Transport for London

Consult Hyperion helps to deliver an important milestone in contactless bank card ticketing for public transport in London

 

Abstract

Since 2008, Consult Hyperion has been working with Transport for London (TfL), the local government body responsible for most aspects of the transport system in Greater London, to prepare for and launch the acceptance of contactless bank cards for travel. The first phase of the project provided bus passengers with the option to pay for single fixed-price bus fares using a contactless debit or credit card on London’s buses from December 2012. This service was extended to provide distance-based post-travel payments on the rest of the TfL transport network, including the Tube, Docklands Light Railway (DLR), Tram, London Overground rail as well as the local part of the National Rail network up to Zone 6 in September 2014.

Background

TfL run the world’s most successful smartcard ticketing system. Since its inception in 1998, the Oyster card system has reduced the cost of revenue collection by more than one third and has been central to improving customer service and customer satisfaction.

The Future Ticketing Programme (FTP) arose out of an analysis of emerging technologies and the work on the cost of revenue collection. A study in 2006 identified the alternatives that might become available to TfL by 2015, of which Contactless Payment Cards (CPCs) and mobile phones enabled with near field communication technology were the most promising. The cost of revenue collection shone a light on the cost of ticket selling, a process that could be radically changed with the acceptance of a payment product issued by the wider payments industry.

The introduction of CPCs was seen as a significant opportunity to find new ways for customers to pay for their travel without the need to get a ticket from TfL first. This enables TfL to reduce ticketing costs while also improving the customer experience (compared to Oyster) because information is held in an intelligent back office system rather than on the card itself.

In addition, TfL was involved in the Department for Transport’s initiative to rollout ITSO across the National Rail network.

TfL saw that using an industry-standard technology (EMV) with the costs shared by the payment industry was a way of achieving the desired savings.

Contactless EMV debit and credit cards also offer much greater convenience for passengers who travel in London. They are able to use a bank card that they already possess. These cards can be used immediately on arrival in London. There is no need to either register them with TfL or top them up prior to travelling. This is especially convenient for non-Londoners who no longer need to learn about the tarrifs, obtaining an Oyster card and transfering value to the Oyster card. They can just “turn up and go” and have confidence that the system will guarantee them the best price for their journey.

Our Approach

Consult Hyperion played a key role in this large and innovative programme including:

Design and prototyping of the Future Ticketing Project (FTP) reader 

Accepting contactless EMV payments alongside Oyster and ITSO cards required TfL to design a new ticketing reader capable of performing standard EMV transactions within the stringent performance constraints of the transit network. As well as defining the requirements for the reader, we used rapid prototyping to ensure the feasibility of certain critical aspects of the reader. Hyperlab (our development team) implemented prototype reader functionality to demonstrate that TfL’s demanding performance requirements could be met. This evidence was used by TfL to counter their supplier’s claims that it was not possible. Consult Hyperion worked closely with Visa, MasterCard and American Express payment schemes in this assessment.

The experimental findings, along with Consult Hyperion’s knowledge and experience of contactless payments were used to produce a rigorous functional specification of the reader, which could then be used as the bedrock for the extensive period of testing and assurance work on the reader carried out with Consult Hyperion support.

Technical consultants for the end-to-end platform 

Having proven our worth focusing on the reader withint FTP, Consult Hyperion was retained to advise on technical and security aspect for the whole of the FTP systems. One of Consult Hyperion’s staff was appointed as Head of Security for FTP. As well as the specification work, TfL required extensive technical consultancy support to ensure a robust and secure delivery. Consult Hyperion played a key role in reviewing the project’s overall design specifications and technology requirements in detail.

Information Security 

Consult Hyperion used their standard Structured Risk Analysis (SRA) methodology to analyse the security risks to the end-to-end contactless payments within the TfL domain. This was used to validate the supplier approach, particularly with respect to payment scheme security requirements.

Flowing directly from the exposures highlighted in the SRA, Consult Hyperion wrote the business and detailed security requirement for all FTP systems. We then went on to write the security architecture and design the necessary interactions using DFDs. This security architecture and design was used for weekly meeting with the supplier to agree the evolution of the supplier’s existing security design to an acceptable one for open payments through the phases of FTP roll out over three years.

The official payment scheme requirements are encapsulated in a standard called PCI DSS which sets out the requirements for merchants accepting credit and debit card transactions, and heavy merchant fines are associated with any breach of these requirements. As a result, the requirements of PCI DSS have been driving much of the security design of the new contactless system. At the time, the PCI DSS were not mature enough for contactless EMV and therefore Consult Hyperion was advised by the scheme to generate security requirements specific for TfL’s implementation.

Consult Hyperion also designed the tokenisation scheme (the used of surrogate PANs to reduce the value of cardholder data if stolen) to be used by TfL to meet PCI DSS requirements. The requirements of the transport domain using lists of denied cards on reader made this particularly challenging. We had regular meetings with MasterCard and Visa security specialists to ensure that our tokenisation design was acceptable.

Solution Assurance 

The lab tools and capabilities developed during the prototyping phase were further used during assurance , for instance, to independently test the delivered reader transaction performance and to check out the performance of early mobile phone-based payment offerings.

Why Consult Hyperion?

Consult Hyperion was able to bring a unique combination of skills in requirements gathering, understanding of contactless payment systems, at a technical and specification level, across all three of the payment schemes.

Our extensive testing experience plus use of in-house methodologies (such as Structured Risk Analysis ) and in-house team of developers were able to carry out rapid prototyping to prove feasibility and to provide hard evidence against which to carry out assurance of a complex and performance-critical system.

 

chyp_us_logo
CHYP USA is a Consult Hyperion company

About Our Customer

Transport for London (TfL) is the Local Government organisation responsible for the vast majority of London’s transport system, including buses, tube, Docklands Light Railway, Tram, Riverboats and the Emirates Air Line cable car. Its role is to implement the Mayor of London’s transport strategy. Supporting a growing population of 8.4 m people, carrying out around12 million journeys per day. TfL has ticketing revenue in the order of £3bn per year.

Back to Case Studies

“We help Retail and Transit Organisations who are looking for next-generation ticketing and payment systems”Tell Me More!

Keywords: Contactless, Public Transport, Oyster, TfL, Transport for London, Reader, AFC, Card payments, Risk analysis, tokenisation, PCI DSS

View full website