Public transit systems have been implementing tap-and-go payment systems for years, and many riders have been concerned about the security of these systems. These concerns were validated in August when it was revealed that the ability to check trip history could be used by almost anyone to track specific riders’ location patterns. This raised a number of privacy and security issues, particularly in light of the fact that public transit systems increasingly make it difficult for riders to opt out of having their sensitive data collected.
Brendan Saltaformaggio, an associate professor specializing in cybersecurity at the Georgia Institute of Technology, warns that public transit systems are stepping into a dangerous cybersecurity minefield. The data collected by these systems includes payment information, location data, and trip patterns, which can all be linked to individual riders. While transit agencies claim to use this data to understand how riders use their services and make improvements, there is also the potential for these agencies to sell user data to outside parties, or for the data to be compromised in a breach.
Furthermore, the infrastructure in place to protect this sensitive data is often not secure enough to prevent breaches. Most ransomware gangs are motivated by money, and while they may hold public transit agencies’ data hostage, the real threat comes from the potential exposure of riders’ personal information.
The measures taken by individual public transit agencies to protect sensitive information varies widely, and there is a lack of consistent federal regulation in place to guide these efforts. This lack of regulation has led to a situation in which agencies across the country are not adequately protecting riders’ data, leaving it vulnerable to potential breaches and unauthorized access.
Moreover, the push towards digitizing public transit payments presents additional challenges for riders who wish to maintain their privacy. Cash is still a common form of payment for public transit, and many riders may opt to use it to avoid having their information collected. However, agencies are increasingly incentivizing riders to use digital payment methods by offering perks and discounts, making it more difficult for those who wish to pay with cash to access the same benefits.
As the push toward digital payments continues, riders who prefer to pay with cash are faced with additional burdens, such as having to go to third-party locations to purchase special cards and reload them with cash. This can be inconvenient and adds extra costs for riders, particularly those who rely on cash due to limited access to banking.
In light of these challenges, experts emphasize the need for federal regulation to guide public transit agencies in the collection and use of riders’ data. Until such regulation is put in place, riders will continue to exchange their personal information for marginal convenience gains, without the ability to opt out of having their data collected and potentially exploited.
In conclusion, the growing concerns about the security and privacy of public transit systems highlight the urgent need for comprehensive federal regulation to protect riders’ sensitive data. As public transit agencies continue to implement tap-and-go systems and other digital payment methods, it is essential that measures are put in place to safeguard riders’ personal information and provide them with the ability to maintain their privacy while using public transportation.