Usability issues with cEMV mobile wallet applications on transit

by: Tim Littlefair

This article is a note about the challenges for transit businesses who accept cEMV payment at unattended terminals posed by the typical security requirements when the cEMV media presented is an wallet application on a mobile devices running iOS or Android.

Wallet applications include:

  • applications provided by the device operating system vendor

    • Apple Pay

    • Google Wallet (formerly Google Pay, which has been deprecated and will stop working in June 2024)

  • applications provided by the device manufacturer

    • Samsung Pay

  • applications provided or supported by financial institutions

    • Payconiq/Digicash (application associated with Bancontact, ING Bank, KBC Bank, Belfius operating in Belgian and Luxembourg markets)

The principal usability challenge discussed in this document will be the fact that payment applications on mobile devices usually require the user to present the mobile device to the payment terminal, then unlock the device using some form of biometric process (face or fingerprint recognition), then present again to confirm the payment. This process (especially where facial recognition is involved) can slow the flow of passengers paying at transit validation terminals where like gates, vehicle entries where congestion can become an issue.

Apple Pay

Express transit

List of PTAs where payment cards are accepted: https://support.apple.com/en-us/118625 Note that this list marks PTAs where Express Mode is accepted with an asterisk. The only listed PTA which does not have this marking is Singapore LTA, although Apple Pay can be used in many other transit systems even though Express mode (acceptance on first tap without prompting for biometric unlock) may not be supported.

https://support.apple.com/en-us/105079

https://support.apple.com/en-au/105123

https://register.apple.com/resources/docs/apple-pay/access/program-guide/requirements/

https://support.apple.com/en-au/guide/security/secbd55491ad/web

https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

https://github.com/kormax/apple-enhanced-contactless-polling

https://github.com/kormax/apple-vas

https://gist.github.com/gm3197/ad0959476346cef69b75ea0523214350

Google Wallet

https://developers.google.com/wallet/tickets/open-loop/get-started/overview

https://developers.google.com/wallet/tickets/open-loop/mobile-features/skip-device-unlock

https://developers.google.com/wallet/tickets/open-loop/intro-enhanced-functionality

https://support.google.com/pay/merchants/contact/interest_form_for_transit

Other Payment applications

TBD