Module 12: Electronic Fare Payment/Advanced Payment Systems: Open Payments

Student Supplement

(Note: This document has been converted from the Student Supplement to 508-compliant HTML. The formatting has been adjusted for 508 compliance, but all the original text content is included, plus additional text descriptions for the images, photos and/or diagrams have been provided below.)

 

Module 12: Electronic Fare Payment/Advanced Payment Systems: Open Payments

1. Module Description

Electronic Fare Payment (EFP) is the automated calculation, validation, collection, recording, and reporting of passenger fare payments using some form of electronic media for rides on a mass transit system. Agencies universally embrace the need to adopt electronic fare payment systems that provide for more automated means of distribution and validation of fare media. This substantially improves the quantity and quality of payment and ridership data that is collected, and offers significant improvements in the convenience and ease of use for the passenger. Included in the options available for EFP systems is the acceptance of contactless bankcards (credit, debit and prepaid debit cards that are issued by financial institutions) and mobile wallets linked to bankcards for the payment of fares directly at transit points of entry. Such acceptance is generally referred to as "Open Payments" within the mass transit industry.

2. Introduction/Purpose

Implementation of Open Payment acceptance as part of an electronic fare payment system will create a number of technical and operational impacts for the agency and its system integrator although these may, depending on the implementation approach applied, be offset by certain benefits that are unique to this form of fare payment. This module provides an in-depth review of the key stakeholders within the bankcard industry as well as the standards and specifications, regulations and techniques associated with the procurement and implementation of Open Payments acceptance capability. Contents of the module will identify and explore the challenges, risks, and benefits associated with Open Payments acceptance in order to enable participants to understand this approach and to evaluate its use as part of an EFP solution.

3. Samples/Examples

Figure 1: Enlarged version of diagram from Slide 9-Stakeholders. Please see the Extended Text Description below.

(Extended Text Description: This figure has a graphic showing an organization chart with nine (9) different colored boxes that represent the stakeholder groups that control and/or support open payments acceptance. The boxes are labeled, from top to bottom, left to right: Card Networks, Issuers, Acquirers, Mobile Payment System Operators, Independent Sales Organizations, Payment Gateways, Merchant (Transit Agency), System Integrator, and Cardholders (Passengers).)

Figure 1: Enlarged version of diagram from Slide 9-Stakeholders

 

Figure 2: Enlarged version of diagram from Slide 22-Scope of Impact. Please see the Extended Text Description below.

(Extended Text Description: This figure has a graphic with five square boxes with rounded corners. Those five boxes represent the major components of an Electronic Fare Payment System and are labeled from top to bottom, left to right: Acquirer, Fare Media, Reader, Local Device and Central System. Above, below and to the right of that graphic are colored boxes that identify the international standards, federal regulations, and specifications that are applicable to the acceptance of open payments. Those boxes are labeled, from top to bottom, left to right: EMV, Network Specs, ISO/IEC 8583, Regulation II, ISO/IEC 18092, ISO/IEC 14443, Regulation E, Regulation V, and PCI DSS. There are arrows leading from the second sets of boxes outward to indicate the component(s) that is/are potentially covered by the standard, regulation, or specification.)

Figure 2: Enlarged version of diagram from Slide 22-Scope of Impact

 

4. Reference to Standards, Specifications and Regulations

Acceptance of Open Payments requires understand of and compliance with a variety of international standards, regulations and specifications. It is important to understand the nature of each of these types of documents and how they differ.

Standard

A document that defines processes, procedures, and/or technology for the common and repeated use of a system.

Unlike specifications and regulations, a Standard is established by consensus and approved by a recognized standards organization.

International standards are formally approved and maintained by the International Standards Organization (ISO) and/or the International Electrotechnical Commission (IEC).

Example: ISO/IEC 14443 Contactless integrated circuit cards - Proximity cards. This standard defines the physical and electrical requirements for devices that communicate using certain types of radio waves over short distances.

Specification

A detailed description of the performance requirements, dimensions, materials, and interfaces for the development and/or use of a technology or process. Specifications are typically defined and maintained by the party that offers the technology or process and may be changed at any time.

Specifications are different from standards and regulations because they can be created and maintained by private companies and may be changed by those companies without approval from any external party. Compliance with specifications is typically voluntary although it may be required in order to use the owner's products or services.

Example: American Express Expresspay. This specification was developed and is maintained by American Express and is applicable to all cards that bear the American Express brand and all payment terminals that are used to process payments using those cards.

Regulation

A rule or order issued by an executive authority or regulatory agency of a government and having the force of law.

Regulations differ from standards and specifications because they are created, managed and enforced by a government agency, which can make compliance a legal requirement. Agencies that manage regulations typically are required to seek industry comments for a lengthy period of time before adopting any changes.

Example: Regulation E Electronic Fund Transfer Act: This US federal regulation defines requirements for the recording, reporting and dispute of electronic transactions posted to a deposit account.

The following table is a list of the standards, specifications, and regulations described in the training module as well as other related documents. It includes information on how to obtain a copy of each listed documents.

Resource / Provider Cost and Access Method Website
American Express EMV Acceptance on a Terminal Cost: No charge
Access: Via website
https://www209.americanexpress.com/mer chant/singlevoice/pdfs/chipnpin/EMV Ter minal%20Guide.pdf
American Express Expresspay Cost: No charge after free registration on site
Access: Download specifications from American Express Technical Specification website
https://www406.americanexpress.com/MT P/inter/UN/nsNavigateAction.do
Discover D-PAS and ZIP Contact network for additional information https://www.discover.com/credit-cards/help-center/account/zip/
EMV Cost: No charge
Access: Download from EMVCO website
http://www.emvco.com
EMV: Minimum EMV Chip Card and Terminal Requirements Cost: No charge
Access: Download from EMV connection
http://www.emv-connection.com/minimum-emv-chip-card-and-terminal-requirements-u-s/
ISO/IEC 8583 Cost: <$210
Access: Download from ISO website
http://www.Iso.org
ISO/IEC 14443 Cost: <$50
Access: Download from ISO website
ISO/IEC 18092 (NFCIP-1) Cost: <$200
Access: Download from ISO website
ISO/IEC 21481 (NFCIP-2) Cost: <$100
Access: Download from ISO website
MasterCard Rules Cost: No charge
Access: Download from network website
https://www.mastercard.com/us/merchant /pdf/BM-Entire Manual public.pdf
MasterCard PayPass Cost: Paid license required
Access: Download specifications from MasterCard PayPass website
https://www.paypass.com/chip-information.html
Mobile/NFC Standards Landscape Reference Guide Cost: No charge
Access: Download from the SmartCard Alliance website
http://www.smartcardalliance.org/publicati ons-mobile-nfc-standards-landscape/
Payment Card Industry Data Security Standard Cost: No charge
Access: Download from PCI Security Council website
https://www.pcisecuritystandards.org
Regulation E Electronic Funds Transfer Act Cost: No charge
Access: Download from the Electronic Code of Federal Regulations website
http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&sid=635f26c4af3e2fe4327fd25ef4cb5638&tpl=/ecfrbrowse/Title12/12cfr205_main_02.tpl
Regulation II Debit Card Interchange Fees and Routing Cost: No charge
Access: Download from the Federal Government Publishing Office website
https://www.gpo.gov/fdsys/pkg/FR-2011-07-20/pdf/2011-16861.pdf
Regulation V Fair and Accurate Credit Transactions Act Cost: No charge
Access: Download from the Federal Government Publishing Office website
https://www.gpo.gov/fdsys/pkg/PLAW-108publ159/pdf/PLAW-108publ159.pdf
Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization Cost: No charge
Access: Download from the SmartCard Alliance website
http://www.smartcardalliance.org/publicati ons-technologies-for-payment-fraud-prevention-emv-encryption-and-tokenization/
Preliminary Strategic Analysis of Next Generation Fare Payment Systems for Public Transportation Cost: No charge
Access: Download from the TRG.org website
http://www.trb.org/Main/Blurbs/172494.as
Transit and Contactless Open Payments: An Emerging Approach for Fare Collection Cost: No charge
Access: Download from the SmartCard Alliance website
http://www.smartcardalliance.org/publicati ons-transit-financial-2011/?redirect=http%3A%2F%2Fwww.smartcardalliance.org%2Fpublications-transit-financial-2011
Visa Integrated Circuit Card Specifications (VIS) 1.5 Cost: Paid license required
Access: Download specifications from Visa Technology Specifications website
https://technologypartner.visa.com/Library /Specifications.aspx#42
Visa Core Rules Cost: No charge
Access: Download from the network website
https://usa.visa.com/dam/VCOM/download/about-visa/15-April-2015-Visa-Rules-Public.pdf
Visa payWave Cost: Paid license required
Access: Download specifications from Visa Technology Specifications website
https://technologypartner.visa.com/Library /Specifications.aspx

 

5. Case Studies

A photo of a card validator sitting on a train station platform. In the background, there is a commuter train and stair rails. Superimposed on the photo is the logo of the Utah Transit Authority, with the letters UTA and a red, white and blue symbol.

Other Open Payment Acceptance Programs in the U.S.

Agency Program Name Open Payments Acceptance Method Status as of July 2016
Chicago Transit Authority (CTA)
Chicago, IL
Ventra PAYG plus Account-based System Full revenue service beginning in late 2013
Southeastern Pennsylvania Transportation Authority (SEPTA)
Philadelphia, PA
SEPTA Key PAYG plus Account-based System Pilot implementation
Tri-County Metropolitan Transportation District of Oregon (TRIMET)
Portland, OR
HOP Fastpass PAYG plus Account-based System In development
New York Metropolitan Transportation Authority (NY MTA)
New York, NY
New Fare Payment System PAYG plus Account-based System Request for Proposals

 

6. Glossary

Term Definition
Account-based System Type of electronic fare payment system where fare processing rules and passenger account information is stored and used in a central system to calculate and approve fares
Acquirer Entity responsible for the processing of bankcard transactions on behalf of a merchant
Aggregation A method of temporarily storing bankcard payment transactions and then submitting those as a single payment in order to reduce the merchant fees
Authentication A mechanism for confirming the legitimacy of a device, payment media or transaction
Authorization Process used to provide real-time guarantee of payment to merchant
Authorization Code Alphanumeric value representing an authorization
Authorized User Any person with permission to use a card
Bankcard Any debit, credit or prepaid debit card issued by a financial institution
Cardholder A person that applies for and receives a bankcard from an issuer and subsequently uses it to pay for products and/or services at merchant locations
Cardholder Verification Method (CVM): One of three different, optional processes provided in the EMV specifications to verify that the authorized cardholder is present at the merchant point of sale or an ATM
Card Network Entity that operates a system and sets and enforces rules for the processing of bankcard transactions
Card Network Contactless Card Specifications This term refers to the unique specifications for contactless bankcards that are independently developed, maintained and enforced by each of the Card Networks
Card Network Operating Rules This term refers to the unique set of rules for issuing of bankcards and processing of all transactions involving those bankcards that are developed, maintained and enforced by each of the Card Networks
Card Not Present Transaction where card information is manually entered to initiate payment process
Card Present Transaction where card is physically used to initiate payment process
Chargeback Rejected or disputed payment transaction
Chip and PIN Term used to refer to EMV-compliant cards that require entry of a PIN with each use of the card
Combined Data Authentication (CDA): Optional, more secure method using two cryptograms with each transaction to verify the authenticity of an EMV card being used at a point of sale terminal
Common Payment Applications (CPA): One of several EMV specifications distributed by EMVCo that defines a payment application that can be applied to EMV cards
Data Breach An incident where personally identifiable information (PII) data and, in particular, bankcard data stored or being processed by a merchant, ISO, acquirer, issuer or other entity is accessed by an authorized party
Dynamic Data Authentication (DDA): Standard method using a unique cryptogram for each transaction to verify the authenticity of an EMV card being used at a point of sale terminal
Electronic Fare Payment System (EFPS) A system that performs automated calculation, collection, recording, and reporting of fare payment transactions for rides on a public transit system. An EFPS uses some form of electronic validation and, in most instances, electronic fare media (e.g. contactless smart card, magnetic stripe card, card emulated through mobile phone)
EMV (Europay, MasterCard, Visa) Abbreviation used to refer to a set of international specifications for computer chip-based bankcards and terminals
EMVCo Public corporation responsible for the maintenance and distribution of the EMV specifications
Fare Capping Form of fare policy where fares using a distinct card are assessed and tracked for a particular time period until a predetermined maximum amount is reached, after which the passenger is allowed to ride for free for the duration of the time period
Fare Media Any instrument, such as cash, credit cards, debit cards, benefit accounts, employer transit accounts, or mobile device that may be used to purchase transit services or fare media
Fare Product Any for of prepaid instrument that can be applied to the payment of fares such as a monthly pass or single ride ticket
Independent Sales Organization (ISO) An entity that acts as a reseller of an Acquirer's bankcard payment processing services to merchants. The ISO may also provide added value services, such as customer loyalty programs, that are supplemental to the bankcard payment processing services.
International Organization for Standards (ISO) ISO is an independent, non-governmental international organization with a membership of 162 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.
Interchange A portion of the merchant fees that are paid to the card issuer
ISO/IEC 14443 An international standard that defines short range, radio wave-based communications between a card and a device
ISO/IEC 8583 An international standard that defines the format and content of messages that are exchanged to enable electronic processing of payments and other transactions using a bankcard
ISO/IEC 18092 An international standard that defines methods to facilitate short range, radio wave-based communications between any two devices (e.g. a mobile phone and a payment terminal). This standard, commonly known as "Near Field Communications" builds on the ISO/IEC 14443 and others preexisting standards.
Issuer The entity responsible for the distribution of the card, management of the card accounts and provision of cardholder service
Merchant An entity that accepts bankcards for payment of its products or services. In an electronic fare payment system with Open Payments acceptance, the transit agency is the merchant.
Merchant Fees A collection of charges assessed to an organization for the acceptance of bankcards for payment of the organization's goods or services
Mobile Payment A point-of-sale payment transaction made through a mobile device (such as a smartphone, "smart watch," or other smart device), in which the mobile device functions as a contactless payment card.
Mobile Payment System Operator Entity typically responsible for the design, development, operation and ongoing maintenance of a system enabling mobile devices to be used to make payments at physical points of sale.
Mobile Wallet A term used to refer to a software application that resides on a mobile device and is used to store data, or a token of the data, for any number of card products for a particular cardholder including but not limited to bankcards, loyalty cards and identity cards.
Open Payments Acceptance The acceptance of bank-issued contactless debit, credit and prepaid debit cards ("bankcards") for payment of fares in an electronic fare payment system at transit points of entry. These contactless bankcards may be used in the form of a traditional credit card-sized piece of plastic or in a mobile device that stores the card data (or an electronic token of that data) and transmits it via radio waves to a device on a transit vehicle or in a station.
Pay As You Go (PAYG) A type of fare payment where each transaction results in a monetary charge to an account of the passenger. The charge may be applied to a pool of stored value that was previously purchased by the passenger or to a bank account or line of credit when the passenger uses a bankcard to initiate the transaction.
Payment Card Industry Data Security Standard (PCI DSS) A set of documents which define requirements and guidelines for the protection of bankcard data
Payment Gateway A system that provides for processing of bankcard payment transactions as a service to merchants
Personal Identification Number (PIN) Four digit number used to verify that the authorized cardholder is present at the point of sale or ATM where an EMV transaction is originating
Point of Sale (POS) Term used to refer to merchant terminal used to perform authorization and settlement
Public Key Infrastructure (PKI): For of cryptography that uses a public/private key pair to enable distribution of keys to devices and systems to enable decryption of a cryptogram and/or electronic validation of a digital certificate without compromising the security of the encryption scheme
Regulation E - Electronic Fund Transfer Act This US regulation defines requirements for electronic transactions that add or deduct funds from a bank account
Regulation II - Debit Card Interchange Fees and Routing This US regulation establishes maximum limits on the amount of interchange that can be assessed to merchants for their acceptance of a bank-issued debit card. It also defines requirements for the routing of payment transactions initiated with a debit card.
Regulation V - Fair and Accurate Transactions Act This U.S. regulation defines requirements for the correct posting and reporting of bankcard transactions as well as certain limitations on the amount of bankcard data that can be recorded on transaction receipts
Settlement Process used to obtain funds from Issuer to pay to merchant and all other network providers
Smart Card A transit fare card, bankcard, or identification card or other credential that includes an embedded computer chip and antenna
System Integrator An entity that typically designs, develops and installs an electronic fare payment system under contract with a transit agency
Title VI A portion of the Civil Rights Act of 1964, a U.S. law that prohibits discrimination based on race, color or national origin in programs or activities which receive federal financial assistance
Tokenization The process of securely storing bankcard data and providing merchants and acquirers with a representative value that can be used like bankcard data to process payments while greatly limiting the possibility of that data being used fraudulently if stolen
Zero Liability Policy of card issuers protecting cardholders for losses due to fraud

 

7. Study Questions

To include the quiz/poll questions and answer choices as presented in the PowerPoint slide to allow students to either follow along with the recording or refer to the quiz at a later date in the supplement.

Learning Objective 1

Which of the following is NOT a key stakeholder for an EFPS that accepts Open Payments?

  1. Issuer
  2. Card Network
  3. POS Terminal Manufacturer
  4. Cardholder

Learning Objective 2

Which of the following three methods for implementing Open Payments acceptance enables passenger purchase and use of prepaid fare products?

  1. Pay as You Go
  2. Pay as You Go + Fare Capping
  3. Pay as You Go + Account-based

Learning Objective 3

Which of the following is NOT a key risk associated with the implementation of Open Payment Acceptance with an EFPS?

  1. Obsolete technology
  2. Operational costs: Standard compliance and merchant fees
  3. Bankcard data breach
  4. Issuer participation

 

8. Icon Guide

The following icons are used throughout the module to visually indicate the corresponding learning concept listed out below, and/or to highlight a specific point in the training material.

1) Tools/Applications: An industry-specific item a person would use to accomplish a specific task, and applying that tool to fit your need.

Example: Systems engineering, specifications, test documentation, etc. A systems engineering approach to developing an ATC procurement specification.

Tools/Applications icon. An industry-specific item a person would use to accomplish a specific task, and applying that tool to fit your need.

2) Remember: Used when referencing something already discussed in the module that is necessary to recount.

Example: "Recall our discussion on [insert topic] back in Learning Objective 1..."

Remember icon. Used when referencing something already discussed in the module that is necessary to recount.

3) Refer to Student Supplement: Items or information that are further explained/detailed in the Student Supplement.

Example: Additional information on a standard, additional case studies or examples that don't fit into the PowerPoint itself, external resources, etc.

Supplement icon indicating items or information that are further explained/detailed in the Student Supplement.

4) Example: Can be real-world (case study), hypothetical, a sample of a table, etc.

Example icon. Can be real-world (case study), hypothetical, a sample of a table, etc.