Paris transit authority Île-de-France Mobilités is poised to roll out mobile ticketing with a digital version of its closed-loop Navigo card, using HCE technology on Android phones. In the past, IDFM had insisted on storing the card and its customers’ tickets and passes on secure elements. Bolstered security and a certification program by the Calypso Networks Association vendor group is believed to be convincing the transit agency to support HCE.
IDFM, formerly known as STIF, oversees the Paris Metro, buses, trains and trams within the region, delivering millions of trips per day. And while there haven’t been any high-profile hacks of Google’s HCE technology for retail or open- and closed-loop transit payments globally, the Paris transit authority apparently was not going to budge on its wait-and-see approach to HCE until it had more assurances of security.
• IDFM (Paris)
• CNA (Calypso)
Large Paris regional transit authority Île-de-France Mobilités is finally moving closer to supporting mobile ticketing on a range of Android phones using host-card emulation technology from Google, after having rejected the technology as not secure enough.
Île-de-France Mobilités, or IDFM, which oversees public transit in the Paris region and manages the Navigo fare-collection program, has been hesitant to support mobile ticketing on Android phones without NFC secure elements on which to store its ticketing applet and its customers’ tickets and daily, weekly and monthly passes. Unlike a number of other large transit authorities, IDFM has also been hesitant to support the pay-as-you-go fare model, so the tickets and passes stored on Navigo cards are prepaid. The authority does not support open-loop payments, either.
Apple’s iPhones, unlike most Android phones, do come with embedded secure chips, but IDFM does not have a deal with Apple to put a digital version of the Navigo card on the iPhone. Instead of secure elements, Android generally supports host-card emulation, or HCE, which enables card issuers, including banks and transit authorities and operators, to load digital versions of their cards in software on the devices.
This avoids the need to store the virtual cards in secure elements. The technology is used widely for Google Pay and with a growing number of transit agencies for their closed-loop fare cards, including those in Los Angeles, San Francisco, Washington, D.C., Chicago and Melbourne, Australia.
Support for HCE Imminent?
The vendor trade group that manages the fare card technology used on Navigo cards, the Calypso Networks Association, on Wednesday officially announced its HCE security certification program, which it pointed out is based on “robust mobile security programs set up by the banking sector.” That includes the software-based mobile-payment evaluation process from global payments specification organization EMVCo. This apparently has helped convince IDFM it could trust HCE.
Calypso in its release noted that IDFM was the first transit agency to have “requested” this HCE certification with Calypso for its vendors. The release also quoted an IDFM spokesperson as saying the Calypso security certification program would provide an “additional guarantee” of security for Navigo.
“We are looking forward, with this high level of security guaranteed by Calypso, to extend the dematerialization to all NFC Android phones,” IDFM said.
Spokespersons from IDFM did not immediately confirm to Mobility Payments that the agency would indeed go ahead and launch HCE-based mobile ticketing on Android phones.
But as Mobility Payments reported in July, both Calypso Networks and Wizway Solutions, the Paris-based joint venture that has implemented mobile ticketing in Strasbourg, Paris and some other cities using Calypso, told Mobility Payments that IDFM would indeed support HCE. According to Calypso Networks’ CEO Philippe Vappereau, speaking at the time, that support could come in “some months,” though he didn’t know exactly when.
Calypso HCE Specs Not New
The Calypso-HCE certification program is not brand new. In fact, the Calypso Networks Association said it launched a certification process for HCE applications last year. A spokeswoman for the association told Mobility Payments this week that the association only started setting up the program last year. It selected a certification body and lab to conduct the tests, as well as holding a pilot and tweaking the requirements.
“We are now able to confidently confirm the official launch of the program,” she said. “It is stable, scalable and open to all manufacturers who want to get the Calypso HCE security certificate.”
The program will certify that Calypso providers properly implement Calypso security specifications for HCE, including rotation of cryptographic keys in Calypso readers.
HID Global was the first vendor certified under the program. HID announced that certification in September, saying its phone software complies with Calypso specifications on how to protect ticketing data stored in the smartphone’s wallet, thereby helping transport operators to prevent tickets from being duplicated, transferred or altered. HID also supplies readers for transit validators, and these have been or likely will be certified, as well.
Not all transit agencies have waited for the certification program to be officially complete. Wizway in early June announced that CTS, the transit agency serving the French city of Strasbourg, made its NFC mobile-ticketing service available to users of nearly all Android phones. And Louis Brosse, head of Wizway, said in June that at least a couple of transit agencies serving large to mid-tier French cities already supported HCE.
Insisting on Secure Chips
But their ridership is small compared with IDFM, formerly known as STIF. It oversees the Paris Metro, buses, trains and trams within the region, delivering millions of trips per day. And while there haven’t been any high-profile hacks of Google’s HCE technology for retail or open- and closed-loop transit payments globally, the Paris transit authority apparently was not going to budge on its wait-and-see approach to HCE until it had more assurances of security.
IDFM had launched Navigo on NFC phones in the past, but only with secure elements. In 2019, it agreed to dematerialize Navigo on certain high-end and mid-tier Samsung models, after Samsung said it would support the Calypso application on embedded secure elements in these devices in France. IDFM only supported the mobile-ticketing service in its own app, Vianavigo, or apps of major French transit operators, not on Samsung Pay.
The only other NFC phones available for mobile ticketing in Paris were in those phones that could support NFC SIM cards, which can be used to store the Calypso application. The NFC SIM, however, is a dying technology, with few, if any, telcos still issuing the cards.
Apple Pay has been available in France since 2016, but does not support Navigo or any other fare card in the country in its Wallet for use with NFC-enabled iPhones and smartwatches.
Navigo users can buy tickets and passes with Apple Pay in an updated version of the Paris transit authority’s app released earlier this year. They then load the passes onto their Navigo cards by tapping them on the NFC interface on the back of their iPhones, using NFC reader mode. That ability to reload Calypso cards is also available on many Android phones.
© Mobility Payments and Forthwrite Media. Mobility Payments content is for individual use and cannot be copied or distributed without the express permission of the publisher.