Electronic Payment Systems (EPS)

1

Electronic Payment Systems (EPS)

CITE EPS

Modules 11 and 12

Version 2

2

Electronic Payment Systems (EPS)1. Issues and Problems2. EPS Requirements3. EPS Applications4. EPS Technologies5. EPS Case Studies6. EPS Evaluation7. Summary

3

Electronic Payment Systems (EPS)1. Issues and Problems

1.1. Transportation Agency Perspective1.2. Customer Perspective

4


1.1. Transportation Agency Perspective• Costs and liability associated with coin and

cash collection • Accurate data collection and reporting • Intermodal coordination • Flexibility in fare policy implementation • Reduction of fare evasion and fraud

5


1.1. Transportation Agency Perspective1.2. Customer Perspective

• Problems associated with need to have exact change

• Difficulties associated with intermodal transfer and multiple fares

• Need for a single payment medium accepted by various transit agencies, other transportation providers, and retail stores

6

Electronic Payment Systems (EPS)2. EPS Requirements

2.1. Convenience2.2. Flexibility2.3. Higher throughput2.4. Durability2.5. Reliability2.6. Security2.7. Cost efficiency2.8. Cost effectiveness

7


2.1. Convenience• EPS should be more convenient to use then

cash or tokens • The value and frequency of card downloads

should meet customer needs • The cardholder should be able to regain value

of lost card

8


2.2. Flexibility• EPS should facilitate the use of a single

medium for several interrelated applications such as road tolling, different modes of transit, and parking

• EPS should aid transportation providers in implementation of more efficient and equitable fare policies

9


2.3. Higher throughput• EPS should accommodate high transaction

speeds and large volumes of transactions at peak hours

• EPS throughput performance should be at least as good as cash and token payment systems

10


2.4. Durability• Durability of an electronic payment medium

should be in accordance with its production cost, stored value, and purpose

• All components of the EPS should be designed to address specific transportation environments such as high levels of vibration, dust, frequent and significant temperature changes, etc

11


2.5. Reliability• Mean time between incidents (MBTI) for

various EPS components should be better than corresponding MBTI for cash and token payment systems

• Probability value of EPS incidents should be lower than this value for cash and token payment systems

12


2.6. Security• EPS should address a set of security issues

such as accuracy of transactions and data integrity

• All customer databases should be protected against improper use and unauthorized access and be kept confidential as much as possible

• Repudiation issues should also be taken into account

13


2.7. Cost efficiency• EPS operating costs per unit of service output

should be lower than that for cash or token payment systems

14


2.8. Cost effectiveness• EPS operating costs per unit of service

consumption should be lower than that for cash or token payment systems

• Superior characteristics of EPS should increase patronage of a particular service

15

Electronic Payment Systems (EPS)3. EPS Applications

3.1. Public Transit3.2. Road Tolling3.3. Parking3.4. Multipurpose

16


3.1. Public Transit3.1.1. Rail3.1.2. Motorbus

17


3.1. Public Transit3.1.1. Rail

– As of today, most EPSs on transit have been designed for rail rapid systems

– However, commuter rail and light rail are often integrated into regional transportation services

18



3.1.1.1. Anticipated benefits

3.1.1.2. Centralized architecture

3.1.1.3. On-line mode

19



3.1.1.1. Anticipated benefits– Increased throughput– Lower maintenance costs– More flexible fare policies

20



3.1.1.2. Centralized architecture– One of intrinsic characteristics of fare collection

systems for rail rapid transit is that fare collection equipment is permanently installed at station entrances and can be operated from a central computer

21



3.1.1.3. On-line mode– Due to the fact that all fare collection equipment

for rapid rail is permanently installed at specified locations and can be linked to a central computer, the entire fare collection system can work in an on-line mode (i.e. every payment transaction can be recorded to the main database and authorized by a central computer)

22


3.1. Public Transit3.1.2. Motorbus

– Fewer efforts have been made to implement EPS on motorbus and light rail systems

– Major challenges associated with EPS implementation on motorbus systems result from relatively high EPS capital costs and necessity to install EPS validation and authorization equipment on individual vehicles

23



3.1.2.1. Anticipated benefits

3.1.2.2. Distributed architecture

3.1.2.3. Off-line mode

24



3.1.2.1. Anticipated benefits– EPS on motorbus systems can contribute to

substantial improvements in boarding times, help to lower stress on a driver, and lead to more flexible fare structure

25



3.1.2.2. Distributed architecture– EPS has not been rigorously adapted for motorbus

and light rail systems is that validation and authorization equipment has to be installed on each vehicle

– In addition, this equipment tends to be more expensive due to the fact that a card reader on each vehicle performs many functions of the central computer in a centralized system

– Lower throughput and higher equipment costs make it more difficult to justify investment in EPS

26



3.1.2.3. Off-line mode– In addition to higher equipment costs

associated with the distributed architecture EPS, the necessity to operate the system in off-line mode creates a greater potential for data loss and fraud and significantly complicate testing, maintenance, and repair of equipment

27


3.1. Public Transit 3.2. Road Tolling

– The use of EPS for road tolling promises two major benefits to toll road operators and users. The first benefit results from a large reduction in operating costs of toll collection. The second benefit results form alleviating congestion on toll plazas

– However, some critics argue that road users do not save much time because of electronic toll collection. They say that "we are just relieving traffic on the way into more congested areas"

28


3.1. Public Transit 3.2. Road Tolling

3.2.1. Wireless communication system

3.2.2. Centralized architecture3.2.3. On-line mode

29


3.2. Road Tolling3.2.1. Wireless communication

system– Capability of validation equipment on toll

plazas to communicate with electronic tags in moving vehicles

– The system should operate reliably in hostile weather conditions (rain, snow, fog, etc.), be protected against radio interference, and satisfy all security EPS requirements

30


3.2. Road Tolling3.2.2. Centralized architecture

(CA)– All validation and authorization equipment is

connected to the host computer– CA employs one database for all client

accounts and track all transactions. – While this approach helps to eliminate data

loss, discrepancy, and fraud, it provides ground for misuse of sensitive personal information (e.g. travel behavior, travel destinations, etc.) and other privacy concerns

31


3.2. Road Tolling3.2.3. On-line mode

– EPS for road tolling operates in the on-line mode (all transactions are authorized in real time)

– Benefits of the on-line mode include higher security and better system diagnosing and management.

– Drawbacks include higher then for the off-line mode requirements regarding throughput, reliability, and security of the system

32


3.1. Public Transit3.2. Road Tolling3.3. Parking

Most often sited benefits of EPS for parking include:

– reduction in collection costs, – increase in meter up-time, – reduction in theft-motivated meter vandalism, – improvement in rate flexibility, potentials for

parking trend monitoring, and – reduction of fraud

33


3.1. Public Transit3.2. Road Tolling3.3. Parking

3.3.1. Distributed architecture3.3.2. Off-line mode3.3.3. Vandalism concerns3.3.4. Security concerns

34


3.3. Parking3.3.1. Distributed architecture

– EPS for parking employ distributed architecture concept where some of the functions of a central computer are performed by individual parking meter equipment

– Parking service personnel uploads data from parking meters and transfers it to the central computer database on a regular basis

35


3.3. Parking3.3.2. Off-line mode

– Individual parking meter EPS equipment operates in off-line mode

– Since there is no direct communication link between the central computer and the parking meter EPS equipment, each piece of equipment should meet requirements toward its own power supply, security, memory capacity, and other essential parameters

36


3.3. Parking3.3.3. Security concerns

– Security concerns become especially important for parking EPS

– While EPS for rail and road tolling operate in the on-line mode (thus making it easier to detect malfunctioning of equipment or breach of security) and EPS equipment on motorbus is monitored by a bus driver (again making it easier to detect malfunctioning of equipment or breach of security), parking meter EPS equipment operates in the off-line mode and is not monitored on a continuous basis

37


3.3. Parking3.3.4. Vandalism concerns

– Theft-related and other meter vandalism is yet another question that should be considered

– The data loss caused by vandalism should not jeopardize the integrity of the whole system

38



– Multipurpose EPS can integrate a variety of services and be operated by several institutional parties

– The ultimate solution to the multipurpose card concept is the so-called "e-purse" that would permit its holder to pay for all small purchases and services within a large geographic region with a single card

39



3.4.1. Transit-Parking3.4.2. Transit-Parking-Tolling3.4.3. Transit-Parking-Tolling-

Gas/Phone/Vendors/Bank

40


3.4. Multipurpose3.4.1. Transit-Parking

– One of the most basic schemes of multipurpose EPS is the one that serves one or more transit modes and parking at park-and-ride facilities

– Such a scheme can be administered by a single transit agency or a group of transit agencies

– Fares, transfers, and discounts can be coordinated by participating agencies in order to provide incentives for transit riders

41


3.4. Multipurpose3.4.2. Transit-Parking-Tolling

– A higher level of integration is achieved when transit agencies, toll road authorities, and parking service providers join their efforts to administer a single payment medium for all transportation services in a given region

42


3.4. Multipurpose3.4.2. Transit-Parking-Tolling

43


3.4. Multipurpose3.4.3. Transit-Parking-Tolling-

Gas/Phone/Vendors/Bank– The highest level of integration is reached

when a single payment medium is used to pay for transportation, gas, and phone and to make purchases at retail stores and restaurants

– In this case, a single party or a consortium can administer the system whereas the number of participants in the scheme can be unlimited

44

Electronic Payment Systems (EPS)4. EPS Technologies

4.1. Security Criteria4.2. EPS Architecture and Components4.3. Electronic Media Types and

Characteristics

45


4.1. Security Criteria4.1.1. Accuracy4.1.2. Data Integrity4.1.3. Confidentiality4.1.4. Impersonality4.1.5. Repudiation

46


4.1. Security Criteria4.1.1. Accuracy

– The risk of a random error (most often due to a poor mechanical contact between the card and reader or radio/magnetic interference) should be minimized

– A number of security techniques, such as message authentication checks, should be incorporated into system design in order to provide high level of accuracy

47


4.1. Security Criteria4.1.2. Data Integrity

– Any accidental alteration of or unauthorized access to the data stored on the card or transmitted over the network should be minimized

– Different forms of encryption help to maintain data integrity on the card and during data transmission

48


4.1. Security Criteria4.1.2. Data Integrity

49


4.1. Security Criteria4.1.3. Confidentiality

– Information stored in the system or on the card must be protected against improper use and unauthorized access (either malicious or accidental)

– Strict access control and encryption should be employed to protect confidentiality and privacy of clients

50


4.1. Security Criteria4.1.4. Impersonality

– Different personal identification techniques should be considered in order to avoid access to the system by someone other than the cardholder

– Passwords and personal identification numbers (PINs) can be used to approach this problem

51


4.1. Security Criteria4.1.5. Repudiation

– A detailed log of all activities taking place on the system and their proper authorizations should be maintained in order to demonstrate clients of the system its integrity and guard system operators against repudiation

52


4.1. Security Criteria4.2. EPS Architecture and Components

4.2.1. Cards4.2.2. Terminals and Readers4.2.3. Network4.2.4. Host System4.2.5. Clearinghouse

53


4.2. EPS Architecture and Components4.2.1. Cards

4.2.1.1. Carrier (material, dimensions, other characteristics)

4.2.1.2. Security features (signature, photograph, hologram, microprinting, other)

4.2.1.3. Memory (magnetic stripe, chip)

4.2.1.4. Integrated circuit (features and functions)

4.2.1.5. Mask4.2.1.6. Interface (contacts,

antenna)

54



55



4.2.1.1. Carrier (material, dimensions, other characteristics)

– Mechanical characteristics of the card's body determine the life span of the card

– Most cards are made of polyvinyl chloride (PVC) or a similar thermoplastic

– The card's body should provide adequate flexibility and withstand high temperatures

– Dimensions of the card should conform to international standards for interoperability

56



4.2.1.2. Security features (signature, photograph, hologram, microprinting, other)

– Security features of a magnetic stripe card can include cardholder signature and photograph, hologram, microprinting, and UV sensitive ink.

– However, these features have limited effect in authenticating the card and its holder

– Electronic encryption of the information on the card (available on smart cards only) in conjunction with a PIN required to use the card provide a much higher level of security

57




– Different types of memory to store electronic information on the card can be used

– Magnetic stripe cards store data on a strip of magnetic tape bonded to the external surface of the card. Its capacity is limited by 1 Kbits and is prone to corruption by strong magnetic fields

– Smart cards store data on various types of semiconductor memory, such as ROM, RAM, and EEPROM

– The total capacity of a smart card can be as high as 20-30 Kbits

58

4. EPS Technologies4.2. EPS Architecture and Components

4.2.1. Cards4.2.1.3. Memory (magnetic stripe,

chip)– Different types of memory to store electronic

information on the card can be used – Magnetic stripe cards store data on a strip of magnetic

tape bonded to the external surface of the card. Its capacity is limited by 1 Kbits and is prone to corruption by strong magnetic fields

– Smart cards store data on various types of semiconductor memory, such as ROM, RAM, and EEPROM

– The total capacity of a smart card can be as high as 20-30 Kbits

Electronic Payment Systems (EPS)

59



4.2.1.3. Memory (magnetic stripe, chip)Maxim um

Data Capacity

Processing Pow er Cost of Card

Cost of Reader and Connection

Magnetic Stripe Cards 140 bytes None $0.20 - $0.75 $750

Integrated Circuit Mem ory Cards 1 Kbyte None $1 - $2.50 $500

Integrated Circuit Processor Cards 8 Kbytes

8-bit cpu, moving to 16-

and 32-bit$7-$15 $500

Optical M em ory Cards 4.9 Mbytes None $7 - $12 $3,500 - $4,000

Source: Gartner Group

60




61



4.2.1.4. Integrated circuit (features and functions)

– Integrated circuit (or chip) is embedded into the body of the smart card

– Its major functions include data communication and card control, data encryption and decryption, and memory management

– Most chips are 8-bit microprocessors with speeds up to 5 MHz

62



4.2.1.5. Mask– Mask is the "operating system" of the

smart card– The type of mask installed onto the smart

card determines its features– Major functions of the mask include

communications management, encryption/decryption, command handling, file management, and data access control

63



4.2.1.6. Interface (contacts, antenna)

– The magnetic stripe card interface is represented by the magnetic stripe that when passed in front of the reading head induces pulses of current in the head's coil

– These pulses are decoded into meaningful information that is read by the card reader

– In the case of smart cards, the data can be transported to the reader either via metal contacts or an antenna

64



4.2.2. Terminals and Readers Terminals and readers

perform several functions that may include:

– communication with the card and host system, – encryption and decryption of data, – validation of the card, and – data processing

65



4.2.2. Terminals and Readers 4.2.2.1. Types

4.2.2.1.1. Insertion-type4.2.2.1.2. Motorized-type 4.2.2.1.3. Radio

Frequency (RF) Readers

4.2.2.2. Functions4.2.2.2.1. Communication

with the card4.2.2.2.2. Data reading

and validation4.2.2.2.3. Data decryption

and writing

66


4.2. EPS Architecture and Components4.2.2. Terminals and Readers

4.2.2.1. Types4.2.2.1.1. Insertion-type

» The major advantage of the insertion-type readers (swipe-card terminals) is their simplicity and low cost

» However, these devices are disposed to vandalism and dependant on atmospheric conditions and proper card insertion

67



4.2.2.1. Types4.2.2.1.2. Motorized-type » Motorized-type readers can operate in

hostile atmospheric conditions and better protected against vandalism

» Their reliability in terms of proper card validation and transaction handling is much higher than that of insertion-type readers

» The drawback of the motorized-type readers is higher cost and greater maintenance expenses

68



4.2.2.1. Types4.2.2.1.3. Radio Frequency (RF) Readers» No need for physical contact between RF

Reader and wireless smart card» Reduction in operating and maintenance costs

of the equipment » Increase in throughput of the EPS» Ease of use and convenience» Vulnerability to radio/magnetic interference» Potential threat of RF eavesdropping » No formal authorization from a cardholder

69



4.2.2.2. Functions4.2.2.2.1. Communication with the card

» The first and main function of the card reader is to establish a communication link with the card

» Depending on whether the reader works on-line or off-line (i.e. connected to the host system or not), it may also perform validating and processing functions

70



4.2.2.2. Functions4.2.2.2.2. Data reading and validation

» The second function of the card reader is to read the data from the card, encrypt sensitive data (if necessary) and pass it to the host system for validation and processing

71



4.2.2.2. Functions4.2.2.2.3. Data decryption and writing

» Upon receiving response from the host system the reader performs data decryption (if necessary) and closes the session with the card

72


4.2. EPS Architecture and Components4.2.1. Cards4.2.2. Terminals and Readers

4.2.3. NetworkThe network serves as a

link connecting card readers, the host system, and the clearinghouse

4.2.3.1. Closed Networks4.2.3.2. Open Networks

73


4.2. EPS Architecture and Components4.2.3. Network

4.2.3.1. Closed Networks

Usually, the closed network subsystem:

– accepts transactions from a limited number of card readers and terminals;

– serves limited applications, and – maintained by a single operator

74



4.2.3.1. Closed Networks

75



4.2.3.2. Open Networks

– Contrary, the open network subsystem can always be expanded to serve a greater number of card readers and new applications and to be interconnected to other networks

76


4.2. EPS Architecture and Components4.2.1. Cards4.2.2. Terminals and Readers 4.2.3. Network

4.2.4. Host SystemThe core of the host

system is a powerful computer with a strong security protection

4.2.4.1. Functions4.2.4.2. Features

77


4.2. EPS Architecture and Components4.2.4. Host System

4.2.4.1. FunctionsAmong the major

functions of the host system are:

– account management, – data encryption and decryption, – communication with card readers and

terminals, and – overall monitoring of the EPS operations

78



4.2.4.1. Functions

79



4.2.4.2. Features– The special characteristics of the host

system include provision of very high stability, reliability, and security

– To ensure that these requirements are met at all times the host system may feature multiple mirror-sites, on-line back-up systems and independent power stations

80


4.2. EPS Architecture and Components4.2.1. Cards4.2.2. Terminals and Readers 4.2.3. Network4.2.4. Host System

4.2.5. Clearinghouse

81


4.2. EPS Architecture and Components4.2.5. Clearinghouse

– Usually, the clearinghouse is necessary to operate an open-system EPS, where multiple parties are involved

– Its major function is to ensure the proper use of the system by all clients and operators and maintain its integrity

– Specifically, the clearinghouse provides encryption-key and Personal Identification Number (PIN) management, authenticates cards, and validates transactions

– Sometimes, the host system can perform functions of a clearinghouse

82


4.1. Security Criteria4.2. EPS Architecture and Components4.3. Electronic Media Types and

Characteristics4.3.1. Magnetic Stripe Cards4.3.2. Chip Cards4.3.3. Hybrids

83


4.3. Electronic Media Types and Characteristics4.3.1. Magnetic Stripe Cards

Magnetic stripe cards are those that store data on a strip of magnetic tape bonded to the external surface of the card

4.3.1.1. Paper tickets4.3.1.2. Plastic

84



4.3.1.1. Paper tickets (PT)– Flexible carrier of various shapes and sizes– Its memory capacity is the lowest among all types of EP media

(less than 1000 bits of data)– PT are used with the motorized-type reader that reads data

from PT, performs transaction, erases the data from PT, and writes new data on PT

– PT are not personalized and rarely have any security features in excess to data encoding and ticket's distinctive shape and size

– The life span of PT is usually limited to less than 100 erase-write cycles

– PT can be easily corrupted by stray magnetic fields

85



4.3.1.1. Paper tickets (PT)

86



4.3.1.2. Plastic (MSPC)– MSPC are made of polyvinyl chloride (PVC) and usually come in a

standard "credit card" size– Its magnetic tape stripe can hold up to 1,000 bits of encoded data and

is capable to withstand magnetic fields generated by natural magnets– These cards can be used with both insertion- and motorized-type

readers– Additional security features such as cardholder's name, signature,

photograph, etc. – Magnetic stripe plastic cards hold information regarding cardholder

account number and PIN– Upon insertion of the card the card reader does not erase or writes any

new information on the card– The life span of these cards is about several thousand read cycles

87



4.3.2. Chip Cards– Chip cards can feature different types of silicon

memory chips and a central processing unit (CPU) – There is an "operating system" that depending of

application can perform such functions as communications management, encryption/decryption, command handling, file management, and data access control

– Chip cards have either a metal contact or an antenna interface

88



4.3.2. Chip Cards

89


4.3. Electronic Media Types and Characteristics

4.3.2. Chip Cards4.3.2.1. Contact4.3.2.2. Contactless

90


4.3. Electronic Media Types and Characteristics4.3.2. Chip Cards

4.3.2.1. Contact– Contact cards have standardized interface

of several metal contacts that serve to establish power data flow links between the card and the reader

91


4.3. Electronic Media Types and Characteristics4.3.2. Chip Cards

4.3.2.2. Contactless– Contactless card uses wire coil embedded

into the card's carrier to generate power needed to operate the card and to receive and transmit data from and to the card reader

92


4.3. Electronic Media Types and Characteristics4.3.1. Magnetic Stripe Cards4.3.2. Chip Cards

4.3.3. Hybrids– Hybrid cards can feature a magnetic stripe

and components of a contact and contactless chip card, thus providing multiple interfaces to perform a transaction

93


4.3. Electronic Media Types and Characteristics4.3.1. Magnetic Stripe Cards4.3.2. Chip Cards

4.3.3. Hybrids

94

Electronic Payment Systems (EPS)5. EPS Case Studies

5.1. Washington, DC -- WMATA5.2. Seattle, WA5.3. New York, NY -- MTA5.4. Other systems (Cleveland, OH - GCRTA;

Atlanta, GA - MARTA; Twin Cities, MN; Boston, MA - parking; Ann Arbor, MI; Los Angeles, CA; San Francisco, CA; Ventura Co, CA; Chicago, IL; Delaware; Phoenix, AZ; Europe; Asia-Pacific)

95

Electronic Payment Systems (EPS)6. EPS Evaluation

6.1. Costs6.2. Benefits

Electronic Payment Systems (EPS)

Documents