technology, phone batteries and e-tickets discussion.

[HSTEd]

Every station?
Have you worked out the number of printers that would require?
And what about the numerous stations that have no buildings?

A tiny fraction of the cost of maintaining the existing ticketing system.
After all the only moving parts it would require a till roll printer and a couple of buttons. When implemented as an add on to existing TVMs it would add no moving parts whatsoever. Given that almost all stations have power supplies of various types now, the presence or absence of buildings is of no consequence.


There are only 2,642 National Rail stations in the UK total.
This is an industry that employs something over a hundred thousand people, a couple of thousand till roll printers are an irrelevance in budgetary terms.

 

[Richardr]

Perhaps we should have machines at stations that will scan an e-ticket from a phone or similar device, and print out a copy on a till roll (if it is a valid ticket that is).

How would that differ from getting rid of e-tickets and instead making the ticket collect at station? Is that really a good thing?

 

[Bletchleyite]

How would that differ from getting rid of e-tickets and instead making the ticket collect at station? Is that really a good thing?

My proposal long term for e-tickets would be of a fully mode agnostic system. So you can have it on your phone, you can print it out at home, or you can go to a TVM or booking office with your railway username and password or ID (it really works better with a single railway account, even if third party retailers can sell tickets into it) and log in and print it on till roll there. Or even just show ID* to a guard or RPI and have them print it, though I think you would want to charge a fee for a TVM print and a higher fee for an RPI print to discourage people doing that by default given how much it would slow inspections. Let's say £2 for a print from a TVM and £10 for a print from an RPI.

* This does require names on tickets, which I support being an option and would choose as I only buy tickets for myself. An option would remain to have an unnamed ticket, but if you did you'd lose this protection. There's precedent for this - some German cities allow you to choose freely between a named season ticket and a transferrable one, if named, like the UK, you can present it later to refund a penalty fare, but if it's transferrable you can't as someone else may have been using it.

 

[stuu]

Adding the facility to log on to an online account via a TVM so you can reprint a ticket should be straightforward, although I bet a lot of people have their passwords saved on their phones so don't know them in the event of a problem with their phone - anyone who has ever picked the "choose strong password" option certainly won't know them

 

[Bletchleyite]

Adding the facility to log on to an online account via a TVM so you can reprint a ticket should be straightforward, although I bet a lot of people have their passwords saved on their phones so don't know them in the event of a problem with their phone - anyone who has ever picked the "choose strong password" option certainly won't know them

A passphrase (a set of words, basically) is as secure as a $(JORFQ£04 type password, so this just takes a bit of thought and good advice on the page where you set it up. Just requires good design to prompt the user to use this approach and not to require upper and lower case (very hard to remember) and random symbols but rather to encourage the use of a long phrase you will actually remember.

An alternative option would be to require the insertion of the card used for payment/tapping of the Apple/Google pay device used for payment and entering a few details about the ticket - name (if named), origin, destination and date would probably work. Not going to be as useful if you've been mugged or something though.

Or with named tickets you could just allow retrospective presentation against a reasonable fee (say £10) like the way you can retrospectively present a Railcard.

 

[Bantamzen]

My proposal long term for e-tickets would be of a fully mode agnostic system. So you can have it on your phone, you can print it out at home, or you can go to a TVM or booking office with your railway username and password or ID (it really works better with a single railway account, even if third party retailers can sell tickets into it) and log in and print it on till roll there. Or even just show ID* to a guard or RPI and have them print it, though I think you would want to charge a fee for a TVM print and a higher fee for an RPI print to discourage people doing that by default given how much it would slow inspections. Let's say £2 for a print from a TVM and £10 for a print from an RPI.

* This does require names on tickets, which I support being an option and would choose as I only buy tickets for myself. An option would remain to have an unnamed ticket, but if you did you'd lose this protection. There's precedent for this - some German cities allow you to choose freely between a named season ticket and a transferrable one, if named, like the UK, you can present it later to refund a penalty fare, but if it's transferrable you can't as someone else may have been using it.

I'm really quite unsure you'd want to be entering ID and passwords onto something like a TVM, especially the large screen versions. This just screams a potential security flaw, it would be way too easy for someone to be close by with a mobile camera catching the unwary out. It probably wouldn't be much better getting a printout from a ticket office if the details were passed audibly.

 

[Bletchleyite]

I'm really quite unsure you'd want to be entering ID and passwords onto something like a TVM, especially the large screen versions. This just screams a potential security flaw, it would be way too easy for someone to be close by with a mobile camera catching the unwary out. It probably wouldn't be much better getting a printout from a ticket office if the details were passed audibly.

Obviously using the facility would be entirely optional; everyone would be free to use other safeguards like printing an e-ticket as well as putting it on your phone.

It doesn't strike me as any more of a security flaw than the use of a PIN for withdrawing cash, and all you can get by way of it is a printout of existing purchased e-tickets with which your ability to cause issues is relatively limited as even if you have those details the tickets in the account may be of no use to you. (This is sounding a bit like a discussion about 10-15 years back where my proposal for a system of e-tickets basically the same as the one was implemented was apparently too insecure too - missing the point that security isn't an absolute, you just need to be secure enough, a bit like the entire basis of home security is being more secure than the adjacent few houses so the thief breaks into them rather than yours).

 

[Bantamzen]

Obviously using the facility would be entirely optional; everyone would be free to use other safeguards like printing an e-ticket as well as putting it on your phone.

It doesn't strike me as any more of a security flaw than the use of a PIN for withdrawing cash, and all you can get by way of it is a printout of existing purchased e-tickets with which your ability to cause issues is relatively limited as even if you have those details the tickets in the account may be of no use to you.

But with the PIN you need the card, so if the worst happens someone can alert their bank that their card has been stolen and PIN compromised. Entering a user ID and password could potentially be recorded without the person even knowing, and given that such accounts could link to bank accounts I'd certainly be advising people to give that a swerve as much as logging onto accounts on open public WiFi networks. Maybe something like a NFC handshake to get the TVM to produce a printed ticket might be better, although obviously this requires the person to have a NFC enabled smartphone!

Saying all this, would there really be a need to print an e-ticket from one in the first instance? They could be printed at home as a back-up, but if someone was worried about their phone borking or running out of juice there is the option of ordering tickets on demand online, or just buying them outright from a TVM or ticket office.

 

[Bletchleyite]

Saying all this, would there really be a need to print an e-ticket from one in the first instance?

Everybody who's been fined for a battery running out or a failed/dropped phone would potentially have benefitted from this.

 

[Bantamzen]

Everybody who's been fined for a battery running out or a failed/dropped phone would potentially have benefitted from this.

Well those that printed their tickets out...

 

[Bletchleyite]

Well those that printed their tickets out...

Increasingly young people don't own a printer, though. I have one, you have one, but it's a dying breed. I can't remember the last time I wrote a paper letter, and coursework these days is submitted online.

The railway saves a lot of money by externalising the costs of ticket sale and presentation to the user. It's not too much to ask that in return for that it should provide reasonable workarounds in the event of the related technology failing. It doesn't often, but getting a potential criminal record when it does is really overkill.

 

[Peter Sarf]

A passphrase (a set of words, basically) is as secure as a $(JORFQ£04 type password, so this just takes a bit of thought and good advice on the page where you set it up. Just requires good design to prompt the user to use this approach and not to require upper and lower case (very hard to remember) and random symbols but rather to encourage the use of a long phrase you will actually remember.

An alternative option would be to require the insertion of the card used for payment/tapping of the Apple/Google pay device used for payment and entering a few details about the ticket - name (if named), origin, destination and date would probably work. Not going to be as useful if you've been mugged or something though.

Or with named tickets you could just allow retrospective presentation against a reasonable fee (say £10) like the way you can retrospectively present a Railcard.

My bold. This should work and arguably would not even need id and password let alone other details. I have bought tickets online and then gone to a TVM to get the tickets just letting the TVM see my Credit Card. Printing the eTicket is a similar level of security requirement. In both cases (eTcket or normal collect at station ticket) a fraudster would have to know tickets had been already bought.

It occurs to me that at a TVM could the eTicket just be printed by the existing printer on the standard card used for normal tickets ?. Then no need to adapt or add any hardware.

 

[Bletchleyite]

My bold. This should work and arguably would not even need id and password let alone other details. I have bought tickets online and then gone to a TVM to get the tickets just letting the TVM see my Credit Card. Printing the eTicket is a similar level of security requirement. In both cases (eTcket or normal collect at station ticket) a fraudster would have to know tickets had been already bought.

It occurs to me that at a TVM could the eTicket just be printed by the existing printer on the standard card used for normal tickets ?. Then no need to adapt or add any hardware.

Only downside of that is that it doesn't allow a reprint if you've had your phone and wallet stolen at knifepoint, something that's not entirely unusual in London at times.

But if we're just talking about the more common situation of phone batteries running out, then as long as you didn't use a Chase card or similar to buy it (hiding the use of virtual cards really was irresponsible on their part) using the purchase card would deal with most circumstances for most people. You could even have the TVM convert it to a paper ticket, applying a scan saying "converted to paper ticket, do not accept" to the e-ticket, which obviously if then used could be dealt with harshly if unable to hand over the reprinted ticket as well. But an e-ticket reprint would be best, then if you do get the chance to charge/fix your phone you can still use it.

 

[Peter Sarf]

Only downside of that is that it doesn't allow a reprint if you've had your phone and wallet stolen at knifepoint, something that's not entirely unusual in London at times.

Yes a useful alternative route if you have lost too much.

Your point about crime in London is quite applicable to er Croydon. Although usually its a pointless stabbing resulting in no need for onward travel !.

But if we're just talking about the more common situation of phone batteries running out, then as long as you didn't use a Chase card or similar to buy it (hiding the use of virtual cards really was irresponsible on their part) using the purchase card would deal with most circumstances for most people. You could even have the TVM convert it to a paper ticket, applying a scan saying "converted to paper ticket, do not accept" to the e-ticket, which obviously if then used could be dealt with harshly if unable to hand over the reprinted ticket as well. But an e-ticket reprint would be best, then if you do get the chance to charge/fix your phone you can still use it.

Makes sense.

 

[HSTEd]

How would that differ from getting rid of e-tickets and instead making the ticket collect at station? Is that really a good thing?

People would still be able to use etickets should they so choose.

The point would be that if someone arrives at a railway station without sufficient device battery life to reach the other end, they can print their ticket then there and there and avoid a fine.

If you simply scan the ticket you avoid all the login apparatus being proposed by others in the thread. Indeed the ticket printer doesn't even need a network connection.

 

[Bantamzen]

People would still be able to use etickets should they so choose.

The point would be that if someone arrives at a railway station without sufficient device battery life to reach the other end, they can print their ticket then there and there and avoid a fine.

If you simply scan the ticket you avoid all the login apparatus being proposed by others in the thread. Indeed the ticket printer doesn't even need a network connection.

Would it not have to check over the network that the ticket was valid though?

 

[HSTEd]

Would it not have to check over the network that the ticket was valid though?

Tickets are digitally signed to allow them to be validated as real tickets without a network connection. This works by using public-private key cryptography where you can decode a message without being able to encode it.

Otherwise handheld ticket readers of the type used by staff would fail miserably in areas without proper internet connections.

 

[Bantamzen]

Tickets are digitally signed to allow them to be validated as real tickets without a network connection. This works by using public-private key cryptography where you can decode a message without being able to encode it.

Otherwise handheld ticket readers of the type used by staff would fail miserably in areas without proper internet connections.

Ah yeah, this has been mentioned on another thread. Sorry, my bad I had forgotten!

 

[MarkyT]

Would it not have to check over the network that the ticket was valid though?

Maybe the encoding on the ticket could effectively validate itself, but I would have thought you'd still want to make a record centrally that it is being used and check it hadn't been already. Easier to provide a reliable data connection at a fixed location than on the train.

 

[Bletchleyite]

Maybe the encoding on the ticket could effectively validate itself, but I would have thought you'd still want to make a record centrally that it is being used and check it hadn't been already. Easier to provide a reliable data connection at a fixed location than on the train.

If there is a data connection that can be retrieved, but if there isn't it's recorded retrospectively once one becomes available.

Connectivity gets better all the time, in 10-20 years fully online on board verification will easily be possible, then you don't need the secure barcode, you just simply encode the ticket ID number in a simple single dimension barcode.

 

[Energy]

Tickets are digitally signed to allow them to be validated as real tickets without a network connection. This works by using public-private key cryptography where you can decode a message without being able to encode it.

Otherwise handheld ticket readers of the type used by staff would fail miserably in areas without proper internet connections.

They need someway to get said public keys. Either uploaded physically using a USB stick or an Aztec code (obviously with the machine aware that it's scanning for a key not a ticket) it more likely a low speed Internet connection and machines/scanner updating whenever they get signal.

Maybe the encoding on the ticket could effectively validate itself, but I would have thought you'd still want to make a record centrally that it is being used and check it hadn't been already. Easier to provide a reliable data connection at a fixed location than on the train.

IIRC (don't quote me!) a note of it being scanned is made and uploaded whenever the scanner gets signal. It's used partly for fare investigations and also because some guards get extra pay per ticket scan they do.

The scanner still gets enough ticket details from unencrypting the ticket to determine whether its valid on this service.

On a side note I'd hope to see TOCs issuing staff with devices with laser scanners built in (ZEBRA or whoever owns them make some), the current ones use the camera and machine vision which is quite slow to scan.

If there is a data connection that can be retrieved, but if there isn't it's recorded retrospectively once one becomes available.

Connectivity gets better all the time, in 10-20 years fully online on board verification will easily be possible, then you don't need the secure barcode, you just simply encode the ticket ID number in a simple single dimension barcode.

From an IT perspective keep the Aztec codes, being able to get much of the data offline dramatically reduces the amount of traffic to servers, even if you still have a few requests for the odd passenger with just the ticket ID.

If the system goes offline then signed Aztec codes would continue to work while a system dependent on remote servers would completely go down.

 

[Bletchleyite]

From an IT perspective keep the Aztec codes, being able to get much of the data offline dramatically reduces the amount of traffic to servers, even if you still have a few requests for the odd passenger with just the ticket ID.

The amount of data in an Aztec code is tiny, and you're talking about IT in 10-20 years' time which will be well in excess in capacity than IT now.

Remember that 20 years ago we were saying that it was impossible to have a TVM that knew all point to point fares (the first ones that did, Virgin's Shere FastTicket machines, first came about roughly then). Now they're mostly fully online and just do a search no different from what you'd do on your phone or laptop.

 

[Energy]

The amount of data in an Aztec code is tiny, and you're talking about IT in 10-20 years' time which will be well in excess in capacity than IT now.

Remember that 20 years ago we were saying that it was impossible to have a TVM that knew all point to point fares (the first ones that did, Virgin's Shere FastTicket machines, first came about roughly then). Now they're mostly fully online and just do a search no different from what you'd do on your phone or laptop.

They store enough data for origin, destination, TOC, route restrictions etc.

Its still a request, I'd consider it poor design to change a system from one that can work offline to one that depends on an internet connection and remote servers working.

 

[stuu]

I made the following comment on this thread the other day:

Of course there is the outside possibility of something failing unexpectedly, but that must be vanishingly rare

In what can only be described as a punch in the face from karma, my phone has had some sort of catastrophic software failure today, completely out of the blue, whilst I was actually using it. That will teach me

 

[mike57]

Some thoughts on all this...

Friday I was out for the full day leaving home at 7.30 and arriving back at about 4.30. During this time I travelled on 4 different trains and 2 buses, and all had charging ports (USB A) provided. On one the charging ports in my carriage were 'dead' but the guard saw me fiddling with my charging cable and told me the next carriage was OK. All others were working. Including some fairly heavy phone use during the day (beyond browsing) I arrived back home with 72% charge. I also had my small emergency battery in my pocket, but obviously didn't need it. So 'running out of battery' as an excuse doesn't wash with me.

Total phone failure can happen but is quite rare.

My suggestion would be that if you can prove that you had a valid ticket bought on an account in your name which was purchased before the penalty fare was issued then the penalty fare should be massively reduced (£10?) or waived. This would go a long towards ensuring that the penalty fares target those attempting to evade rather than people who make a genuine mistake, which is what the penalty fare system should be doing.

Another thing I do, if travelling on a long journey, e.g. a holiday abroad, I upload all the pdfs of tickets into my cloud storagte. These can then be accessed from any web browser on any device, so if the worst happens I can still access my tickets.

 

[Bletchleyite]

My suggestion would be that if you can prove that you had a valid ticket bought on an account in your name which was purchased before the penalty fare was issued then the penalty fare should be massively reduced (£10?) or waived. This would go a long towards ensuring that the penalty fares target those attempting to evade rather than people who make a genuine mistake, which is what the penalty fare system should be doing.

The problem is someone else could have used it. The solution, though, is to allow tickets to be named if the purchaser wishes, i.e. only valid for a named individual. Then showing ID should be perfectly fine. As I only ever purchase for myself I'd always choose this for the extra "security".

A small fee to look the ticket up and reprint it or to process retrospective proof (as per a season) does seem reasonable to stop people just deliberately rocking up without a means to show it - £10 (flat) does seem reasonable, being the standard admin fee.

 

[mike57]

The problem is someone else could have used it.

Surely the debit bank account name would be the proof, plus the scan (or lack of it) history for that ticket. I assume all that data is available. Obviously there could be cases where someone else has purchased the ticket, e.g. parent for a child, but if all the data is available then it would be a simple check to to confirm that the details provided as part of the 'apply for £10 stupidity fee rather £100 fare dodgers fee' tally. Also keep records of names, and if certain names crop up frequently issue a last chance saloon notice.

 

[a_user_123]

The problem is someone else could have used it. The solution, though, is to allow tickets to be named if the purchaser wishes, i.e. only valid for a named individual. Then showing ID should be perfectly fine. As I only ever purchase for myself I'd always choose this for the extra "security".

A small fee to look the ticket up and reprint it or to process retrospective proof (as per a season) does seem reasonable to stop people just deliberately rocking up without a means to show it - £10 (flat) does seem reasonable, being the standard admin fee.

I don't understand! Just check if the ticket has been scanned then there's no more risk than at that two people will share an e ticket at present.

 

[Harpers Tate]

This is all a classic case of several factors, each on its own understandable, predictable, appropriate. But when they combine together exactly the opposite is true.

1: Expectation and encouragement for passengers to pay their fares by self-service, to reduce the costs of ticket vending
2: Requirement for passengers to buy before they travel
3: Punitive enforcement action against those who do not pay.

But 1 + 2 alongside 3 is reliant on a piece of technology that is not in itself covered by any of the rules or terms. There is no account taken of the possibilty (however rare) of an electronic device failing, whether through flat battery or otherwise. Thus the perfect storm is that a wholly legitimate passenger who has caused the Railway no loss whatsoever may still be subject to punitive action when the cause is at least in part beyond their control.

For myself, I will always buy in advance (for an Advance fare) or on the day at a TVM or office (others) and any ticket bought at home will, without exception, be printed, so I will have two copies of it with me; the pdf electronically and a paper copy. Now frankly, that should not be a necessary precaution, but it is.

Failure to produce in the case of failed electronics needs to have proper provision made for it in procedures. Customer later provides a ticket and no punitive action is warranted. Case dismissed. The unique barcode will identify the ticket and should/could indicate whether it has been used (by another or on another occasion). And if the "system" can't record use, then it is the "system" that needs investment.

The Railway can't morally/legitimately "have it both ways" yet it persists in doing so. Sure - save vending costs by Electronic Ticketing. Sure - penalise those who don't pay. But don't penalise those who do pay all that is due, but can't prove it on the spot.

 

[Peter Sarf]

This is all a classic case of several factors, each on its own understandable, predictable, appropriate. But when they combine together exactly the opposite is true.

1: Expectation and encouragement for passengers to pay their fares by self-service, to reduce the costs of ticket vending
2: Requirement for passengers to buy before they travel
3: Punitive enforcement action against those who do not pay.

But 1 + 2 alongside 3 is reliant on a piece of technology that is not in itself covered by any of the rules or terms. There is no account taken of the possibilty (however rare) of an electronic device failing, whether through flat battery or otherwise. Thus the perfect storm is that a wholly legitimate passenger who has caused the Railway no loss whatsoever may still be subject to punitive action when the cause is at least in part beyond their control.

For myself, I will always buy in advance (for an Advance fare) or on the day at a TVM or office (others) and any ticket bought at home will, without exception, be printed, so I will have two copies of it with me; the pdf electronically and a paper copy. Now frankly, that should not be a necessary precaution, but it is.

Failure to produce in the case of failed electronics needs to have proper provision made for it in procedures. Customer later provides a ticket and no punitive action is warranted. Case dismissed. The unique barcode will identify the ticket and should/could indicate whether it has been used (by another or on another occasion). And if the "system" can't record use, then it is the "system" that needs investment.

The Railway can't morally/legitimately "have it both ways" yet it persists in doing so. Sure - save vending costs by Electronic Ticketing. Sure - penalise those who don't pay. But don't penalise those who do pay all that is due, but can't prove it on the spot.

This is my view. The railways are in danger of being seen to want to have their cake and eat it. Furthermore they should put their own house in order as well (last minute P-coding for example).