure would then be able to accept bank-issued (open loop) EMV Contactless cards as a means to pay for transit. In addition, a transit scheme could configure the EMV Contactless application on a Transit-branded card to use for account-based ticketing. As an alternative to a contactless card, the EMV Contactless application could also be hosted on an NFC-enabled mobile device. 18 3. No barriers for (occasional) travelers Occasional travelers would be able to avoid a difficult enrollment process and would simply need to bring their own payment means, either a contactless bank card or an NFC-enabled mobile device. 19 4. Reduction of card issuance costs Travelers who use their own means of payment (EMV card or NFC-enabled device) would no longer need to be issued transit-specific cards. This would lower the operational cost involved with the issuance of transit cards to both occasional and frequent travelers. 20 6

5. Better service and real-time information to the traveler NFC technology would enable an existing transit contactless card to be emulated on the NFC-enabled device. As these devices have a rich user interface, a traveler could be provided with real-time travel updates based on information stored on the device and possibly enriched with information retrieved from the transit back office through the device s internet connection. This would improve the traveler s experience and streamline the delivery of services to the traveler. 21 Technical Benefits 1. EMV offers the only contactless certification scheme The communication that occurs between a contactless card and a contactless terminal (e.g. transit front-end equipment) is described in the ISO 14443 set of standards. To guarantee interoperability, compliance with the standard needs to be independently verified. Going beyond mere supplier compliance claims is imperative to assure that compliant devices can seamlessly interoperate with other compliant devices. In addition to the standard itself, a test specification should be defined to determine how compliancy will be verified. For the ISO 14443 set of standards, the corresponding test specification is the ISO 10373-6 set of standards. We believe that establishing a test specification is only a starting point. There is also a need for accredited labs that test implementations against the standard using the test specifications. Based on the findings of the accredited labs, the accreditor would then be able to issue a certificate of compliance. Although there is a test specification (ISO 10373-6) for the ISO 14443 set of standards, an established certification scheme is lacking. On the other hand, EMV offers a standard that provides further details to ISO 14443 or offers choices of options left open by ISO 14443. For example, the required minimum field strength offered by the contactless front-end device (i.e., terminal) is specified in greater detail by EMV than the general requirement of ISO 14443. EMV also defines a specification to test the compliancy of implementations against the EMV standard and provides a certification scheme, including a number of accredited test laboratories. UL believes that EMV offers the only certification scheme available for future-proof contactless implementations of ISO 14443. 22 Based on this, we believe that EMV offers the only certification scheme available for future-proof contactless implementations of ISO 14443. 22 2. EMV compliance brings NFC compliance NFC-enabled devices (handsets) are also being certified using the EMV standard. Therefore, if the transit infrastructure is certified in accordance with the EMV standard, future interoperability with NFC-enabled devices is assured. 23 7

IMPACT At UL, we believe that conformance to a strict specification of the contactless interface in transit is the only way to realize interoperability. We think it is particularly imperative to achieve the compliance of the acceptance side of the interface (e.g., electronic gates, validators, inspection devices). Only then will contactless transit cards from different suppliers or mobile handsets be universally accepted. EMV Contactless Level 1 is currently the only full test and certification process that offers a comprehensive set of guidelines for public transport ticketing schemes. Therefore, UL recommends that EMV Contactless Level 1 be adopted as a standard for any new device. In addition, we believe that transport authorities and operators should upgrade existing devices in a phased approach. In so doing, public transport systems around the world will begin to achieve the efficiency they need to provide the speed, reliability and convenience travelers increasingly desire. 24 8

SOURCES 1 Smart Card FAQ, Smart Card Alliance, 2014. Web: 23 June 2014. http:// www.smartcardalliance.org/pages/smart-cards-faq#what-is-a-contact less-smart-card. 2 Boogaard, R., Interview, UL, 23 May 2014. 3 Chen, M. and Tsuei, K., Benefits and Security Vulnerabilities of Contactless Card Payment Systems, Technology & Security Digest, Issue 12, Dec. 2011. Web: 23 June 2014. http://www.wib.org/publications resources/ technology security_digest/dec11/chen.html. 4 Contactless Payments: Delivering Merchant and Consumer Benefits, Smart Card Alliance, Apr. 2004. Web: 23 June 2014. http://www.smartcardalliance. org/pages/publications-contactless-payments-benefits-report 5 Chen, M. and Tsuei, K., Benefits and Security Vulnerabilities of Contactless Card Payment Systems, Technology & Security Digest, Issue 12, Dec. 2011. Web: 23 June 2014. http://www.wib.org/publications resources/ technology security_digest/dec11/chen.html. 6 Quibria, N., The Contactless Wave: A Case Study in Transit Payments, Federal Reserve Bank of Boston, June 2008. Web: 20 June 2014. https://www. bostonfed.org/economic/cprc/publications/briefings/transit.pdf. 7 Chilton, J., Transit Moves Contactless Payment [Smart Card Alliance 2010 Payments Summit], PaymentsViews, 24 Feb. 2010. Web: 29 May 2014. http:// paymentsviews.com/2010/02/24/transit-moves-contactless-payment/. 8 Future of Public Transport, Accenture, 2013. Web: 20 June 2014. http://www. accenture.com/sitecollectiondocuments/pdf/accenture-public-transport- Tall4-v2.pdf. 9 Clark, S., Survey: Half of US Commuters Would Use Their Mobile Phone for Transit Payments, NFC World, 20 Mar. 2012. Web: 20 June 2014. http://www. nfcworld.com/2012/03/20/314634/survey-half-of-us-commuters-would-usetheir-mobile-phone-for-transit-payments/. 10 Wilcox, H., Press Release: 500 Million People Worldwide to Use Their Mobile Phones as Metro and Bus Tickets by 2015, Juniper Research, 26 Apr. 2011. Web: 20 June 2014. http://www.juniperresearch.com/viewpressrelease.php?pr=241. 11 Boogaard, R., ISO 14443 Interoperability in Transit, UL, 2013. White paper: 13 May 2014. 12 Ibid. 13 Ibid. 14 Ibid. 15 Ibid. 16 Ibid. 17 Ibid. 18 Ibid. 19 Ibid. 20 Ibid. 21 Ibid. 22 Ibid. 23 Ibid. 24 Ibid. 9

TRANSACTION SECURITY ARTICLES MOBILE PAYMENTS SECURING HCE MOBILE PAYMENT SECURITY: BLE OR NFC SECURE PAYMENTS BIOMETRICS FOR PAYMENTS TRANSIT TICKETING CONTACTLESS INTEROPERABILITY IN TRANSIT NEXT GENERATION TRANSIT TICKETING 10

To learn more, explore the New Science of Indoor Air Quality, Transaction Security, Sustainable Energy, Workplace Health & Safety and Fire Safety. Watch our videos, read our journals, articles and case studies, scroll through our galleries and meet our experts. VISIT US ON UL.COM/NEWSCIENCE NEWSCIENCE@UL.COM +1 847.664.2040 New Science Transaction Security cannot be copied, reproduced, distributed or displayed without UL s express written permission. V.19. UL, the UL Logo and NEW SCIENCE are trademarks of UL LLC 2014.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information