28th November 2018

Transport for the North to launch Smart on Rail project
Insider Media

Comment from: Mike Duncombe

Phew! Two in one day. More nonsense, I'm afraid.

Firstly, using an ITSO ticket product for point-to-point travel is perfectly feasible - not easy, but achievable. It will be implemented if only to please the DfT, but it's unlikely to get a wide implementation. TOCs are not ITSO fans and ITSO isn't a very good technology for rail; it might work for period passes between gated stations, but anything that has a reservation is a non-starter (what's the point of having a smart card ticket if you have to have a piece of paper telling when to catch the train and where to sit?). ITSO on Mobile might offer an answer, but why not just use the 2-D bar-codes that TOCs want to use anyway? Bar-code security could be improved at little cost (relative to an ITSO infrastructure), if that's a concern.

Those who propose using cEMV to tap-in, tap-out on national rail should try to work out the commercial proposition to TOCs and passengers before they begin to try to overcome the technical and (EMV) security issues. If they did so, they may find that they put the whole idea on the "too hard" pile.

28th November 2018

Every rail station in Britain 'should allow you to pay using contactless' say transport chiefs
Evening Standard

Comment from: Mike Duncombe

Unbelievable ignorance of the national rail network, rail journey pricing and ticketing, and ticketing technology. Just proves the my observation: whenever a newspaper writes about something you know about, it's wrong - from which I conclude that newspapers are always wrong.

If the figures given in the article are correct, contactless still accounts for significantly less than half of all journeys. There may be 55 million different fares, but that figure gives a false impression of the difficulty of finding the best value fare trainline will do it for you, and give you a mobile ticket; you can use trainpal if you want to do split ticketing.

In any case, using a contactless bank card on open, national rail is fraught with issues, for which there are no known solutions - as you correctly point out.

If Mr. Brown's comments are indicative of the clarity of thought going into this issue in TfL-land, then I sincerely hope that it sticks to managing its privileged, special single operator model.

31st October 2018

NCT announce a smartphone and beacon ticketing trial on West Bridgford bus route
West Bridgford Wire
Steve Wakeland, CEO, ITSO, says, “As ticketing technologies advance, we are keen to support those that co-exist with traditional smart ticketing ...

Comment from: Mike Duncombe

It seems that ITSO has moved on from competing with its members, and started competing with itself!

What on earth is ITSO doing? It has no mandate to "support" (whatever that means) beacon solutions. Even if it did, how would it ever agree a specification since it has severed ties with the supplier community? Does it believe that its operator members have the interest and capability to drive the specification forward? If so, ITSO is sadly misguided.

ITSO appears to be repeating a trial of phone and beacon technology that has been done several times already (spoiler alert: it works), but no-one wants to buy. Why? Because it needs many entities to act in concert, even if it is a good idea. cEMV and operator specific bar-code solutions don't really need orchestration in the same way, so are much easier and cheaper to implement.


19th September 2018

Apple Unshackles the iPhone's NFC Reader
RFID Journal
The new XS, XS Max and XR models support the reading of Near Field Communication tags without users having to first open an application.


(All made anonymous)

It would have been big, if such protocols as transit and EMV were supported. Or - better still - if Apple integrated contactless EMV reader into every iPhone and iPad. One day…


The Apple NFC thing is big news, as it makes the iPhone finally work like all other NFC phones (how NFC was originally designed to work, and how consumers and advertisers expect it to work) where you just tap a tag to pick up the URL/contents. 

Their half-way solution of having to run an app first was a waste of time - pity they took so many years to get this right.

Responding to your question on NFC in the latest iphones then in short yes, this is the one we've been waiting for.  You can read an NDEF record on a tag using an iphone and, for example, be redirected to a page in the browser.  However, this will be a slow burn as this appears to have required some hardware updates so only works on the new phones and won't be available on the current range when upgrading to iOS 12. 

So I suggest big news but the impact will take time until there are enough devices with this capability in consumer's hands.  One further caveat; until we get hold of one of the new devices I can't comment on how seamless the new user experience is (is NFC tag read on by default, how many dialogues and options are presented the first time a user taps a tag...) 

Not a bad time to buy a couple of NXP shares.

Short Answer – No- it is not big news. 

Slightly Longer answer: If you are mad enough to spend upwards of £1000 to have a phone where the NFC reader is constantly polling ( I guess battery life has been increased to compensate) so you tap on a NFC tag and read the URL without opening a App. that is fine. Of course, no NFC tags will ever have URLs which will direct the user to “dodgy” websites or malware links, as it is well known that the whole world is honest all of the time (Fake News). 

My proposal is to turn the option off, if it lets you…

While I respect the enthusiasm of the whole NFC/RFID industry about this news, the answer is that this step is a mare lip service probably taken to appease that same industry and a few big Apple's partners like NXP, Nike, Nestle, etc.  But otherwise, technically speaking, this is more of a smoking mirror and, more bluntly, a useless feature that could actually lead to a backfire similar to the one experienced by the NFC industry many years ago when the only consumer use-case was engagement with outdoor posters.  Now, iPhone XS can do it too.  

The new implementation available only on the new iPhone models, barely allows what has been already available with QR codes since iOS 11.  It does exactly what QR codes can do - scan to read and handle a URL without the need to download a dedicated app.  And in that regards, QR-codes (and barcodes) are indeed more efficient and user-friendly than NFC tags.  And QR-codes are already de-facto the standard used all over Asia and especially China and Japan. This NFC announcement is therefore of little value and more of a gimmick.

And, as the writer of this RFID Journal rightly mentioned, that announcement was so minor that Apple didn't even mention it anywhere other than in the iOS SDK notes, which is where developers dig in for esoteric code enhancements and features.  So unimportant it was for Apple that they buried it dip inside the technical notes - not worse even a small bullet point on Apple's main website.

The main advantage of NFC chips over QR-codes is the ability to embed non-secure, passive NFC tags, which offer the same low security as QR codes, into wearable and other products where QR-codes or barcodes are not easily implemented (e.g., abrasive or badly-lit environments).  But, the whole wearable industry anyhow uses labels on printed hangtags, where QR-codes are much cheaper and easier to implement.  Note, that using RFID labels is a completely different topic and actually has many advantages as deployed by M&S and many other retailers and producers.  But RFID requires special reading devices (aka "Gates" and "guns"), and is not available on mobile devices and therefore is mainly used for backend and upstream channels, such as supply-chain management, but NOT for consumer-facing applications, which require availability on smartphones. 

The real "holy grail" of NFC is the secure-element ("SE") module, which is the feature used by the financial, transport and eID industries.  And also used by Apple Pay.  My opinion is that Apple does not want to allow access to the SE because that would also allow Apple Pay competitors, such as Visa, Mastercard, PayPal, banks, etc, to compete directly with Apple Pay.  See the lawsuit brought by banks in Australia against Apple restricting access to the SE to Apple Pay.

The only two positive advancements are:

1) NXP, STM and a few other leading NFC producers (I'm almost sure Infineon too) offer special new chips designed specifically to address that Apple's restriction on secure element access, but those tags are still too expensive and work-in-progress, rather than mature products.  It will take years until they become widely-used chips.

2) During WWDC 2018, Apple hinted that it would partner up with selected vendors to allow them SE access to enable using iPhones and Apple Watches to for campus access.  As far as I read about it, it was specifically designed and enabled for HID Global who are also the providers of the campus access system used by Apple itself on its own campuses.  Now HID Global can roll out that feature to its other clients such as USA universities and office buildings.  In other words, "we can allow SE access to our trusted suppliers, BUT not to anyone else who might compete with Apple Pay" (i.e., HID Global is not involved in the financial industry).

My guts feeling is that Apple is restricting the access to the SE to protect Apple Pay from the competition.  And therefore, has very little interest in making even small steps to promote the NFC industry.  That "new feature" is a mere lip service to some of its big partners while hoping that it won't pave the way to others demanding access to the SE, not until at least Apple Pay conquers the digital wallet world.

11th May 2018

Missing from Mobile

From: Anonymous

I notice that you have not yet published anything about Google's and ITSO's announcement of the capability of storing ITSO ticket products in in the Google Pay wallet.

I hope this is a deliberate policy on your part. I think it's scandalous that ITSO is reserving access to this technology to itself, and thus taking business from those of us who have been distributing products using Part 11 and Action Listing.  [*] has supported ITSO in lots of ways over the years - even in the dark days of Michael Leach's incumbency.  This is no way for a company that's sole purpose is the development and maintenance of a specification and testing products for conformance to the specification to behave.  It claims to be a membership organisation, but it is now working against the interests of at least one of its members [*].  If I could, I would stop paying them.

Disgruntled [member]


17th April 2018

How 5G Will Unlock The True Potential of IoT Devices
When it comes to how 5G will impact the IoT world, the obvious answer is linked directly to the speed of the connection between devices and the world wide web. But there's more to the equation, according to Scott Stonham, Transformative Technologies, London-based IHS Markit, “5G promises to offer ...

From: Anonymous

IHS seem to have entirely missed the point of 5G as far as IoT is concerned!

Certainly for the "sensor" type of devices, it's not high speeds and huge volumes of data that will be important - quite the opposite, infact.

The "sensor" type devices will benefit from the very slow modes which will become available - because they allow much lower power operation.


4th April 2018

De La Rue handed lifeline on British ePassport contract
Planet Biometrics
UK ministers have given British identity solutions firm De La Rue more time to challenge a passport decision that saw it lose the country's ePassport contract. The UK government has granted a two-week extension to the bidding process to make the new British passports, a week after it all but handed this ...
(So you don’t like the answer from the formal tender selection process, because Johnny Foreigner won it fair and square, so you change the rules after the end of the race, to suit your taste. Ed. wouldn’t do that, even to the French. Oops, Gemalto technically isn’t French.)

From: Ed.

We received a number of comments on this item, covering both sides of the argument.  Several readers scolded Ed. for not siding with Great Britain, and several that De La Rue should have been given the business, despite all the negatives about the company, the offer and the high price quoted.

Others took a more scientific approach and pointed out that the decision by the UK government to give De La Rue a couple of weeks to, um, make a better offer was probably illegal under EU rules and in any event was in very bad taste.  It was also noted that Thales as a large supplier (the company trying to take Gemalto over) has a very cosy relationship  to the MoD and other UK security services.  The passport data would be jolly convenient to get hold of and pass on...

29th March 2018

The Future of Location: Beyond Beacons
IoT For All (blog)
The requirements of many applications, however, have moved beyond what Bluetooth beacons can offer. The fact that beacons only work with smartphones, not tags, immediately limits their applicability in many industrial IoT applications. And their precision—3 to 4 meters—further limits their usefulness.

From: Anonymous

Interesting article about beacons & location - but based on a bit of a false premise.

  • There is no particular reason why BT beacons have to talk to a smartphone; although it may currently be the commonest use case, it could easily be built into other devices.
  • There is no particular reason why BT beacons have to be battery powered; again it may currently be the commonest use case, but energy harvesting (eg, solar cells) is certainly feasible.


9th March 2018

Metrobus ticket payment machines won't take cash, excluding some of Bristol's poorest people
Bristol Post, in Smartexpress on 7th March 2018

From: Julian Rooney, MD of Cammax Limited

Thought it would be useful to give you the background on the rather misleading article Bristol Post have published, details of which you circulated yesterday in your super Smartexpress bulletin. I also think you might be interested in what Bristol are doing.

Bristol is all about getting cash off the buses, at present every bus spends 35% of its time waiting at bus stops collecting fares and giving change to passengers. 35%!! A shameful waste of time and money

So they are rolling out 80 self-serve Cammax ipoints which can issue and encode ITSO smartcards, as well as allow travellers to collect pre-purchased tickets via the main machine or a pick up post on the side. The idea is to replicate the simplicity of Oyster on the Bristol bus system

The ipoints are located at bus stops all over the city, it wouldn’t be a good idea to have machines full of cash just sitting outdoors on the street, it would be a massive security risk. The strategy is to deliberately move AWAY from cash, and the Smart Tickets issued and topped up at the i points are instrumental in helping them do that.

The kiosks also have RTI above the transactional section, and also a route map on the rear please see attached photos. The image with me on shows the pick-up post on the side, i.e. two people can collect smart tickets at the same time at the kiosk. This is just the first one, we are rolling out 80 of these over the coming weeks and months. It’s the biggest UK roll out for Smart Ticketing self-service since Oyster.


5th February 2018


Lloyds Bank customers have been banned from using their credit cards for Bitcoin purchases.  Whilst Ed. believes that any such transactions would be barking mad, he considers that the arrogance of Lloyds in dictating what people may or may not spend their credit on is quite breathtaking.  Did the bank also play nanny and forbid us from buying shares in, er, Lloyds Bank when it was about to go bust?

From: Richard Sanders

I agree totally with Ed. Gordon Brown took far bigger gambles than this buying the toxic Halifax files and have never been brought to account.

From: Anonymous

Yes but you could argue that Lloyds is considering it gambling and many CC are banned from 7995 transactions.  But then there is a debate why are stocks and shares called investments that can go up and down but betting on the 3.55 at Newmarket based on a tip is called gambling after all your value can go up and down.

So it is just snobbery that means stocks, shares are considered investments or is that they have some underlying value to the asset you are purchasing, in which case Crypto is the 3.55 at Newmarket as a non FIAT currency it can be argued there is nothing backing it up.

From: Anonymous

Under consumer credit law, banks are “jointly and severally liable” for purchases made on credit cards. This means they effectively have shared ownership of the goods bought and is what underpins the fact that if you buy a holiday or kitchen appliance on your credit card, and something goes wrong, you have legal redress on the bank as well as the manufacturer/retailer (which may have gone bust, hence the protection). Thus if you are mad enough to buy some Bitcoin on credit and it halves in value overnight, you can theoretically make a claim on the bank for this loss – I am guessing that this has already been tried a few times already (maybe successfully – good story!!) which is why they have probably rightly banned these purchases by that method, since otherwise it would only end with us all paying for it..

That’s irrespective of what me might all think about Lloyds & the banking industry in general. Our US bank has just quadrupled our bank fees and when we complained they just sent us the forms for closing our account..

From: David Parker

The following link clarifies Visa's and Mastercard's recent statement that Crypto purchases from their respective cards will be treated as cash advances rather than purchases, thereby attracting much higher charges on the cardholder.



12th January 2018

Barclays Bank still penalise Android compared to Apple

From: Alex Lithgow Smith

I have to comment on the misleading Barclays article.

“The Barclays app does have a couple of advantages over Google Pay, for instance they will allow you to make contactless payments of up to £100 with supporting retailers whereas Google Pay is limited in the UK to £30 or lower payments.”

This is a complete misunderstanding by the writer.  Barclays allow you to perform a transaction of up to £100 full stop, whereas Google Pay (and Apple Pay & Samsung Pay) is unlimited on the handset (merchants may have their own upper contactless limits) and will simply go online for approval where appropriate.  The £30 is the current CVM limit, and applies just as equally to the Barclays app as to any other; it’s the reader that requires CVM for >£30, not the app.

The Barclays app also, however, allows you to additionally require the handset to ask for PIN (note, it doesn’t appear they support biometric on Android devices) for up to £30; i.e. to require explicit cardholder approval for every transaction.  Transit (TfL) never requires a PIN regardless of the setting.

BTW – Amex also have their own Android app, which I haven’t used since they joined Android Pay.

Another benefit is that if you lose your bank card, Barclays can enable your new card on their banking app before it’s even posted to you – with Google Pay you’d have to wait for the new card to arrive before you could scan it and add it to your account.

Again, nonsense.  If you lose your bank card, the contents of your Google/Apple/Samsung Pay wallet are completely unaffected (assuming you had added the card to the mobile device before losing it).  It’s only brand new cards where Barclays (and Amex on Android) may have an advantage.

Users of Android devices have a reason to be envious of customers with their iPhones.

Which may or may not be true, but isn’t really backed up by anything written here.

Barclays have had to bow down to the mighty Apple who point blank refused to let third party applications get access to their NFC chip effectively wiping out the ability for contactless payments via anything other than Apple Pay.

It’s a fair question to ask of Barclays as to why they won’t give Android users a choice. If the Barclays Contactless Mobile solution is so great then surely their customers will opt to make it their default service. If (especially for in-app and web payments) it’s not as good as they hope, then why not allow users to add their cards to Google Pay. Bearing in mind they’ve done it for Apple Pay it all seems a bit petty minded not to give Android users the same abilities with Google Pay… or am I missing something?

For any business operating as both card issuer and acquirer, as is the case with Barclays, transactions performed by their own cards on their own terminals can remain internal to the business and are therefore not subject to the card scheme’s processing fees.  By issuing their own mobile contactless payment app where possible, they can retain this complete control of the transaction and user experience.

For Apple, Google, Samsung, etc. the transaction has to pass through a third party (generally the card scheme) due to the tokenisation involved, and fees are therefore incurred (disregarding any other fee paid to Apple et al).

Therefore, where there is a choice, it makes sense to provide their own app rather than integrate with the third party.  Where this is not possible, the choice is either not provide the capability at all, and risk upsetting cardholders, or to reluctantly sign up.


9th October 2017

Government to invest £80m in smart ticketing
Computer Business Review

From: Anonymous

You won't be surprised that I have views on this.

The article is all over the place, conflating mobile ticketing with smart card ticketing, and making wild assertions. Essentially what is actually happening is that mobile ticketing is now becoming more and more available. I travel on the train three or four days every week across the country and it's months since I bought a ticket at a TVM. Obviously, I'm in a position to be interested and to make sure I have the right app for the right service (it's still the case that you can often not buy mobile tickets from the app of one TOC when your travel is provided by another - but the Trainline app fixes that, for a fee). So, yes, I can see that everyone would be able to use a bar-code by the end of 2018 (notwithstanding, there are some stations, Milton Keynes for example, which have gates that won't read a bar-code).

Actual "smart", as in smart card or NFC ticketing, is another matter. ITSO is at the early stages of delivering "ITSO on Mobile" - we're waiting for the 2nd focus group to be convened. As for RDG and DfT, I have no clue what they might be thinking.

Having spoken to Dave Busby at your excellent TCF17, I can say that the KeyGo pilot was more of a "proof of concept", based on wifi proximity and GPS rather than anything precise and specific. There's no link to the actual train you're on (other than inferring the train by cross-referencing location and travel direction with the time of travel - clearly not suitable for a really busy station). Nowhere near ready for deployment - even if it is viable.

As for "Pay as you Go" on National Rail, I can only assume that the author is having a laugh. Even if you could get it to work (and TOCs view gates as automated ticket checkers, rather than as participants in the price calculation), would anyone want to use it? One of the key determinants of how much you pay is when you buy your ticket. I can't see lots of people voting to pay the highest walk-up, premium fare when they can buy seasons and advance tickets that can be stored as bar-codes or ITSO cards.

Interest-ed's question about the £80m. Originally, TfN's £150m was an "up to" figure only to be spent against approved business cases. It would certainly have included implementation of smart in TfN-land. Now that the project has gone national, and as far as I can tell being run by DfT in London, they're saying £80m. Therefore, I conclude that at least part of the £80m is part of £150m - it's not clear how much. The really interesting question is, what are they going to do with the money? If they're going to get the job done by the end of next year, then they should know. I think we should be told.

9th October 2017

West Yorkshire's 'game changing' multi-operator smart ticketing app released
Intelligent Transport (press release)

From: Anonymous

I saw this article on Friday - it annoyed me then, and its annoyed me today.

I don't know who put out the press release, Molten Mouse I guess. I really must get better at PR, marketing and account management in general. The article gives a totally inaccurate impression of the actual state of affairs. Basically, the Molten Mouse app is a nice UI on top of Yorcard's Part 11 solution (Kafeneon) and Retail Services. It's the same software that underpins West Yorkshire kiosks (supplied by Cammax with Yorcard software) and West Yorkshire travel shop tills (supplied by Haven with Yorcard software), along with other implementations in South Yorkshire, York, and Go-Ahead.

I should know better by now.

1st September 2017
A row about ID cards lasted years and cost the UK billions. Then Theresa May scrapped them

From: Mike Duncombe

However, the thing is that a government issued electronic security certificate that could be used to authenticate you online and offline would be really useful.

For example, we could use it to electronically sign documents, thus getting away from the farce of printing, signing, scanning and emailing which is obviously so insecure and prone to repudiation. This would speed up transactions of all sorts that currently rely on a hand-written signature.

You would think that a secure electronic ID issued by the government would carry a lot of trust. It's a pity that people would sooner trust a private company like Thawte, or use a bank card as a means of identification, rather than trust the government.

23rd August 2017
North should 'take control' of transport, says Grayling

From: Mike Duncombe

This is what TfN wants to do - but DfT is not providing the powers that TfN is asking for.

The cancellation of the electrification plans tells you everything you need to know about the government's attitude towards transport investment in the North -at the same time as they spend billions on Crossrail2 and HS2 - both of which will just have the effect of expanding the travel-to-work area for London.

It's almost as if the government has forgotten that this is *one* country - it seems to be going down a taxation and spending policy route that supports spending in the areas that pay the taxes, rather than using taxation for the benefit of all equally. Home rule for a mixed economy North of England seems to be the logical end point, while the South-East joins the world of mega-rich merchant city-states!

10th July 2017
Oyster for the North

From: David Hytch

As pointed out by Transport Scotland there is a commitment in the contract won by Calmac last year to operate Ferries in the Western Isles to implement a smart card scheme for the ferry passenger and freight user by 2019. This also includes a commitment to integrate with bus and Scotrail using the ITSO capabilities on the operators cards.

To that end there is an active programme to go to market this year for the Smart Ticketing and Reservations scheme in conjunction with Transport Scotland, but being lead and managed by Calmac.

27th January 2017
The truth about contactless payment apps

Luckily the article did not come from UKCA, it just referred to it.
From the date format it looks as if it came from the US where they haven't got very far with contactless cards.
As you say, almost all the claims are wrong.  They apply better to contactless cards.
Where I disagree with you is the future of smartphones at POS.  Over the internet they will no doubt expand rapidly, but at POS, & particularly in mass transit, customer take-up is more than disappointing, & their future role less certain.