Why certification and compliance are crucial for every part of your ticketing system

When purchasing a new tram, train, bus or indeed any other public transport vehicle, public transport operators and authorities (PTOs and PTAs) must have proof that the entire unit has undergone a series of tests to verify its structural integrity, safety and functional reliability.

So, why don’t we do the same due diligence for ticketing?

Checking each individual ticket and reader wouldn’t be practical, but operators and authorities must demand assurances that what they are purchasing is both functional, reliable and secure. If a ticketing system fails, it can result in widespread delays, safety risks and a complete breakdown in user trust. If personal information or payment data is lost, the damage can be even worse. This is why PTOs and PTAs must take an active role and ensure every aspect of their ticketing system meets clearly defined requirements for certification and compliance. 

Certification is a crucial asset that provides formal recognition from an independent body that a product will meet defined requirements for performance, security and reliability. Compliance plays an equally important role in facilitating smooth connections and cooperation between clients, partners and authorities, by ensuring all parties are respecting agreed standards, verified either through self-declarations or external auditing.

Just as every operator and authority requires vehicle manufacturers to provide proof that their products have met required levels before purchase, the same due diligence should be applied to your ticketing solutions. Requesting verification of certification and compliance should be a routine part of every procurement process.

Seamless mobility that simply works

Every day, millions upon millions of people depend on public transport for their mobility; be it for commuting to work, visiting loved ones, attending appointments or exploring new places. Depending on the size of the network, such journeys may require navigating multiple different modes of transport. In other words: interoperability is essential.

Certification provides trust that a ticketing solution will work consistently within a harmonised network. Compliance frameworks reinforce this by ensuring that each component respects the required technical layers, even where no formal certification programme yet exists, as is the case for certain terminal components. It means a single travel card or digital ticket can be used – and trusted – across multiple modes, operators and regions, enabling a simple, economical and convenient user experience.

It also provides assurance to both the network and each individual user that the ticket will work consistently every time. In an ecosystem where volume and passenger throughput are so important, networks can depend on certified tickets and compliant terminals to process thousands of transactions with the same high quality, allowing passengers to conduct their journey seamlessly and with confidence. No undue delay or stress caused by ticketing failures; just a system that works.

Security by design. Certification and compliance as standard

Artificial intelligence (AI) is changing the threat landscape and contributing to a rising tide of ticketing fraud. Networks must deal with this risk. 

Sensitive data on passenger movements and payments must be protected – especially as, in the event of a security breach, it is ultimately the network that is held accountable. Taking all necessary steps to mitigate risk is essential. 

Certification is one of the most important weapons in this fight. It allows for secure-by-design products, tested to meet the demands of the most up-to-date security standards, based on the collective experience of the leading minds in the industry. 

Certification guarantees that any data transferred in a transaction is encrypted and secure to state-of-the-art standards. In turn, this reduces exposure to risks such as counterfeit tickets and exposed back-end systems, providing a baseline of trust to passengers that their data is secure.

Compliance also contributes significantly to security, by ensuring terminals and other system components respect agreed standards. Even in the absence of a formal certification programme, compliance provides a vital resource for networks to help mitigate their operational, legal and reputational liabilities.  

Own Your Ticketing

When all parts of a ticketing system are certified or compliant to open standards, it enables a system stronger than the sum of its parts, regardless of individual suppliers. This means that certified systems based on open standards are inherently interoperable, scalable and upgradeable. They can integrate new technologies as and when the operator or authority chooses to do so, rather than when forced to do so by a vendor, and without needing to completely rebuild core infrastructure.

In this way, operators and authorities can truly master their ticketing offer. By choosing certified solutions for cards, and ensuring all terminals are compliant with trusted standards, authorities ensure that future upgrades, extensions, or migrations can be carried out without dependency on a single supplier. This gives crucial flexibility in a ticketing market that is defined by constant innovation, enfranchising networks to create a comprehensive ticketing offer that can continually evolve alongside the needs of users for years to come.

A shared commitment to passengers

Open, secure and interoperable ticketing systems empower PTOs and PTAs to deliver value to the passengers that they serve. Weaving this intricate ticketing tapestry is no small feat, but the transparency that certification and compliance provides means that networks and suppliers become trusted partners, collaborating to build seamless, secure and scalable solutions.

If a supplier is unable to provide evidence of independent certification or demonstrate compliance with required technical layers, they must be asked “why not?”. While it may seem tempting to opt for a short-term fix, it may lead to serious consequences if you sacrifice control to a proprietary supplier that boasts of certification but which – when you look under the hood – only has part of their offer certified or compliant.

The Calypso Certification Program

Within the Calypso Standard, certification processes are structured around multiple layers. For cards, this includes functional, security and RF certification. Terminals can also undergo RF certification. 

To ensure the proper implementation of the Calypso and Reader layers, we have defined a clear compliance program, available here.