On December 9th 2013, NY Waterway sent an email to their customers detailing enhanced ticket security procedures. These enhanced ticket security procedures include pre-boarding ticket checks for both digital and paper tickets. Rest assured that the reason for this additional security measure is not due to any security flaw in the digital ticket system, or any attempt to defraud the digital ticket system. The new security procedures are the result of attempted fraud of monthly paper tickets. A perpetrator with a fake monthly paper ticket was arrested in the Port Imperial / Weehawken terminal and is being criminally prosecuted for this act.
Since launching the NY Waterway mobile ticketing app in January 2012, there have been no known attempts to defraud the digital ticketing system. A simple reason for this, is that Bytemark’s V3 (U.S. Patent No. 8,494,967) mobile tickets are more secure, have greater security elements, and are harder to duplicate than traditional paper tickets. Each ticket displays prominent information about the unique event or trip for which the pass was issued. Other details like when the pass was activated or when it expires are also logged and noted. This allows ticket takers to verify the pass with speed and efficiency. Additionally, each ticket comes with a series of security parameters that can be used to verify the validity of the ticket. To prevent against screenshots being used in place of valid passes there are several animations on each pass that are continuously running while the pass is displayed. Similarly, to prevent videos being accepted as passes each V3 pass can have several interactive elements requiring user input to confirm its validity. This unfortunate event is a prime example of why operators should make the move to digital tickets. Fare evasion is a serious problem for transit agencies across the world and this incident demonstrates how traditional fare collection systems are vulnerable. The Bytemark team works tirelessly to ensure that our technology is secure and resistant to duplication.
Bytemark has a strong commitment to our Users’ security and privacy, including but not limited to user payments, tickets, and personal information. Bytemark’s servers meet the physical security requirements of PCI-compliance Level 1, and Bytemark’s card processing systems are compliant with the PCI Data Security Standard (PCI-DSS), Service Provider Level 2. All card number data is encrypted end-to-end throughout our systems. Bytemark policy requires that any secure or sensitive data is transmitted securely using encryption. We do not sell, trade, or otherwise transfer to outside parties users’ personally identifiable information. This does not include trusted third parties who assist us in conducting our business or servicing you, so long as those parties also agree to keep this information confidential.