Electronic cash or ECash in the form of a stored value on a card has been discussed in professional sports for many years. The benefits of faster service without cash handling have always been the obvious attractions. However, it remains a ‘slow-burn’ issue in the sector, primarily due to the confusion over how it can be implemented and several myths about the security requirements.
In this paper we examine the background to the technology, the difference between ECash in a closed loop scenario as opposed to the public domain and finally, how it can be relatively easily implemented within a stadium or closed-loop environment.
The History of Ecash
The purpose of Ecash is to replace physical money as a method of payment. This eliminates the physical handing and security issues of cash and will speed up the service aspect of transaction times. This is particularly attractive in sports stadia where there are limited time-spans to sell goods, at half-time for example.
The second positive aspect is the advance payment treasury of the unspent value stored on the cards. This value is often held by the operating party or stadium owners in ‘escrow.’ This could be a significant amount earning interest, albeit that interest rates are currently derisory.
The most fundamental aspect of ECash that must be understood by those investigating its use relates to an understanding of the environment in which it is used. There are two primary categories, Public Domain and Closed Loop.
Differences between Public Domain & Closed Loop
In the public domain, transactions can happen anywhere and are anonymous; therefore the operational integrity of the ECash solution is totally reliant upon the embedded processes surrounding the use of the card. This requires a high level of security, usually delivered on a smart card, with further public key encryption to satisfy the banking protocols/regulations to minimise fraud.
In a closed loop environment such as a sports stadium, almost all of the users of ECash are registered as members or season ticketholders, limited to using the card within the confines of the stadium. Therefore the same security required for public domain deployments are not as relevant for the stadium environment.
Public Domain ECash
This has been led primarily by the banking sector as a way in which they could eliminate costly small-value credit card and cash transactions, often referred to micro transactions. As with cash, the intent is that public domain transactions remain anonymous but secure. This led to the use of smart cards with complex embedded security using public key encryption standards such as RSA and DES.
Before long, inter-bank committees were formed with the regulatory authorities to implement acceptable standards internationally. The result of this overzealous obsession with security rendered most public domain initiatives either unworkable, uneconomic, or both. The banking sector is littered with costly examples of poorly delivered ECash – ‘camels that should have been racehorses’.
Despite the fact that after 25 years there are no successful ECash deployments in the public domain, the standards and security debate continues. Unfortunately the debate has overflowed into the closed loop environment and some suppliers have exploited the lack of knowledge on the subject in sport, creating myths and disinformation about smart cards, encryption and security, most of which is irrelevant in the stadium environment.
To this day the debate goes on (and on) about security standards for ECash, however for stadia where individuals are known through their membership and transactions limited to on-site, the options are thankfully a lot easier than for public domain systems.
Closed Loop / Stadium ECash
Closed loop ECash has effectively been deployed in schools, corporate canteens and golf clubs for years, often referred to as being ‘account-based.’ The level of fraud is minimal and the systems operate efficiently.
As already mentioned, in a sports stadium, all cardholders and potential users of ECash are registered as members or season ticketholders that are limited to using the card within the confines of the stadium. Therefore, all spend and load transactions are traceable and all parties involved are known. These facts alone diminish the level of security required and can be used to ‘de-bunk’ some of the misleading information presented on this subject that are most often used to justify higher associated costs.
For closed loop ECash, cardholders will have an account that can be topped-up using normal methods of payment by phone, internet or in person at the club using an approved EFT gateway. It is the top-up or load transaction where fraud is most likely to be perpetrated. Security concerns are effectively met by the PCI compliance of the payment gateway which should more than satisfy the requirements of a closed loop system.
When the cardholder wishes to use their pre-paid ECash in the stadium, their card ID is read at the point-of-sale, the system goes online to verify their balance, the transaction is approved and their balance is updated after the transaction. If the system goes offline, revert to cash – it’s that simple!
With TeamCard, ECash can be further enhanced by using points on the ECash account to buy goods. In other words ECash spending value can be pre-loaded by top-up or earned by loyalty activity. The security requirements are met by the already established secure transaction process embedded in TeamCard.
TeamCard has in the past introduced further customer enhancement such as ‘under-swing’, i.e. if the client hasn’t got quite enough credit on their account for a purchase, rather than leave the queue, or use cash, as they are known to the system, they can use a limited credit balance (in the range of £10) to under-swing. This feature maintains service flows and efficiency during the limited service period at half-time. The under-swing value is recovered at their next top-up transaction.
Conclusions
Security is often over-stated to address a commercial agenda when ECash is discussed. As demonstrated above it does not need to be complicated in the stadium environment. Local Account ECash is proven to work. It is efficient and uses existing infrastructure.
The expensive public domain solutions should be left within the banking sector. Their complexity serves no useful purpose in the stadium environment.