Simon Laker and I recently published an article about open-loop transit payments in the US and how they are catching up with the UK with significant US launches planned for 2019 and beyond. It was very interesting to look back, draw the timeline and, with the benefit of hindsight, see why the major US cities tried to be first but ended up being seven years or so behind the 2012 London launch on buses.
Whilst it is fun to look back, we spend most of our time making the future. Over the last year we have been back working with TfL to help determine the best revenue inspection solutions for open-loop transit operators. While the majority of bus operators might not care much about revenue inspection (the potential fare dodger has to board the bus and this usually requires walking past the vigilant gaze of the bus driver), revenue protection through inspection is a significant requirement for city-based smart ticketing schemes.
Back in 2011 we helped TfL choose their current revenue inspection device (RID) hardware which is now no longer manufactured. At that time, there was no single off-the-shelf device hardware which could meet TfL’s need and therefore, hardware customisation was needed. Now is the time to look for opportunities for replacing these bespoke devices with more cost-effective solutions.
One of our specialisms is adapting devices without secure hardware to become secure enough to handle transactions involving payments and identity, such as ticketing. There are approaches known as host card emulation (HCE) and host terminal emulation (HTE) that we have been working on since 2007 before they were named in 2012 as part of the open-source Android OS. The idea is that ‘software-only’ approaches can be used, without any secure hardware, to secure cryptographic secrets (e.g. keys) used to secure transactions. Traditionally, tamper-resistant smart card chip hardware is used to store the keys, and similar chips, known as secure hardware modules (SAMs) are used in terminals needing to communicate securely with smart cards.
In 2015 we worked with ITSO to design how ITSO can work securely enough on mobile devices without secure hardware. Android Pay launched in the same year. This approach is now being exploited by the ITSO on Mobile solutions from the likes of Rambus.
We helped Barclaycard be the first UK bank to launch a software-only banking payment app that works on mobile devices without using SAMs in 2016. This was all card emulation. When we want a mobile device to act as a RID without a SAM, then it is terminal emulation and it is harder. The card merely has an antenna in which a current is induced when the antenna is placed in the reader electromagnetic field. The reader has to produce that field. The hardware in most mobile devices on the market is not certified to act as a reader for accepting payment cards. You may have noticed that when small merchants use their phones to accept contactless cards, they use an additional device from organisation such as PayPal, Square or iZettle.
In 2018, we produced a software-only app for an Android phone that can be downloaded and installed on any phone and securely accept contactless payment cards. No secure hardware, no SAMs. It works, but the payment industry is playing catch up and it was not possible to certify such a merchant payment terminal to the satisfaction of the payment card industry. In January, PCI released new documentation aimed at this purpose. Exciting times are ahead. We are currently helping TfL engage with the market to see whether RID solutions based on off-the-shelf Android devices might be used as the next generation RID.
We have a wealth of experience over the last two decades, designing and building software-only solutions. Let us know if you’d like a chat about how this might work for you, be it payment, identity or ticketing.