Masabi build mobile applications

Award winning and certified security

Ticket sales and delivery from mobile

Projects:

Rail Settlement Plan

Consultancy supporting the standards

work on self-print and mobile barcodes

mobile tickets for

Business Rail ticket sales

ticket sales from

mobile (’07 – ‘08)

Contactless RF

Smart-Card ITSO, Oyster, Mi-Fare

NFC Phones

Barcodes

Self-print

Mobile

Dependant on scanning hardware

Soft rollout option with visual inspection

Avoid up-front cap-ex on full barcode scanner rollout

Visually inspect at launch

Staff report barcode ticket usage levels each week

Occasional SMS or scan checks

Staged scanner rollout for routes with significant adoption

(Can add

an animated

watermark to aid

visual inspection)

Oyster for London

Price incentives drive public uptake

Single Fare: Paper £4; Oyster £1.60

Massive capital expenditure before launch

Resistance from overland rail to accept same fees

National Smartcard Questions:▪ Will tickets be as heavily discounted?

▪ Will it be as widely adopted by public?

▪ How long will it take to recoup Cap-Ex?

RSPS3001 Approved in December 2008 as the UK standard

for self print and mobile barcode rail ticketing

Share self-print and mobile barcodes between TOCs, TIS and 3rd party retailers

Public and open security

Based on PKI, standard SSL certificates

Optional ITSO seal, but not required

Decentralised system - robust

Cheap to implement and use

ITSO and Oyster are Symmetric=Same Keys

PKI is Asymmetric=Different Keys

Private key

to create

ticket

Private key to

check ticket

(some risk from

key theft)

Private key to create

ticket

(safe on TIS server)

Public Key to

check ticket

(no risk from

key theft)

Traceability, and no security risk from theft of scanning devices

If private keys are leaked, only the vendor that loses the keys is affected

3rd parties and other EPOS vendors can take part, even taxis and coffee shops can scan and validate cross-sale tickets or entitlements

More free space for single TOC products and extra entitlements

“Includes free cup of Costa Coffee and 2 Adults entry to Alton Towers”

ITSO Seals included, but optional

Allows non-ITSO and ITSO enabled TOC’s to inter-operate

Any barcode scanner, online or off-line, must support: 2D Aztec with CCD imager

Handheld

Small basic scanners for door staff

Advanced PDA based scanners for service staff

Bluetooth scanner upgrade for Avantix Mobile 2

Cash Register/EPOS Scanners

Connect via USB or as “keyboard wedge” in between keyboard and EPOS like a normal scanner

Fixed Scanners for gates or check-outs

Retro-fit to existing gates, user places phone on rubber face to scan

Or built in at manufacture by gate supplier

Retro-fit Fixed / gate scanner

EPOS Scanner

Basic Advanced

Bluetooth

Offline validation from software

Add to existing EPOS or gate systems

No mobile databases required

No synchronisation of valid tickets from one TOC to another (too much data, too unreliable)

Walk-up tickets

Isn’t it easy to photocopy a self-print paper ticket?

What if a bunch of clever people figure out how to copy mobile tickets?

What if one user copies a ticket, gets onto an off-line train, and his friend gets onto a second off-line train?

Scanners only accept first seen barcode

On-line scanners can check for previous scans at other locations

Off-line scanners submit scan records back to ticket issuer for post-processing

Post processing identifies dual use, and blocks future purchases from the same credit card until fine paid, limiting fraud

Only 12% of rail tickets sold on the internet – most bought at station

Over 2/3 of mobile users never complete their sign-up if it’s on the web

So: Sign up the users when they need it

in a queue

in a hurry

next to a broken ticket machine

WAP / xHTML

Browser based, like on the web

No javascript or Ajax on ~90% of mobiles

Application

Installed on the phone

Dedicated, customised

Still useful without a continuous data connection

Optimised data entry Faster responses

Catch mistakes quicker

SMS failover from GPRS Avoid settings, reception &

roaming problems

Cheaper + faster for the user Send only the data

Flat rate data is still not common

Early WAP:

WTLS – not true security

New WAP2

Vodafone breaks HTTPS, breaks PCI

Merchant’s policy decision on acceptable level of security

Most agree that credit card sign-up should not happen over broken WTLS or HTTPS

Results in sign-up on WEB only, like Trainline

No sign-up process

no usernames

no passwords

Mostly off-line interface, SMS backup

Fast repeated regular purchases

Auto-show tickets, full screen barcodes

Payments straight from phone No need for explicit sign-up or passwords Just type CVV again for future purchases

All user data entry and validation performed off-line by application

Secure SMS for users without data settings or with poor reception

New user can sign-up and pay in just one SMS

95% of trial users said:“better than the IVR system we used until now”

Buy anywhere No paper, no queues - barcode tickets Tunnels aren’t showstoppers!

Auto-detects SMS or GPRS 1-2 SMS per ticket Doubles the consumer uptake by removing Data issues

Quick repeat tickets Customer loyalty and lock-in

Chiltern Railways with YourRail

Trial user feedback: “Better than the web!”

Two snags against mass-adoption of the existing SMS/MMS tickets

1. User delay in finding ticket before gatecustomers manually searching the phone’s lists of messages/images to find today’s ticket

2. Some phones don’t scan successfullyGuards simply don’t scan certain phones, and customers know the gates won’t let them through without manual intervention

Answer: application auto-shows today’s ticket

Answer: application displays full-screen Aztec for scanner

Instant sign-up from the queue

Give everyone a personal ticket machine

Soft rollout to avoid cap-ex

Customer behaviour tracking and targeted SMS offers

Cross-sales to raise margins

SMS “Tickets” to 89080

Auto-Install SMS

XML WebService Requests

Purchase Request and Payment Details(sent by encrypted SMS or Data from the mobile application)

Success message with content, ticket or code

Retailer Web Services

Masabi Proxy(can be hosted by

retailer)

1

2

3

4

5

Optimise for the regular use cases

Make them fast and obvious

Allow advanced search for users that choose it

Dynamic interface can expand options

Enable goal seeking for

▪ Cheapest Advanced tickets, with maximum date/time range

▪ Off-peak services

▪ Advanced/non advanced

Full-Screen Barcode Display on Mobile

Size = speed and reliability of scanning

More reliable than SMS, MMS or WAP delivered barcodes

Off-line Scanning

Allows for total loss of site WiFi / Internet connectivity or loss of the central ticket server

Secure Barcodes

PKI barcode signatures prevent modification of tickets by criminals

Public Key Validation allows any 3rd party vendor or EPOS till integrator to scan and check tickets