Upload
hakiet
View
225
Download
0
Embed Size (px)
Citation preview
Property of the Smart Card Alliance © 2011
Alternative Architectures Craig Roberts Manager, Technology Development Utah Transit Authority
Open Bank Card Payments for Transit A Smart Card Alliance Educational Institute Workshop
2011 Mobile and Transit Payments Summit Marriott City Center Hotel, Salt Lake City, UT ― February 15-18, 2011
Property of the Smart Card Alliance © 2011
Presentation Scope Describe the features, characteristics and components of account based open payment contactless fare collection systems
Discuss options in their deployment Compare to traditional card based systems Presented from the perspective of the Utah Transit Authority’s full system deployment of an account based open payment system
2
Property of the Smart Card Alliance © 2011
Architecture System Architecture – a formal description and representation of a system, organized in a way that supports reasoning about the structure of the system which comprises system components, the externally visible properties of those components, the relationships (e.g., the behavior) between them, and provides a plan from which products can be procured, and systems developed, that will work together to implement the overall system.
A system architecture is primarily concerned with the internal interfaces among the system's components or subsystems, and the interface between the system and its external environment, especially the user.
Source: Wikipedia
3
Property of the Smart Card Alliance © 2011
Definitions Meaning may vary according to context
Open systems Open payment Open source Closed system Closed loop Proprietary
5
Property of the Smart Card Alliance © 2011
Intersecting Cultures Culture defined by vocabulary (acronyms, slang, special
meaning of terms) Here we are at the intersection of four:
Transit Payment Information technology Federal
It is never rude to ask for a definition of terms It is helpful if we remember to use full terms rather than
initials
6
Property of the Smart Card Alliance © 2011 7
Contactless Smart Cards
• Customer brings card into radio frequency (RF) field (~2 inches); “tap”
• Powered antenna in reader powers antenna and chip in card; reader obtains data from card, may write data to card
• Standards ISO 14443 (proximity) or ISO 15693 (vicinity); both 13.56 MHz radio frequency
Property of the Smart Card Alliance © 2011
Overview of a Transaction Present Card (or medium) Authenticate card Authenticate account Accept card (green light; “welcome”; open gate) Calculate fare Store and forward transaction Transfer funds from card holder’s to agency account (settlement)
8
Property of the Smart Card Alliance © 2011
Card vs. Account Based Architectures
Card based E-purse Record of transaction and account status carried on
card and mirrored in back office Status of fare calculation recorded on card Read/write
Account based Card as token or credential Card ID, time, place, service, etc created in record and
sent to back office Fares calculate; business rules applied in back office
9
Property of the Smart Card Alliance © 2011
Card Based Systems
Hong Kong – Octopus
London – Oyster
Washington D.C – SmartTrip
San Francisco – Clipper
Boston – Charlie Card
Atlanta – Breeze
Houston – Q
10
Property of the Smart Card Alliance © 2011
Characteristics of Card Based Systems
Closed – agency issues and manages own media Proprietary systems and formats Network of revaluing machines External revaluing networks require special point of sale (POS)
devices Fare calculations performed between card and reader; stored on
card System can perform well without on-line communications Hardware/software optimized due to limitations or memory,
processors speed and communications Fare changes require code changes on all validators New products require new cards Interagency product integration requires extensive requirments
coordination
11
Property of the Smart Card Alliance © 2011
Examples of Account Based Systems
Credit and debit cards Gift cards Loyalty card Building/facility access On-line commerce Ski-lift access
12
Property of the Smart Card Alliance © 2011
Characteristics of Account Based Systems
Card as token Creation of record at tap
Authenticated card ID Bus number, block number, operator number Service type – local, express, BRT, etc. Time stamp Location – GPS coordinates and/or stop location designator Encrypted track II and hash (if bank card)
Application of business rules in back office Analogous to toll collection systems Taps to trips if check-in/check-out Linked trips for transfers Application of appropriate fares
Fare changes made in by changing a configuration table in back office
New product programming and application development takes place in back office; does not require changes to cards and validators
13
Property of the Smart Card Alliance © 2011
Bank Issued Contactless Payment Cards
Been in the market for about five years Brands
American Express – ExpressPay Discover – Zip MasterCard – PayPass Visa – Pay Wave
Jointly established standards Centralized device testing – individual brand
certification Available through most banks – not aggressively
promoted in most markets
14
Property of the Smart Card Alliance © 2011
Recent Conditions That Allow for Contactless Bank Card Use in Transit
Issuance of products by banks New regulations re receipts and signature requirements
for micro-payments Development of standards and certification processes Communications advances – fiber and wireless Processing speed advances Cheap memory
15
Property of the Smart Card Alliance © 2011 16
The Appeal of Open Payments for Transit Electronic Fare Collection
Others issue payment media Integration with payment mainstream:
payment at the fare box, gate or platform as a merchant POS transaction
Automatic interagency interoperability Customer service with issuers Security standard Architecture provides flexibility in product
development Robustness of open payments ecosystem Commoditization of devices Potential for pathway to elimination of cash Speed of deployment Cost Co-promotion
Property of the Smart Card Alliance © 2011
Third Party Pass Programs Third party paid passes
ECO, Ed, Ski
Cards as tokens using unique identification number (UID)
Track usage to inform negotiations with third party payers
Preference for partner issued ID cards Security handshake needed as used for
decrementing stored value accounts and as NFC is deployed OPACITY Mifare Ultralight C Bank card spec Contactless EMV
17
Property of the Smart Card Alliance © 2011
Federal Standard Cards HSPD-12: Homeland Security Presidential Directive 12 FIPS 201: Federal Information Processing Standards
Publication 201 PIV: Personal Identity Verification CAC: Common Access Card Physical and logical access Contact and contactless interfaces Contact side has strong encryption and trust model Contactless side data in open Feds exploring additional uses of contactless interface ISO 14443 CHUID: Cardholder Unique Identifier PIV-I: interoperable; for non-federal entities with trust model PIV-C: PIV system specs without trust model DOT/UTA Proof of Concept – PIV acceptance as transit pass
18
Property of the Smart Card Alliance © 2011
Validator Characteristics Validator vs. reader vs. POS (point of sale) device Functions
Read cards Bank card only reader commoditized To read all 14443 and 15693 cards requires more capable readers, but are available
Create transaction records Encryption Transmit through communications links Receive configuration data including hot and cold lists Receive software updates Monitor diagnostics and report problems
Connections Operator console Portal from bus (wireless, wifi and 3G); fiber to platform
19
Property of the Smart Card Alliance © 2011
Hot and Cold Lists Also known as positive/negative or white/black Cold list – accept card if on list Hot list – reject card if on list Lists may reside on validator or back office
20
Property of the Smart Card Alliance © 2011
Modular vs. Integrated Approaches
Common to deploy technology systems as turnkey projects as it is viewed as easier to manage.
Often results in multiple devices Driver consoles Antennae Communications
A modular approach allows leveraging of devices for multiple uses - examples: Communications Communications gateways Consoles Data store
Modular approach creates greater burden on agency for systems integration
21
Property of the Smart Card Alliance © 2011
Open Interfaces or APIs API: Application
programming interface
User owned or open interfaces among various system components allow flexibility for expanding the system and enable system additions, expansions or component replacements to occur in a competitive environment
22
Property of the Smart Card Alliance © 2011
Check-in/Check-out In UTA known as Tap-on/Tap-off
Requested of all patrons Validators at all doors of buses and entry and exit to platforms Must comply for transfer credit with contactless bank cards 70% compliance rate
Enables linked origination/destination data Needed for distance based fares
23
Property of the Smart Card Alliance © 2011
Real Time Validation Demonstrated in New York/New Jersey pilots Requires advance wireless communications for buses Needed for account authentication Balance check for prepaid Stand-in authorization for bank cards
Improves reliability of hot and cold lists UTA uses near-real-time approach, working to add real-
time
24
Property of the Smart Card Alliance © 2011
Back Office Account based systems typically require continuous
direct connection via internet; card based system use a hierarch of servers (station, depot, agency, interagency)
Use of hosted back office Simplifies PCI compliance Insulates agency personnel from sensitive data Customer service?
Conversion to taps to trips Business rules, e.g., transfers Fare calculation engine Account management
External vs. internal Web services
Settlement through acquiring bank
25
Property of the Smart Card Alliance © 2011
NFC Near field communications for mobile payment Embedding contactless payment applications in mobile
phones Systems that can accept contactless open payment
brands should work without modification Interest in card based legacy systems for development
of special payment apps to support their architectures
26
Property of the Smart Card Alliance © 2011
Inspection Challenge for proof of payment, open platform systems
– light rail and commuter rail Card based system have payment history on card that
can be verified with handheld device Account based systems require interrogation of back
office to determine compliance No off the shelf device Tradeoffs with inspection speed requirement, weight
and battery life NFC device advances show promise UTA in development of second iteration to have a
satisfactory device
27
Property of the Smart Card Alliance © 2011
Multiagency Integration and Post Deployment Partnerships
Different agencies in a region can deploy account based/open payment system separately and subsequently connect or integrate back offices with shared fares or business rules
Opportunity to link with toll collection and parking Prepaid, gift card and third party account management
arrangements can also be added
28
Property of the Smart Card Alliance © 2011
Maximize at every level Needed post award as much as pre award Modularize and use open interfaces The problem of being owned by your vendor
29
Property of the Smart Card Alliance © 2011 30
Privacy Should address privacy policies and values up front,
discuss publicly, and incorporate into system design
`UTA approach UTA values the linked origination-destination data enabled by this
system for service evaluation and planning But does not need or want to know who is traveling Third party payers keep identities of who is authorized to ride Third party payers should not need information of who made what
trips Contractor to separately maintain records and processes for credit/
debit processing, application of business rules for prepaid or registered accounts and PCI assurance
Property of the Smart Card Alliance © 2011
Agency Approaches to Transition to Open Payment
Some agencies have requested card based/open payment solutions in their requests for proposal
To date, plans for deployments for open payments in Utah, Philadelphia, Chicago, Washington D.C. and New York appear to be replacement of legacy systems with pure account based approaches rather than integration with them
Unclear as to the difficulty of deploying hybrids or retrofitting open payment into card based systems
31