Module 12: Electronic Fare Payment/Advanced Payment Systems: Open Payments
Student Supplement
(Note: This document has been converted from the Student Supplement to 508-compliant HTML. The formatting has been adjusted for 508 compliance, but all the original text content is included, plus additional text descriptions for the images, photos and/or diagrams have been provided below.)
Module 12: Electronic Fare Payment/Advanced Payment Systems: Open Payments
1. Module Description
Electronic Fare Payment (EFP) is the automated calculation, validation, collection, recording, and reporting of passenger fare payments using some form of electronic media for rides on a mass transit system. Agencies universally embrace the need to adopt electronic fare payment systems that provide for more automated means of distribution and validation of fare media. This substantially improves the quantity and quality of payment and ridership data that is collected, and offers significant improvements in the convenience and ease of use for the passenger. Included in the options available for EFP systems is the acceptance of contactless bankcards (credit, debit and prepaid debit cards that are issued by financial institutions) and mobile wallets linked to bankcards for the payment of fares directly at transit points of entry. Such acceptance is generally referred to as "Open Payments" within the mass transit industry.
2. Introduction/Purpose
Implementation of Open Payment acceptance as part of an electronic fare payment system will create a number of technical and operational impacts for the agency and its system integrator although these may, depending on the implementation approach applied, be offset by certain benefits that are unique to this form of fare payment. This module provides an in-depth review of the key stakeholders within the bankcard industry as well as the standards and specifications, regulations and techniques associated with the procurement and implementation of Open Payments acceptance capability. Contents of the module will identify and explore the challenges, risks, and benefits associated with Open Payments acceptance in order to enable participants to understand this approach and to evaluate its use as part of an EFP solution.
3. Samples/Examples
(Extended Text Description: This figure has a graphic showing an organization chart with nine (9) different colored boxes that represent the stakeholder groups that control and/or support open payments acceptance. The boxes are labeled, from top to bottom, left to right: Card Networks, Issuers, Acquirers, Mobile Payment System Operators, Independent Sales Organizations, Payment Gateways, Merchant (Transit Agency), System Integrator, and Cardholders (Passengers).)
Figure 1: Enlarged version of diagram from Slide 9-Stakeholders
(Extended Text Description: This figure has a graphic with five square boxes with rounded corners. Those five boxes represent the major components of an Electronic Fare Payment System and are labeled from top to bottom, left to right: Acquirer, Fare Media, Reader, Local Device and Central System. Above, below and to the right of that graphic are colored boxes that identify the international standards, federal regulations, and specifications that are applicable to the acceptance of open payments. Those boxes are labeled, from top to bottom, left to right: EMV, Network Specs, ISO/IEC 8583, Regulation II, ISO/IEC 18092, ISO/IEC 14443, Regulation E, Regulation V, and PCI DSS. There are arrows leading from the second sets of boxes outward to indicate the component(s) that is/are potentially covered by the standard, regulation, or specification.)
Figure 2: Enlarged version of diagram from Slide 22-Scope of Impact
4. Reference to Standards, Specifications and Regulations
Acceptance of Open Payments requires understand of and compliance with a variety of international standards, regulations and specifications. It is important to understand the nature of each of these types of documents and how they differ.
Standard
A document that defines processes, procedures, and/or technology for the common and repeated use of a system.
Unlike specifications and regulations, a Standard is established by consensus and approved by a recognized standards organization.
International standards are formally approved and maintained by the International Standards Organization (ISO) and/or the International Electrotechnical Commission (IEC).
Example: ISO/IEC 14443 Contactless integrated circuit cards - Proximity cards. This standard defines the physical and electrical requirements for devices that communicate using certain types of radio waves over short distances.
Specification
A detailed description of the performance requirements, dimensions, materials, and interfaces for the development and/or use of a technology or process. Specifications are typically defined and maintained by the party that offers the technology or process and may be changed at any time.
Specifications are different from standards and regulations because they can be created and maintained by private companies and may be changed by those companies without approval from any external party. Compliance with specifications is typically voluntary although it may be required in order to use the owner's products or services.
Example: American Express expressPay. This specification was developed and is maintained by American Express and is applicable to all cards that bear the American Express brand and all payment terminals that are used to process payments using those cards.
Regulation
A rule or order issued by an executive authority or regulatory agency of a government and having the force of law.
Regulations differ from standards and specifications because they are created, managed and enforced by a government agency, which can make compliance a legal requirement. Agencies that manage regulations typically are required to seek industry comments for a lengthy period of time before adopting any changes.
Example: Regulation E Electronic Fund Transfer Act: This US federal regulation defines requirements for the recording, reporting and dispute of electronic transactions posted to a deposit account.
The following table is a list of the standards, specifications, and regulations described in the training module as well as other related documents. It includes information on how to obtain a copy of each listed documents.
| Resource / Provider | Cost and Access Method | Website |
|---|---|---|
| American Express EMV Acceptance on a Terminal |
Cost: No charge Access: Via website |
https://www209.americanexpress.com/merchant/singlevoice/pdfs/chipnpin/EMVTerminal%20Guide.pdf- content is no longer available. |
| American Express expressPay |
Cost: No charge after free registration on site Access: Download specifications from American Express Technical Specification website |
https://www406.americanexpress.com/MTP/inter/UN/nsNavigateAction.do- content is no longer available. |
| Discover D-PAS and ZIP | Contact network for additional information | https://www.discover.com/credit-cards/help-center/account/zip/ |
| EMV |
Cost: No charge Access: Download from EMVCO website |
https://www.emvco.com |
| EMV: Minimum EMV Chip Card and Terminal Requirements |
Cost: No charge Access: Download from EMV connection |
https://www.emv-connection.com/minimum-emv-chip-card-and-terminal-requirements-u-s/ |
| ISO/IEC 8583 |
Cost: <$210 Access: Download from ISO website |
https://www.iso.org |
| ISO/IEC 14443 |
Cost: <$50 Access: Download from ISO website |
|
| ISO/IEC 18092 (NFCIP-1) |
Cost: <$200 Access: Download from ISO website |
|
| ISO/IEC 21481 (NFCIP-2) |
Cost: <$100 Access: Download from ISO website |
|
| MasterCard Rules |
Cost: No charge Access: Download from network website |
https://www.mastercard.com/us/merchant /pdf/BM-Entire Manual public.pdf |
| MasterCard PayPass |
Cost: Paid license required Access: Download specifications from MasterCard PayPass website |
https://www.paypass.com/chip-information.html- content is no longer available. |
| Mobile/NFC Standards Landscape Reference Guide |
Cost: No charge Access: Download from the Smart Card Alliance website |
https://www.smartcardalliance.org/publicati ons-mobile-nfc-standards-landscape/ |
| Payment Card Industry Data Security Standard |
Cost: No charge Access: Download from PCI Security Council website |
https://www.pcisecuritystandards.org |
| Regulation E Electronic Funds Transfer Act |
Cost: No charge Access: Download from the Electronic Code of Federal Regulations website |
https://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&sid=635f26c4af3e2fe4327fd25ef4cb5638&tpl=/ecfrbrowse/Title12/12cfr205_main_02.tpl |
| Regulation II Debit Card Interchange Fees and Routing |
Cost: No charge Access: Download from the Federal Government Publishing Office website |
https://www.gpo.gov/fdsys/pkg/FR-2011-07-20/pdf/2011-16861.pdf |
| Regulation V Fair and Accurate Credit Transactions Act |
Cost: No charge Access: Download from the Federal Government Publishing Office website |
https://www.gpo.gov/fdsys/pkg/PLAW-108publ159/pdf/PLAW-108publ159.pdf |
| Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization |
Cost: No charge Access: Download from the Smart Card Alliance website |
https://www.smartcardalliance.org/publicati ons-technologies-for-payment-fraud-prevention-emv-encryption-and-tokenization/ |
| Preliminary Strategic Analysis of Next Generation Fare Payment Systems for Public Transportation |
Cost: No charge Access: Download from the TRG.org website |
https://www.trb.org/Main/Blurbs/172494.aspx |
| Transit and Contactless Open Payments: An Emerging Approach for Fare Collection |
Cost: No charge Access: Download from the Smart Card Alliance website |
https://www.smartcardalliance.org/publicati ons-transit-financial-2011/?redirect=http%3A%2F%2Fwww.smartcardalliance.org%2Fpublications-transit-financial-2011 |
| Visa Integrated Circuit Card Specifications (VIS) 1.5 |
Cost: Paid license required Access: Download specifications from Visa Technology Specifications website |
https://technologypartner.visa.com/Library /Specifications.aspx#42 |
| Visa Core Rules |
Cost: No charge Access: Download from the network website |
https://usa.visa.com/dam/VCOM/download/about-visa/15-April-2015-Visa-Rules-Public.pdf- content is no longer available. |
| Visa payWave |
Cost: Paid license required Access: Download specifications from Visa Technology Specifications website |
https://technologypartner.visa.com/Library /Specifications.aspx |
5. Case Studies
- Utah Transit Authority (UTA) Electronic Fare Program
- Originally launched in January 2009
- Buses and light rail system
-
Media:
- Third party, contactless cards
- Contactless bankcards (full, single adult fares only)
- Agency-branded, closed-loop prepaid card added in 2013
- Implementation method: PAYG. Agency also offers account-based system linked to agency-issued, closed-loop cards
- Usage of bankcards <1%
Other Open Payment Acceptance Programs in the U.S.
| Agency | Program Name | Open Payments Acceptance Method | Status as of July 2016 |
|---|---|---|---|
|
Chicago Transit Authority (CTA) Chicago, IL |
Ventra | PAYG plus Account-based System | Full revenue service beginning in late 2013 |
|
Southeastern Pennsylvania Transportation Authority (SEPTA) Philadelphia, PA |
SEPTA Key | PAYG plus Account-based System | Pilot implementation |
|
Tri-County Metropolitan Transportation District of Oregon (TRIMET) Portland, OR |
hop Fastpass | PAYG plus Account-based System | In development |
|
New York Metropolitan Transportation Authority (NY MTA) New York, NY |
New Fare Payment System | PAYG plus Account-based System | Request for Proposals |
6. Glossary
| Term | Definition |
|---|---|
| Account-based System | Type of electronic fare payment system where fare processing rules and passenger account information is stored and used in a central system to calculate and approve fares |
| Acquirer | Entity responsible for the processing of bankcard transactions on behalf of a merchant |
| Aggregation | A method of temporarily storing bankcard payment transactions and then submitting those as a single payment in order to reduce the merchant fees |
| Authentication | A mechanism for confirming the legitimacy of a device, payment media or transaction |
| Authorization | Process used to provide real-time guarantee of payment to merchant |
| Authorization Code | Alphanumeric value representing an authorization |
| Authorized User | Any person with permission to use a card |
| Bankcard | Any debit, credit or prepaid debit card issued by a financial institution |
| Cardholder | A person that applies for and receives a bankcard from an issuer and subsequently uses it to pay for products and/or services at merchant locations |
| Cardholder Verification Method (CVM): | One of three different, optional processes provided in the EMV specifications to verify that the authorized cardholder is present at the merchant point of sale or an ATM |
| Card Network | Entity that operates a system and sets and enforces rules for the processing of bankcard transactions |
| Card Network Contactless Card Specifications | This term refers to the unique specifications for contactless bankcards that are independently developed, maintained and enforced by each of the Card Networks |
| Card Network Operating Rules | This term refers to the unique set of rules for issuing of bankcards and processing of all transactions involving those bankcards that are developed, maintained and enforced by each of the Card Networks |
| Card Not Present | Transaction where card information is manually entered to initiate payment process |
| Card Present | Transaction where card is physically used to initiate payment process |
| Chargeback | Rejected or disputed payment transaction |
| Chip and PIN | Term used to refer to EMV-compliant cards that require entry of a PIN with each use of the card |
| Combined Data Authentication (CDA): | Optional, more secure method using two cryptograms with each transaction to verify the authenticity of an EMV card being used at a point of sale terminal |
| Common Payment Applications (CPA): | One of several EMV specifications distributed by EMVCo that defines a payment application that can be applied to EMV cards |
| Data Breach | An incident where personally identifiable information (PII) data and, in particular, bankcard data stored or being processed by a merchant, ISO, acquirer, issuer or other entity is accessed by an authorized party |
| Dynamic Data Authentication (DDA): | Standard method using a unique cryptogram for each transaction to verify the authenticity of an EMV card being used at a point of sale terminal |
| Electronic Fare Payment System (EFPS) | A system that performs automated calculation, collection, recording, and reporting of fare payment transactions for rides on a public transit system. An EFPS uses some form of electronic validation and, in most instances, electronic fare media (e.g. contactless smart card, magnetic stripe card, card emulated through mobile phone) |
| EMV (Europay, MasterCard, Visa) | Abbreviation used to refer to a set of international specifications for computer chip-based bankcards and terminals |
| EMVCo | Public corporation responsible for the maintenance and distribution of the EMV specifications |
| Fare Capping | Form of fare policy where fares using a distinct card are assessed and tracked for a particular time period until a predetermined maximum amount is reached, after which the passenger is allowed to ride for free for the duration of the time period |
| Fare Media | Any instrument, such as cash, credit cards, debit cards, benefit accounts, employer transit accounts, or mobile device that may be used to purchase transit services or fare media |
| Fare Product | Any form of prepaid instrument that can be applied to the payment of fares such as a monthly pass or single ride ticket |
| Independent Sales Organization (ISO) | An entity that acts as a reseller of an Acquirer's bankcard payment processing services to merchants. The ISO may also provide added value services, such as customer loyalty programs, that are supplemental to the bankcard payment processing services. |
| International Organization for Standards (ISO) | ISO is an independent, non-governmental international organization with a membership of 162 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges. |
| Interchange | A portion of the merchant fees that are paid to the card issuer |
| ISO/IEC 14443 | An international standard that defines short range, radio wave-based communications between a card and a device |
| ISO/IEC 8583 | An international standard that defines the format and content of messages that are exchanged to enable electronic processing of payments and other transactions using a bankcard |
| ISO/IEC 18092 | An international standard that defines methods to facilitate short range, radio wave-based communications between any two devices (e.g. a mobile phone and a payment terminal). This standard, commonly known as "Near Field Communications" builds on the ISO/IEC 14443 and others preexisting standards. |
| Issuer | The entity responsible for the distribution of the card, management of the card accounts and provision of cardholder service |
| Merchant | An entity that accepts bankcards for payment of its products or services. In an electronic fare payment system with Open Payments acceptance, the transit agency is the merchant. |
| Merchant Fees | A collection of charges assessed to an organization for the acceptance of bankcards for payment of the organization's goods or services |
| Mobile Payment | A point-of-sale payment transaction made through a mobile device (such as a smartphone, "smart watch," or other smart device), in which the mobile device functions as a contactless payment card. |
| Mobile Payment System Operator | Entity typically responsible for the design, development, operation and ongoing maintenance of a system enabling mobile devices to be used to make payments at physical points of sale. |
| Mobile Wallet | A term used to refer to a software application that resides on a mobile device and is used to store data, or a token of the data, for any number of card products for a particular cardholder including but not limited to bankcards, loyalty cards and identity cards. |
| Open Payments Acceptance | The acceptance of bank-issued contactless debit, credit and prepaid debit cards ("bankcards") for payment of fares in an electronic fare payment system at transit points of entry. These contactless bankcards may be used in the form of a traditional credit card-sized piece of plastic or in a mobile device that stores the card data (or an electronic token of that data) and transmits it via radio waves to a device on a transit vehicle or in a station. |
| Pay As You Go (PAYG) | A type of fare payment where each transaction results in a monetary charge to an account of the passenger. The charge may be applied to a pool of stored value that was previously purchased by the passenger or to a bank account or line of credit when the passenger uses a bankcard to initiate the transaction. |
| Payment Card Industry Data Security Standard (PCI DSS) | A set of documents which define requirements and guidelines for the protection of bankcard data |
| Payment Gateway | A system that provides for processing of bankcard payment transactions as a service to merchants |
| Personal Identification Number (PIN) | Four digit number used to verify that the authorized cardholder is present at the point of sale or ATM where an EMV transaction is originating |
| Point of Sale (POS) | Term used to refer to merchant terminal used to perform authorization and settlement |
| Public Key Infrastructure (PKI): | For of cryptography that uses a public/private key pair to enable distribution of keys to devices and systems to enable decryption of a cryptogram and/or electronic validation of a digital certificate without compromising the security of the encryption scheme |
| Regulation E - Electronic Fund Transfer Act | This US regulation defines requirements for electronic transactions that add or deduct funds from a bank account |
| Regulation II - Debit Card Interchange Fees and Routing | This US regulation establishes maximum limits on the amount of interchange that can be assessed to merchants for their acceptance of a bank-issued debit card. It also defines requirements for the routing of payment transactions initiated with a debit card. |
| Regulation V - Fair and Accurate Transactions Act | This U.S. regulation defines requirements for the correct posting and reporting of bankcard transactions as well as certain limitations on the amount of bankcard data that can be recorded on transaction receipts |
| Settlement | Process used to obtain funds from Issuer to pay to merchant and all other network providers |
| Smart Card | A transit fare card, bankcard, or identification card or other credential that includes an embedded computer chip and antenna |
| System Integrator | An entity that typically designs, develops and installs an electronic fare payment system under contract with a transit agency |
| Title VI | A portion of the Civil Rights Act of 1964, a U.S. law that prohibits discrimination based on race, color or national origin in programs or activities which receive federal financial assistance |
| Tokenization | The process of securely storing bankcard data and providing merchants and acquirers with a representative value that can be used like bankcard data to process payments while greatly limiting the possibility of that data being used fraudulently if stolen |
| Zero Liability | Policy of card issuers protecting cardholders for losses due to fraud |
7. Study Questions
To include the quiz/poll questions and answer choices as presented in the PowerPoint slide to allow students to either follow along with the recording or refer to the quiz at a later date in the supplement.
Learning Objective 1
Which of the following is NOT a key stakeholder for an EFPS that accepts Open Payments?
- Issuer
- Card Network
- POS Terminal Manufacturer
- Cardholder
Learning Objective 2
Which of the following three methods for implementing Open Payments acceptance enables passenger purchase and use of prepaid fare products?
- Pay as You Go
- Pay as You Go + Fare Capping
- Pay as You Go + Account-based
Learning Objective 3
Which of the following is NOT a key risk associated with the implementation of Open Payment Acceptance with an EFPS?
- Obsolete technology
- Operational costs: Standard compliance and merchant fees
- Bankcard data breach
- Issuer participation
8. Icon Guide
The following icons are used throughout the module to visually indicate the corresponding learning concept listed out below, and/or to highlight a specific point in the training material.
1) Tools/Applications: An industry-specific item a person would use to accomplish a specific task, and applying that tool to fit your need.
Example: Systems engineering, specifications, test documentation, etc. A systems engineering approach to developing an ATC procurement specification.
2) Remember: Used when referencing something already discussed in the module that is necessary to recount.
Example: "Recall our discussion on [insert topic] back in Learning Objective 1..."
3) Refer to Student Supplement: Items or information that are further explained/detailed in the Student Supplement.
Example: Additional information on a standard, additional case studies or examples that don't fit into the PowerPoint itself, external resources, etc.
4) Example: Can be real-world (case study), hypothetical, a sample of a table, etc.
