Home page
  TRANSIT     SMART BANKCARDS     CLEARINGHOUSE     ANTI-FRAUD METHODS
Industry
Corporate
Products
Transit
Contact Us

Negative List Fraud Prevention

How does a gate or bus validator check whether a rider's card is valid? Checking the card number against a list of known bad numbers is standard but that usually has to be done online. A much faster solution is to have a local copy of the negative list at the terminal. The patented negative list fraud prevention technology works as follows: a local computer in each terminal compares a rider's smart card number to a list of invalid credit card numbers, updated daily or more often, and permits or restricts access based on this list. (All the card numbers are, of course, encrypted.) This local negative list technology is the best anti-fraud system available.

The whole authorization process is automated. The clearinghouse receives updated negative lists from financial institutions on a daily basis and uploads that to each agency's central server. From the central server, all station servers receive the updated negative list and relay it to terminals at the gates or bus validators. If a card number is on the negative list, that transaction is not authorized.

 

Positive List Fraud Prevention

Another technique for checking a rider's card is the positive list. The computer in each terminal compares a rider's card number to a list of known valid card numbers, updated daily or more often, and permits or restricts access based on this list. (All the card numbers are, of course, encrypted.)

This local positive list technology usually requires that the riders pre-register their cards for transit use but this is not necessary if the transit agency accepts the risk of one bad transaction in order to verify a valid card. After the first fare is collected, the card is presumed good and added to the positive list.

 

Other Techniques for Fraud Prevention

Did you know that you can program a smart card to mimic a bankcard but change its number every time it's used? This technique beats the negative list method. However, if the terminal queries the card with trick questions, it can detect such a card and refuse it. This is an example of heuristic security.

Other methods of heuristic security depend on frequent uploads of data from the central system. Examples include testing for a card used in geographically disparate locations at or near the same time or testing for too many transactions on the same card in the same day (a "velocity check.") Even if this is impractical in the field, it can be accomplished by the central system before sending transactions to the bankcard network for clearing.