Transit fare collection has been moving toward a model to utilize the contactless payment card exactly as issued within the transit environment. A contactless payment application, as defined to-date, can be an on-line transaction requiring end-to-end authentication and issuer approval/decline of the transaction. This type of transaction may typically take 3 to 7 seconds to process through standard payment system channels. A standard payment system channel may include a merchant system, an acquirer, an acquirer processor, a payment processing system (e.g., VisaNet), an issuer, an issuer processor, etc. Transaction speeds of this magnitude are accepted as the norm in retail point of sale environments.
Some transit agencies have targeted a 300 millisecond (ms) transaction time to meet the needs of this environment in order to process 30 to 45 patrons per minute through a gate access device. Because of these transaction speed considerations, transit fare agencies have positioned their solution as an off-line transaction at the gate or farebox. This is due to the fact that there is no time in the transit environment to go on-line for the issuer to approve/decline the fare transaction. A transit agency cannot wait for 3 to 7 seconds to approve a transaction. An off-line process at the gate or farebox is accomplished without full issuer authorization.
In an “on-line” transaction, authorization is received before the release of goods or services. In an “off-line” transaction, goods and services may be released by a merchant or service provider prior to receiving authorization from a payment processing organization such as Visa or the issuer.
When a transaction is performed off-line with a contactless payment card, there are security and other risks associated with the use of the contactless payment application in this fashion. A list of the problems associated with using the contactless payment card in off-line mode include:
Authentication: No card/reader authentication is included in the magnetic stripe data (MSD) application, and without card authentication there is potential for high fraud due to the potential for counterfeiting of cards and accounts.
Fraud and Negative List: Transactions are not approved in real time, which means that any card must be allowed to work without authorization. This would include lost/stolen, counterfeit, negative balance, and other cards with account problems. With off-line transactions, the transit agency must keep a negative list of bad account numbers that previously resulted in declined transactions. The negative list is the only mechanism to deter fraud in the off-line environment. There are problems associated with negative lists, including the fact that the negative list would have to grow unbounded as more contactless payment issuance takes place. The problem is that memory space is limited in the fare device, and the time it takes to search a negative list is prohibitive. Therefore, the list must be contained. This, in turn, means that some known bad cards would have to be removed from the negative list to keep the list length in check, which again opens the door to fraud.
Data Security/Storage: Protection of cardholder data (Payment Card Industry (PCI)/Data Security Standard (DSS) Compliance—a set of comprehensive requirements for enhancing payment account data security) in transit fare collection systems may prove difficult. Payment track data including the primary account number (PAN) is the only data available on a contactless payment card. Transit fare collection systems would have to collect and store this data securely, which is not something transit fare collection systems do today. It is costly to build the systems and mechanisms such as data encryption to meet cardholder data protection standards.
Transaction Speed On-line authorization of 3 to 7 seconds is too long at turnstiles, and is questionable on buses (target 300 ms transaction time).
Negative balance: Because the issuer keeps track of account status and balance on prepaid and debit card accounts, the off-line solution will not have knowledge of account balances associated with such accounts. The only mechanism to stop the use of zero or negative balance cards is to first get a declined transaction (i.e. provide a free ride), and then to place the account on the negative list. The card may be denied access for subsequent uses once it is on the negative list of the transit agency.
Embodiments of the invention address the above problems, and other problems, individually and collectively.