Cubic is working with transit authorities to bring the company’s payment app to Chicago and other jurisdictions. The Cubic Payment Application (CPA 3.0) works by consolidating credit and debit card processing and number storage into a single, secure environment, acting as the payment gateway for transit customer banks to authorize payment transactions.
“CPA is a general purpose payment gateway that interfaces with acquiring banks by following the ISO-8583 standard and going through formal certification with each bank that it supports,” explains Janet Koenig, engineering director at Cubic Transportation Systems. “However, CPA is unique in its ability to support transportation-specific rules such as the use of transaction aggregation and EMV.”
In an announcement earlier this month, CPA 3.0 attained PCI DSS standard for Payment Applications (PA-DSS v2.0) validation. Leveraging secure communications and data encryption techniques, the Cubic Payment Application conducts secure transmission, storage and processing of credit and debit transactions.
How it works
CPA 3.0 “tokenizes” credit card information, securely stores and encrypts the information and returns a non-PCI-sensitive token that can be used by the rest of the system to conduct transactions.
“Both attended point of sale devices and unattended ticket vending machines can interface with CPA to process credit and debit transactions, as well as Customer Relationship Management software and e-commerce applications such as self-service ticketing websites that need to accept credit cards,” explains Koenig.
The solution also enables customers to tether a bank card to their transit account. “CPA provides secure storage of credit card information for card-on-file transactions such as auto-loading an account when the balance dips below a threshold amount,” says Koenig.
Location, location, location…
Following its certification, Cubic is now working to implement its payment app in some of the country’s largest transit systems. “We are in discussions with Los Angeles regarding CPA for processing fare product sales from ticket vending machines and point-of-sale devices, for recurring auto-loads, and for supporting self-service ticketing websites,” reveals Koenig.
While the Los Angeles deployment will look to leverage a closed-loop payment solution, the initiative in Chicago will also support open-loop payments. “In Chicago, CPA will also support ‘Pay-as-you-go’ (PAYG) which enables customers to use their own personal contactless credit card for entry at a gate or on a bus,” explains Koenig. “This CPA deployment will be hosted by Cubic in a PCI-compliant environment.”
Though its primary focus remains fare collection, Cubic’s payment app is a versatile solution whose future, could see deployment in more than just transit. “As a general purpose payment gateway, CPA could definitely be used beyond transit,” explains Koenig. “Our priority right now, however, is to enable our transportation customers to safely and securely accept credit and debit cards, in compliance with PCI DSS requirements, in the most cost effective and secure manner possible.”
CPA is currently in use by a variety of Cubic customers including Miami, Atlanta, PATCO (New Jersey), Chicago, Minneapolis and San Francisco, says Koenig. London and Vancouver are on track to deploy the application as well.