Plans for wave-pay Tube tickets don't convince pols

'100% safe' claim shows Transport chiefs have no idea


Many passengers are concerned about the data security and safety aspect of Transport for London's (TfL's) plans to introduce contactless ticketing, and the project may not deliver the financial savings expected, the London assembly's transport committee has concluded.

In a report titled, The Future of Ticketing, the committee says the results of a survey it carried out in conjunction with consumer firm Which? showed that passengers were concerned about the safety of their data.

Will Judge, head of future ticketing at TfL, had told the committee in an evidence session in September that the contactless cards would be "100% safe" and that fraudsters would not be able to extract confidential information from a person's contactless bank card or other compatible technology as the type of data held on such cards will be restricted. In its report, the committee says that despite this, negative perceptions of this technology might still be a barrier to the take up of the new scheme.

The committee also warns that wave and pay ticketing must be fair to all passengers and not disadvantage those who choose to stick to Oyster cards. It says that while some passengers may welcome using a contactless bank card to pay for travel, the one in five people who do not have a credit or debit card could miss out on cheaper fares offered on the contactless system.

Caroline Pidgeon, chair of the transport committee, said: "It's only right that Transport for London is looking to new technologies to enhance its ticketing offer, but many passengers are sceptical about using bank cards as tickets, and others simply won't be able to.

"If contactless payment is to prove successful we would expect to see a far more detailed and compelling case for its introduction. Most importantly, we want guarantees that all passengers will continue to have access to the cheapest fares no matter what type of ticket they use."

The report recommends five key principles that TfL should adopt to maintain passengers' trust and ensure its ticketing policy is fair and flexible:

  • Any new ticketing system must provide the highest possible security for passengers' personal information.
  • Passengers should be supported to use any new system by trained staff and an adequately staffed customer service centre.
  • Passengers should have access to detailed break-downs of their transport expenditure, and information provided to TfL should be kept confidential unless otherwise agreed to by customers.
  • Those on low incomes should not miss out on the lowest fares because they do not have a bank card.
  • Any new ticketing system should, as far as possible, be compatible with those provided by other transport operators.

Commenting on TfL's savings expectations through the new technology, the committee says it is unconvinced that London's transport authority will make a substantial return on the £75m it is planning to spend on the early phase of the project. The committee wants to see more details on the wider implications of the adoption of contactless cards, including how staffing at TfL could be affected, and the potential lost revenue for the 4,000 small retailers that sell Oyster top-ups. TfL will be expected to report back to the committee by September 2012 on all the issues raised in the report.

TfL announced plans to introduce contactless technology in October last year, the first phase of which will be implemented next spring on buses. The scheme will give passengers with contactless-enabled Eurocard, Mastercard or Visa cards the ability to pay using existing Oyster card readers. This payment option will be extended to the tube, London Overground, Docklands Light Railway, tram and National Rail services in London later in 2012.

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • If you're using the ctx Python package, bad news: Vandal added info-stealing code
    Domain associated with maintainer email expired, taken over in supply-chain attack

    The Python Package Index (PyPI), a repository for Python software libraries, has advised Python developers that the ctx package has been compromised.

    Any installation of the software in the past ten days should be investigated to determine whether sensitive account identifiers stored in environment variables, such as cloud access keys, have been stolen.

    The PyPI administrators estimate that about 27,000 malicious copies of ctx were downloaded from the registry since the rogue versions of ctx first appeared, starting around 19:18 UTC on May 14, 2022.

    Continue reading
  • DigitalOcean sets sail for serverless seas with Functions feature
    Might be something for those who find AWS, Azure, GCP overly complex

    DigitalOcean dipped its toes in the serverless seas Tuesday with the launch of a Functions service it's positioning as a developer-friendly alternative to Amazon Web Services Lambda, Microsoft Azure Functions, and Google Cloud Functions.

    The platform enables developers to deploy blocks or snippets of code without concern for the underlying infrastructure, hence the name serverless. However, according to DigitalOcean Chief Product Officer Gabe Monroy, most serverless platforms are challenging to use and require developers to rewrite their apps for the new architecture. The ultimate goal being to structure, or restructure, an application into bits of code that only run when events occur, without having to provision servers and stand up and leave running a full stack.

    "Competing solutions are not doing a great job at meeting developers where they are with workloads that are already running today," Monroy told The Register.

    Continue reading
  • Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
    Google Project Zero blows lid off bug involving that old chestnut: XML parsing

    Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device.

    The bug, tracked as CVE-2022-22787, received a CVSS severity score of 5.9 out of 10, making it a medium-severity vulnerability. It affects Zoom Client for Meetings running on Android, iOS, Linux, macOS and Windows systems before version 5.10.0, and users should download the latest version of the software to protect against this arbitrary remote-code-execution vulnerability.

    The upshot is that someone who can send you chat messages could cause your vulnerable Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server. Exploiting this is a bit involved, so crooks may not jump on it, but you should still update your app.

    Continue reading

Biting the hand that feeds IT © 1998–2022