Protecting riders is one of the most important jobs of a transit agency. This includes keeping them safe during transit – making sure all vehicles are in good condition, drivers are well-instructed and well-rested, security protocols are in place in an undesirable event. But there is one more security area that we need to be able to cover and that is user and payment data security. As more and more agencies opt to use digital solutions such as account-based fare collection, EMV and mobile ticketing, every rider’s data needs to be protected. So, how secure is AFC? And what can we do to improve the data and payment security in automated fare collection systems without infringing riders’ privacy?
In this article:
- What is an automated fare collection system (AFC)?
- How does automated fare collection work?
- What is electronic fare collection?
- Transit agencies & payment security protocols
- How can we ensure payment security within an AFC system?
First, let’s talk about the basics of AFC systems.
What is an automated fare collection system (AFC)?
An automated fare collection system is a system that uses a combination of components to automate the purchase and validation of tickets within a transit system. These components include ticket vending machines, mobile ticketing applications, electronic validators, web portal, administrative panel (back office), etc.
How does automated fare collection work?
Automated fare collection systems have become the standard in modern transit. Depending on the needs of every agency, AFC offers different fare media (smart cards, mobile ticketing, paper tickets, smart wearables, EMV) that can be recharged via debit/credit cards, ticket vending machines, web portals, and ticket windows.
In account-based AFC systems, all these methods can be used interchangeably as multiple fare media can be connected to one and the same rider account. In most cases, fare media interacts with the system via electronic validators. These can be onboard devices, fare gates or other types of validation equipment. Once the validation has occurred, the validator notifies the system so that the required amount is taken from the rider’s account. Depending on the type of system – on-prem (agency owns all the critical hardware on their premises) or cloud-based (no investment in hardware, just peripheral devices with connection to the cloud), this process can happen in real time or at a designated synchronization period.
What is electronic fare collection?
Electronic fare collection refers to a set of components that enable the use of digital technologies to purchase and validate tickets – such as mobile applications and electronic validators. In recent years, many agencies have implemented electronic fare collection due to its ease of use for the riders, the reduction in reliance on paper tickets and NFC cards, as well as the treasure trove of data that the agency can receive from the system.
With electronic validation, agencies can collect data about purchase behavior, validation time and place, etc., thus adding a valuable layer of reporting to the AFC system.
Transit agencies & payment security protocols
As of October 2020, as many as 40% of transit agencies report not having cyber attack preparedness plans. While we sincerely hope this number has gone down, it shows a remarkable gap in security that can ultimately lead to agencies failing their riders. Trust is difficult to gain, and this scenario is to be avoided at any cost. As digitalization sweeps the industry – agencies are automating one process after another, privacy and data security is a question on top of the list when choosing a provider.
The Transportation System Sector has been designated one of the 16 critical sectors whose disruption can have a debilitating effect on national security. This means that cyber incidents in our industry have the potential to wreak havoc on the daily lives of people. Remember the lines of anxious drivers waiting to get gas after the Colonial Pipeline cyberattack? It is this type of disruption we need to prevent and a response plan for cybercrimes is indeed a critical part of a transit agency’s defense system.
How can we ensure payment security within an AFC system?
One of the weakest spots in every automated fare collection system is payments – adding sensitive information to your account. This includes debit/credit card numbers, name, billing address, phone number and more. This may be done through a mobile application or through a web portal and is an action that card users are all too familiar with.
- PCI/DSS compliance is obligatory: When choosing an automated fare collection provider, this certification is one of the first things to look at. It has four levels based on the volume of transactions and, in most cases, requires providers to pass a vulnerability scan along with providing a set of documents outlining the product’s safety profile.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
We at Modeshitf believe that security should be a primary focus when designing software for the transit industry. Our account-based fare collection platform is based on Microsoft Azure Cloud which secures data processing. Our solution is Level 1 PCI compliant to allow payments via PayPal, Braintree & more. All of this is included in the pay-per-vehicle package we offer to our customers at no extra cost.
During the payment process, no cardholder data is being processed or stored by Modeshift. The system relies on tokenization. Upon authorization, a unique token is generated by the payment processor and is stored in Modeshift’s environment. Tokens are card-based which means that the system will have the same token every time the same card is used. Tokens have no direct relationship with the data they replace. Based on these tokens the system can match payments to accounts and allows inspection and reporting.
- Securing the cloud: cloud-based AFC providers make sure that the system architecture they are building conforms to a comprehensive set of security protocols to protect and anonymize user data. In the case of cloud-based services, they are implemented according to the CSA (Cloud Security Alliance) guidance. This ensures all user data and payment reports are protected in real time.
- Cyberattack response: agencies need a protocol that outlines a step-by-step course of action if a cyber incident occurs. As we mentioned, 40% of agencies might not have a plan. So, in case of an accident, the electronic AFC system provider might prove to be the first and last line of defense. Therefore, it is so important that they have a disaster recovery plan in place which includes prevention, anticipation, and mitigation efforts at all levels.
The best time to create a cyber incident response plan was when the electronic AFC system was implemented. The second best time is now.
We at Modeshift, as a public transport tech provider, are at the intersection between technology and public transit. We understand how important our role is in securing a critical infrastructure that millions of people rely on on a daily basis. We also understand that we need to balance the data needs of the agencies with the privacy of the riders and provide the best reporting possible without infringing on personal rights. Modeshift has proven to be a trusted partner during both implementation and in real-time operations, with a system and team that can respond to critical issues 24/7. This is how we know we are doing the best for our customers and their riders. We would love to talk to you about your city’s needs – contact us today via the form below!