Search ThisCrazyTrain.com

Tuesday, January 27, 2015

My phone and my PRESTO card were talking to each other last night

I keep my PRESTO card in the cardholder slot of my phone case. Last night, while standing in the kitchen, I slapped my phone case shut and it made a blip sound. I opened the case and looked at the phone, expecting some kind of notification. Seeing nothing, I shut it. It blipped again.

I have a Samsung Galaxy Note 3. I figured it had to be some kind of notification so I started scrolling to the settings and apps to see what this sound was for. Giving up, I shut the phone and it blipped.

I took all the cards out of the holder - a debit card, a credit card and the PRESTO card. As I held the PRESTO card against the phone to remove the other two cards, the phone blipped. I waved the PRESTO card over the phone again - blip!

This had me very intrigued, so I googled it. Turns out at some point I had turned on the NFC setting on my phone. This turns the phone into a payment device. 

How cool is that? I have no idea what to do with it. I'm guessing this is to support the future of how we will pay for things - using our phones. 

I haven't been paying much attention to the bank ads where apparently you can use your phone as a debit card, but I downloaded the TD app and I don't have the right SIM card to support this. 

So I'm wondering when we will be able to ditch the PRESTO card and just tap with our phones. It appears the technology is there.

16 comments:

just some nerd said...

This is what the TTC had been investigating. If this had been developed and implemented, all you would need is a phone that is compatible and an app to support it (with your bank). But we're so many years away from this and it doesn't eliminate other forms of payment as not everyone carries a phone that supports NFC. But it is possible. I hope to see it one day that I can use my phone as a bus pass.

C.J. Smith said...

Me too!

And do away with all these cards, especially point cards ... air miles, optimum, aeroplan, costco, hbc - they should all be apps.

Anonymous said...

Hong Kong's Octopus Card system has this ability. Of course, instead of simply buying that perfected technology, Metrolinx and Prestocard will pay a consultant 10x the cost to develop a flawed system here.

outburst said...

There's a couple amateur Presto lookup apps in the app store that work. You login once and it will be able to look up your balance with a tap of the card. They work fairly well for the most part.
The best part is they make that Presto tapping sound without taking any money from your account.

Bicky said...

As long as your phone didn't steal from your Presto card, you're good.

Unknown said...

Your Presto card, like your credit cards, uses an ISO standard 13.56 MHz RFID technology. If you have a PayPass/PayWave card, you can tap it against your phone and it should produce the same response.

Unfortunately, implementing something like Presto on a mobile device is much more difficult than a credit card for three reasons: security, compatibility and synchronization.

Security

Basic RFID cards (Prox, for example) just spit out a unique string. Cards like MIFARE Classic allow near-instant reading and writing to the card, but still retain their unique serial number.

The Presto card goes one step further, and runs a (surprisingly complex) processor that accelerates cryptographic operations; these cards are MIFARE DESFire (DES standing for Data Encryption Standard, which is a misnomer because some Presto cards actually uses AES). This means that each file on the card is protected by one or more keys, required to read or change the card's data.

If - as some people are suggesting - one's phone was able to update their Presto card, the keys would have to be distributed with the app. If somebody was to discover this key (which is not difficult to do, see Snapchat), they would essentially be allowed free reign over the card, and could process false transactions, etc.

Compatibility

The iOS NFC API has not been exposed to developers; this makes an iOS app a non-starter. Android 4.4 has enabled card emulation in the NFC API, but DESFire isn't standards-compliant. Any support of NFC-based Presto usage would almost certainly require a firmware update for the Presto readers. Can you imagine all the hours of development and QA work involved? I'd rather stick with what we've got than face another fare increase.

Synchronization

Presto is a decentralized system; the fare payment devices update periodically. Having to tap your Presto card against your phone to synchronize them would eliminate the benefit of NFC. The credit card companies overcame this by issuing tokens instead of the actual card number; the tokens can be issued and revoked arbitrarily with no effect on the card itself.

Of course, credit card processing is online; the credit card terminal authorizes the payment immediately. This is simply not possible without a huge infrastructure change to the entire Presto system. There's a reason some other cities have not done this: it becomes prohibitively expensive and opens a whole new can of worms.

It's worth noting at this point that there's a convenience issue to this as well: what if your phone's battery dies during a trip? What if you have to factory reset it? What if you accidentally wipe the secure credential store, or if you delete the Presto app? Your card goes into underpayment (or disappears entirely), and I don't need to explain the kind of pain that causes.

--

To conclude this novel of a comment, it would certainly be possible to use NFC for payments, but the current technological restrictions make it unfeasible at the present time. I hear and see complaints all the time of having to wait for cards to load, but it's a necessary evil of the decentralized system. It's even worse in London: you have to nominate a station to have your load/refund processed at; that information doesn't propagate through the Oyster network.

While I'm hopeful for the future, I certainly don't want my tax dollars being spent to solve these problems unnecessarily. Sure, it would be nice not to have to carry a Presto card, but have we eschewed physical credit cards for Apple Pay/Google Wallet? As long as the answer to that question is "no", I doubt we'll have phone-based Presto cards.

And if anybody from Metrolinx reads this, I'm a student looking for a co-op job :)

Michael Suddard said...

"And do away with all these cards, especially point cards ... air miles, optimum, aeroplan, costco, hbc - they should all be apps." - CJ

And my George Constanza wallet would be no more! #SayItAintSo

Robert Wightman said...

I would be very very careful if your phone and your cards start talking to each other. You never know what nasty surprise they have in store for you. They are very sneaky.

C.J. Smith said...

I accidentally deleted MS and RW's comments but rescued them from email (I get copies of every comment that is pending) but to answer RW, I have turned off that setting on my phone.

Anonymous said...

I actually use the Payment features of my Samsung S4. Pretty handy if i want to buy a Tim's and not have to yank out my Rbc debit card!

Alex said...

London, England now allows payment by Debit and Credit card, but since the system isn't real-time it's done in an interesting way. Basically, the system records each tap in the backend and then does all the calculations for distance and fare capping at the end of the day, and charges you accordingly. Since no data can be stored on a credit card by a third party, problems exist, such as what to do with fare inspections. The solution in London is that there is no fine for failing to produce proof of payment, it is instead a "Penalty Fare." If you have a fare inspector tap your card on their device, it does not say if you have paid or not, instead the computer calculates at the end of the day and if you did not have a valid pass at the time of the fare inspection, the full 150 pound penalty fare is just charged to your card.

Unknown said...

Most of that is accurate, but the penalty fare is only £80. It's also worth clarifying that having contactless only delays a penalty fare: you can still be fined on the spot by Revenue Protection if you fail to produce proof of payment (just like GO). Having a contactless card will delay the penalty fare from then till the early morning.

I find it odd that TfL still chooses a fixed time to batch all the transactions. Granted, there aren't many people who are in the middle of a journey at 3:30 AM (or whenever the time is), but with the night busses and new 24-hour tube service, it could certainly be an issue.

To explain the problem, let's say the cut-off time is 3:30 AM. You touch in on a night bus at 3:00 AM, and at an Underground Oyster barrier at 3:15 AM. You get off at your destination station at 3:35 AM, touch out, and get on another bus to finish your journey home.

You've paid two maximum fares for your tube journeys (£5.20 each) and two bus fares (£1.50 each) for a total of £13.40, when you may only have incurred £1.50 of costs, depending on your daily capping and zones of tube travel.

I'm not trying to knock contactless at all; I think it's a great enhancement to Oyster. Hopefully TfL can solve some of the early adoption problems for the benefit of other transit agencies like Metrolinx.

Fung said...

FYI, I wrote an Android app that you can use to check your PRESTO card balance. It doesn't _actually_ read the value from the card, but it uses the PRESTO card to trigger a lookup from the PRESTO website.

Still, I think it's pretty neat.

Check it out:
https://play.google.com/store/apps/details?id=org.bitbucket.efung.prestoreader&hl=en

jade said...

but not overexpose the subject, working to create a healthy glow that will have you looking like a Kardashian in no time. phone holder car

Unknown said...

Hire this man

PeterandDianne said...

Regarding the comments on loyalty cards there is an app called key ring where you enter the cards and the barcode. No its not a one tap solution but it allows me to leave the physical cards in a drawer at home.

Thanks Tyson Moore for the details on the card security. It appears that it is more secure than some of the bank cards