Delivering trust: how Calypso is helping providers like HID Global boost security in mobile ticketing

Trusted identity and smart ticketing enabler HID Global works hand-in-hand with transport operators and authorities to evolve and digitise the smart ticketing experience in line with growing passenger expectations. I spoke to Cristiano Pardo, Senior Director of Mobility at HID Global, to learn more about its role in the ticketing community and how the organisation uses Calypso standards to help deliver its transport solutions

Tell us a little about yourself and HID Global 

As Senior Director of Mobility at HID Global, I work primarily in the ticketing sphere, helping to support the system integrators who create smart systems for Public Transport Operators (PTOs) and Public Transport Authorities (PTAs).

HID Global is a technology service provider that supports the integration of complex connected systems for public transport operators (PTOs) and authorities (PTAs). Over the years, we have developed numerous operating systems for smartcard solutions. Our focus is to aid the development of smart and secure solutions for the transport sector that facilitate growth. A large part of this is dedicated to supporting the widespread shift towards digitisation as consumer expectations for smartphone services continue to grow.

Cristiano Pardo, Senior Director of Mobility at HID Global

What mobile ticketing challenges is HID Global helping the industry to overcome?

We believe that PTOs should invest in mobile ticketing as part of the future of public transport. Given the global prevalence of smartphone users, mobile ticketing has significant potential, and it is the next logical step for passengers beyond physical ticketing.

As part of the m-ticketing transformation, we are seeing increasing use of QR Codes for ticketing. While this does offer basic mobile ticketing functionality, it is not, however, a long-term solution given the inherent security and ergonomic risks.

The biggest challenge is how to provide a mobile ticketing solution with the convenience and security of a smartcard. Consumers want this convenience without having to deal with fraud or the potential hacking of digital tickets hosted in smartphones. With this challenge in mind, we are working to advance m-ticketing technology in an innovative, flexible and scalable way. At HID Global, the basis of our ticketing solutions is microprocessors with cryptographic capabilities to provide a much more secure and stable foundation for ticketing.

R&D features heavily in our plans, including collaborations with Italian universities specialising in cryptography and hacking countermeasures for mobiles. We are also experimenting with Bluetooth Low Energy (BLE) technology to try and bring NFC-like capabilities to all smartphone users.

 

Tell us about how HID Global supports mobile ticketing?

In 2016, HID achieved the first Calypso certification for the SOMA Atlas™ OS. In 2017 we began developing a version of SOMA Atlas™ for the Android platform as part of our expansion strategy for mobile ticketing solutions. We adapted the root of a traditional microprocessor found in a smartcard for Android to create SOMA Atlas™ 4Digital, utilising HCE technology to create a secure digital ticketing solution. Field testing by PTOs found it offered the same transaction functionality in mobile as it did in a smartcard, and much quicker transactions times than QR Codes™ or EMV®-based solutions.

 

Why did you take part in the Calypso® HCE Security Certification (CHSC) scheme?

When creating an app, developers must be aware of all vulnerabilities and address any inherent security concerns, which is especially true with payment and ticketing solutions. To support providers in this space, certification and independent assessment is a vital asset, helping remove some of the risks and ensure the solution is developed on a solid foundation of trust by having “security by design”.

Through Calypso HCE and the CHSC scheme, CNA has set a security baseline for Android mobile solution providers, verified by an independent laboratory. So, even if PTOs and PTAs are not fully aware of the security complexities, there is peace of mind that the solution is secure thanks to the steps that providers have proactively taken. This is one of the reasons why HID was only too happy to get involved with the scheme.

Getting involved also provided the team at HID with invaluable experience as we gained a newfound appreciation of unconventional hacking approaches, timelines and mitigation techniques for mobile payment and ticketing solutions. I’d like to thank the Calypso team for their fantastic support throughout the CHSC process.

 

Why is open standard ticketing important to HID Global and what is next for the business in transport ticketing?

HID strongly believes in Calypso and the importance of open, community-led standards in advancing ticketing. By ensuring an open, competitive ecosystem supported by certification, user needs are embedded throughout the entire product cycle, much more so than with proprietary solutions.

SOMA Atlas™ 4Digital is available to be deployed and we expect at least two new mobile ticketing solutions to be announced with major European networks in the coming months. This will mean many thousands of passengers can take advantage of our solutions for a convenient and secure m-ticketing experience.

The mobility team of HID is already working on our next security improvement. Building off the work done through the CHSC scheme, we want to introduce machine learning technology to the anti-fraud module of our back-end. This would allow a solution to automatically detect and respond to potential security breaches in real-time based on an analysis of typical traveller behaviour.