Auckland Transport: Hop & Snapper. Whats the real issue

Forums › Transport (cars, bikes and boats) › Auckland Transport: Hop & Snapper. Whats the real issue

1 | ... | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15

4089 posts

Uber Geek
+1 received by user: 1684

ID Verified

Trusted

#678528 29-Aug-2012 00:13

nzgeek: Just because they get that data, it doesn't mean they use it for nefarious purposes. Any company that handles financial data (e.g. banks, payment processors) have to meet Payment Card Industry compliance standards, otherwise they risk facing huge fines or having their accounts all but shut off. These standards cover the storage, security and dissemination of payment data. Basically, if they try mining your data, they're in deep excrement.

KSCC shouldn't be any less safe than a local bank. And if you knew how much of your purchase information was available to your bank...

This is not true. PCI DSS is only applicable to facilities connected to the 5 Credit Card Issuer networks (Visa, MasterCard, Discover, American Express, or JCB). KSCC as the issuer of their own brand of payment card unconnected to the global credit card processing networks is not bound to the PCI Security Standards Council.

And I'm well aware of how much purchase information my bank has - it's fairly obvious they'd have it as a result of processing the transaction.

ajobbins

5053 posts

Uber Geek
+1 received by user: 1280

Trusted

#678530 29-Aug-2012 00:30

Kyanar: Oooh, that does sound neat. Would be awesome if we eventually saw it on other carriers, though I guess we won't see it on Telecom anytime soon since they've gotten in bed with the Thales solution (although they have Westpac on board too, so it's likely that it will be usable as a credit card as well).

You will likely never see this with the Thales solution. It's been specifically set up to be a transport payment card and nothing more. Anything more than a plastic card that lets you pay for public transport AT have categorically said they do not want (as is my understanding).

The problem there is that Snapper is under no obligation to tell us how the data is protected, or what they do with it, and what KSCC does with it. And although you say lots of data is processed overseas, I don't think it's as common as you think. And in terms of government, it almost never happens (usually because they aren't allowed). And very rarely is it something as sensitive as the physical movements of an entire city or country's public transport system (plus a large amount of retail transaction information). This is stuff I'd want to see stay within New Zealand's borders so that it remains subject to our privacy controls.

Are Thales? Do you categorically know how that data is being processed? Also, that's up to the Transport authorities to worry about. They will be making sure that there are data protection mechanisms in place with vendors regardless of if it is Snapper or Thales.

'I don't think it's as common as you think' - Trust me - It's worse than you think. I've been working in IT in Australia and NZ for a number of years now, mostly with financial services orgs - This sort of stuff happens all day every day.

Well, "working" by various stretches of the term. I don't know about Wellington, but in Auckland you're more likely to hear "please try again" when swiping a Snapper than for the card to tag. Random fare overcharging due to system errors is still rampant, and penalty fares are frequently a certainty even if you do tag off. Visual cards are still the fastest possible method of boarding. Using a plastic monthly discovery pass, I can board and sit down in the time it takes two Snapper/HOP users to board. I just walk past the driver and display the card, the driver taps a button on their console, done.

Every system has it's issues. Myki here in Melbourne is similar with the tag on/off issues and the AT Hop card will be no different. It's very similar technology. Just you wait. There will be PLENTY of issues with the AT Hop card in Auckland - You just haven't seem them yet because the Thales solution hasn't been installed on a single bus, train or ferry yet. Mark my words - there will be months or years of issues and teething problems. I'm not aware of any NFC solution implemented anywhere in the world that hasn't had teething problems. I also never had the issues you seem to have with Snapper Hop in Auckland. Was equally as fast as flashing my Northern Pass at the driver.

Twitter: ajobbins

nzgeek

619 posts

Ultimate Geek
+1 received by user: 52

#678531 29-Aug-2012 00:32

Kyanar:
nzgeek: Just because they get that data, it doesn't mean they use it for nefarious purposes. Any company that handles financial data (e.g. banks, payment processors) have to meet Payment Card Industry compliance standards, otherwise they risk facing huge fines or having their accounts all but shut off. These standards cover the storage, security and dissemination of payment data. Basically, if they try mining your data, they're in deep excrement.

This is not true. PCI DSS is only applicable to facilities connected to the 5 Credit Card Issuer networks (Visa, MasterCard, Discover, American Express, or JCB). KSCC as the issuer of their own brand of payment card unconnected to the global credit card processing networks is not bound to the PCI Security Standards Council.

My apologies, you are correct, assuming that KSCC don't process MasterCard, Visa or JCB payments in their home country. If they do, their systems will be covered by PCI DSS.

Even if they're strictly bound by it, it's still good industry practice. And when you consider how close China's hackers are, you'd hope that protecting financial systems (even from their own staff) would be a top priority.

jonb

1799 posts

Uber Geek
+1 received by user: 545

Trusted

#678594 29-Aug-2012 09:17

There's a 'HOP Integration Specialist' job now being advertised: http://careers.aucklandtransport.govt.nz/jobdetails?ajid=xUQ58

sbiddle

30853 posts

Uber Geek
+1 received by user: 9998

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#678602 29-Aug-2012 09:25

It appears Parkeon (who were supplying terminals to all the non NZ Bus buses) have also been dumped from the project. Can anybody confirm this?

nigelj

856 posts

Ultimate Geek
+1 received by user: 125

#678610 29-Aug-2012 09:57

sbiddle: It appears Parkeon (who were supplying terminals to all the non NZ Bus buses) have also been dumped from the project. Can anybody confirm this?

I mentioned that in an earlier post (2-3 pages ago) and seems to be confirmed in various transport forums (by people that seem to be pretty reliable with information like this), and by the media (although indirectly) as it's been stated publicly a few times now, that the 10million dollar Thales contract is for every bus in Auckland, that said, as I also said then, Parkeon's Go Live date was (as I recall) already scheduled for around April 2013 anyway.

HP

Shop now for HP laptops and other devices (affiliate link).

old3eyes

9170 posts

Uber Geek
+1 received by user: 1369

Subscriber

#678694 29-Aug-2012 12:45

freitasm:
Kyanar: Yes, the Snapper system is centralised - in South Korea. It's slightly concerning that all this information is hosted way offshore, by a company not accountable to Auckland, or New Zealand for that matter, owned by a foreign local government. If AT or NZTA set up a system, the operation of that system is accountable to us, and we have ways of making sure it is used only for the purposes for which it was implemented (Official Information Act, our local MP, etc). but while Snapper runs it, we have zero idea what KSCC is doing with that data, what Snapper is doing with that data, because as private companies they don't answer to us - and one of them is even outside our legal jurisdiction. And non-LG Snapper phones? Forget it. KSCC is 30% owned by LG.

With this alone you have lost all the credibility you had left on this topic, at least in my eyes. The first non-LG Snapper phone was the Samsung Galaxy SIII. And Monday Huawei announced the Ascend Y201 which is also a Touch2Pay handset - I have received one today and used with Snapper already.

And Snapper is 100% owned by Infratil. Not by KSCC.

It's becoming clear this is a case of "not made in Auckland" again, as I said before.

It's sounds more of a case of "What's good for Wellington is good for the world"

Regards,

Old3eyes

oxnsox

1923 posts

Uber Geek
+1 received by user: 138

#678695 29-Aug-2012 12:45

Kyanar:
nzgeek: Just because they get that data, it doesn't mean they use it for nefarious purposes. Any company that handles financial data (e.g. banks, payment processors) have to meet Payment Card Industry compliance standards, otherwise they risk facing huge fines or having their accounts all but shut off. These standards cover the storage, security and dissemination of payment data. Basically, if they try mining your data, they're in deep excrement.

KSCC shouldn't be any less safe than a local bank. And if you knew how much of your purchase information was available to your bank...

This is not true. PCI DSS is only applicable to facilities connected to the 5 Credit Card Issuer networks (Visa, MasterCard, Discover, American Express, or JCB). KSCC as the issuer of their own brand of payment card unconnected to the global credit card processing networks is not bound to the PCI Security Standards Council.

And I'm well aware of how much purchase information my bank has - it's fairly obvious they'd have it as a result of processing the transaction.

Whilst I can understand that you have concerns, I really can't understand why.

Firstly it's a pre-pay based system, so the provider only knows you by a number and a variable (but small) account balance. Credit and Eftpos cards would surely present a higher risk as they access larger amounts, can be used (mostly) globally, and you could expose yourself (ultimately) to identity theft or fraud.

Secondly, right now your Telco (whether you're prepay or on-account) has much more information available to them, including (but not limited too) your real-time whereabouts. Oh and they've probably got the same (or more) personal data on you as well. And how many of them are actually locally owned.

Regrettably we all signed away our personal space when we got credit-cards and cellphones. It's only now that it's becoming a little more obvious

ajobbins

5053 posts

Uber Geek
+1 received by user: 1280

Trusted

#678719 29-Aug-2012 13:37

Yes, I would be more worried about what the Vodafone group holds about it's users offshore than what Snapper might.

The data that they do have is of little use to anybody outside of the direct industry - who are all supposed to be part of the program anyway.

Twitter: ajobbins

Linuxluver

5833 posts

Uber Geek
+1 received by user: 1639

Trusted

Subscriber

#678724 29-Aug-2012 13:40

Kyanar:
ajobbins:
knoydart: My understanding was NZTA was running the back system so regions round the country could all use the same back office system. In a country where people travel between at least the major centres very often, having the ability to roam so to speak is a no brainer.

My understanding is that the deal that ARTA signed with Thales specifically designs against this model by segregating clearing houses between regions. The Snapper system on the other hand is centralised and would allow for this (Assuming they can make the commercials work).

Yes, the Snapper system is centralised - in South Korea. It's slightly concerning that all this information is hosted way offshore, by a company not accountable to Auckland, or New Zealand for that matter, owned by a foreign local government. If AT or NZTA set up a system, the operation of that system is accountable to us, and we have ways of making sure it is used only for the purposes for which it was implemented (Official Information Act, our local MP, etc). but while Snapper runs it, we have zero idea what KSCC is doing with that data, what Snapper is doing with that data, because as private companies they don't answer to us - and one of them is even outside our legal jurisdiction. And non-LG Snapper phones? Forget it. KSCC is 30% owned by LG.

The EU has a law that databases of EU citizens can't be held outside the EU. This has caused us issues in our software testing in Auckland where we had habitually used databases supplied by customers in the EU. Now, to comply with the law, we must do testing by RDP / remote session into systems physically located in Europe.

NZ is far too slack in such matters.....in SO MANY such matters.

_____________________________________________________________________

I've been on Geekzone over 16 years..... Time flies....

mckenndk

914 posts

Ultimate Geek
+1 received by user: 35

#678770 29-Aug-2012 14:47

It's sounds more of a case of "What's good for Wellington is good for the world"

I don't believe its even good for wellington, after using systems over seas and coming back to that it felt like a very antaquated system and still does with no online topup options with out having their accessories or a compatiable phone to do so.

I see they have a pass option on the snapper app so does this mean you can load monthly passes onto it now?

I would support Snapper if they had all the featuers that card systems I have expirenced overseas have but after 5 years they still have not caught up.
I just believe as they have not got local compition they have no need to put the featuers in as they have no one locally to look up to.

Dion

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

ajobbins

5053 posts

Uber Geek
+1 received by user: 1280

Trusted

#678803 29-Aug-2012 15:37

Online top up presents interesting challenges for these types of cards due to the fact the value is stored on the card itself, and transactions are actually performed 'offline', not checked against a remote server in real time like say EFTPOS. Essentially the access points need to be aware there is a top up to load onto the card before it 'tags' you on.

Here in Melbourne you can make an online top up but it takes approx 24 hours to become available, because it have to be sent out to all of the Myki access points - many of which do not have a real time data connection. Not very handy if you need to top up in a hurry.

This will become a lesser problem in the future as the technology for mobile data becomes cheaper and better, but until then, doing online top up is slow, unreliable and comes at a huge cost.

Auckland and Wellington are heavy on buses for public transport. It's buses that are the hardest, as the readers tend to be on the buses themselves which makes them mobile. Trains are more common in many places and it's easier to have readers (Often on station floors or on barriers) online as they don't move.

Myki has been in Melbourne now for 5 years and in my opinion (Having used both extensively), Wellington has a much more robust and reliable solution in place than Melbourne.

In both places (as well as in Auckland) BY FAR the biggest problem with them was that people don't know how to hold their card to tag on and off. Wellingtonians have got the best grasp on this. Aucklanders and Melbournians have no clue, despite extensive campaigns to show people to hold the card still against the reader under the tag on is validated - people still insist on waiving their card around the reader like they are Harry Potter casting a spell. I've seen people do this and then have an actual tantrum in a train station when the card wouldn't tag on.

Twitter: ajobbins

keewee01

1743 posts

Uber Geek
+1 received by user: 204

Trusted

#678815 29-Aug-2012 15:57

ajobbins: Online top up presents interesting challenges for these types of cards due to the fact the value is stored on the card itself, and transactions are actually performed 'offline', not checked against a remote server in real time like say EFTPOS. Essentially the access points need to be aware there is a top up to load onto the card before it 'tags' you on.

Here in Melbourne you can make an online top up but it takes approx 24 hours to become available, because it have to be sent out to all of the Myki access points - many of which do not have a real time data connection. Not very handy if you need to top up in a hurry.

This will become a lesser problem in the future as the technology for mobile data becomes cheaper and better, but until then, doing online top up is slow, unreliable and comes at a huge cost.

Auckland and Wellington are heavy on buses for public transport. It's buses that are the hardest, as the readers tend to be on the buses themselves which makes them mobile. Trains are more common in many places and it's easier to have readers (Often on station floors or on barriers) online as they don't move.

Myki has been in Melbourne now for 5 years and in my opinion (Having used both extensively), Wellington has a much more robust and reliable solution in place than Melbourne.

In both places (as well as in Auckland) BY FAR the biggest problem with them was that people don't know how to hold their card to tag on and off. Wellingtonians have got the best grasp on this. Aucklanders and Melbournians have no clue, despite extensive campaigns to show people to hold the card still against the reader under the tag on is validated - people still insist on waiving their card around the reader like they are Harry Potter casting a spell. I've seen people do this and then have an actual tantrum in a train station when the card wouldn't tag on.

I had to laugh at this comment - very funny. NZBussius ascendo

sbiddle

30853 posts

Uber Geek
+1 received by user: 9998

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#678852 29-Aug-2012 17:10

Online topups are a challenge. There apparently isn't any live ticketing system anywhere in the world that offers online topup where the balance will be instantly available across all transport mediums.

Because of the backhaul requirements systems such as Oyster can only update an online payment when you enter a tube or DLR station. They can't be topped up from buses, so if you're doing an online topup you need to ensure your first journey is on the tube or DLR. If you're travelling on a bus you're out of luck.

It's also worth noting that the topup process can also add signifcantly to the transaction processing time. On a bus a few hundred ms extra would be very noticeable and would run the real risk of increasing the boarding times significantly.

Kyanar

4089 posts

Uber Geek
+1 received by user: 1684

ID Verified

Trusted

#678894 29-Aug-2012 18:35

sbiddle:
It's also worth noting that the topup process can also add signifcantly to the transaction processing time. On a bus a few hundred ms extra would be very noticeable and would run the real risk of increasing the boarding times significantly.

I can't see how you could increase the boarding times significantly... Snapper already takes an entire second to validate which in computer terms is an eon or two. The readers connected to the Paymark network are actually faster - and they have to talk to Korea. Every Link bus already has Wifi and backhaul, so they are theoretically already capable of doing online topup and validation. Even gradually rolling that out as a solution would be better than the current system where you either have to go to a dairy and pay a topup fee, or buy a $40 dongle from Snapper if you're on NZ Bus, or online topup with every other electronic enabled fleet.

1 | ... | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15