With over 10 million users, the Oyster card system requires a vast technical infrastructure and security to make it viable and practical to use. Customers need to be able to obtain an Oyster Card, top it up with cash, add in season tickets and other travel warrants or set the card to automatically top up from a nominated account. All this is now easily achieved directly through the Oyster website, hosted by Rackspace.
Mention a payment system associated with travel in the South East and you will undoubtedly think of Oyster. The advanced contactless card technology has freed up passengers from queues and unnecessary ticket stops, as passengers simply need to touch in and out at the start and end of a journey on convenient card readers. The card was first issued to the public in July 2003 with a limited range of features and then a phased introduction of further functions. By March 2007 over 10 million Oyster cards had been issued, and more than 80% of all journeys on services run by Transport for London (TfL) used the Oyster card. It has greatly assisted in the dramatic success and revival of all forms of public transport in and around London.
VAST TECHNICAL INFRASTRUCTURE
Clearly such a system requires a vast technical infrastructure and security to make it viable and practical to use. Customers need to be able to obtain an Oyster Card, top it up with cash, add in season tickets and other travel warrants or set the card to automatically top up from a nominated account. All this is now easily achieved directly through the Oyster website. The project that made it happen so smoothly was developed by a 3rd party solutions provider on behalf of TfL.
Aingaran Somaskandarajah is the Technical lead for the team that created and now maintains the secure website.
“We started with a 3rd party supplier in 2003 but transferred control to a dedicated TFL team later in the project. The site was revamped in 2007 with the aim of going Open Source and seeking a reduction in hosting and license costs. One of the key factors for us was the secure hosting of the website.” He added, “Card providers, banks and financial bodies now demand a stringent level of security on all remote transactions and the totally secure storage of transaction data. It was with this in mind that we chose Rackspace® Hosting as our hosting partner for the project. We had already heard of Rackspace’s capabilities through other projects within TfL. Their PCI compliance and Fanatical Support® promise sealed the partnership”.
PCI COMPLIANCE CRITICAL TO SUCCESS
Aingaran said ”Rackspace has provided us with an intensive hosting solution, as well as a huge amount of advice and assistance in gaining full PCI approval for the website. It is probably true to say that without the help from Rackspace we could not have passed the exceptionally stringent PCI audit. Rackspace certainly went above and beyond their remit to ensure that everything was perfect for us.”
The key requirements for PCI accreditation were:
1. Constant monitoring for security threats with an intrusion detection system
2. Network and system scanning for vulnerability
3. Firewall infrastructure to protect cardholder data
4. Monitoring and patching of servers – OS and applications
5. Controls and processes
6. Data Centre Security
7. Quality of systems
Everything on this list was achieved with flying colours and with assistance from Rackspace’s specialist security team. The site is now fully PCI compliant.
2.5 MILLION USERS AND 12 MILLION VISITS
Aingaran went on to say, “This site is hugely popular. Up to 12 million visits per year and over 2.5 million registered users mean that we operate a 24-hour business 365 days of the year. For this you need to have full confidence in your hosting company to deliver 24-hour support at the very highest level. Rackspace offers guarantees of both uptime and response. It would be very difficult to find another hosting partner with the skills, support and accreditation to replace them. Their approach to service is unique. They have always gone above and beyond what is required to ensure that we maintain full uptime. Their rapid response to tickets and procedures is something you do not see very often in a hosting provider, and as such I will and do wholly recommend them as hosting partners.”
GROWTH UNDER CONTROL
The future for Oyster is assured, particularly with the card now extended to incorporate main line train services in the South East. The site has already been expanded to meet the additional load and now 22 servers with full back up and firewall technology are ready for the onslaught. Aingaran summarised, “Rackspace has enabled us to keep pace with this growth and I know I can rely on them for many years to come.”
Brian Thomson, Managing Director, Rackspace Hosting EMEA said,
“I am delighted that Rackspace has been chosen as the hosting partner for Oyster Card. This is something that is at the very heart of the city’s transport infrastructure and as such is critical to the way in which public transport operates. It has been a boon recently now that further mainline services have been incorporated, and I can already envisage the popularity of the card in 2012 when the Olympic Games come to the city”.
Rackspace has the accreditation, knowledge, skills and ability to manage and host high security, transactional websites all over the world. We can assist in ensuring and achieving full compliance with PCI standards and advise clients on appropriate measures and systems to pass the necessary audits. Security of data and the protection of customer information is critical to the success of any transactional site and we are very happy to be at the forefront of this market.
For details of how to travel around London and the South East without queuing for a ticket visit https://oyster.tfl.gov.uk/oyster/. For the hosting of highly secure transactional websites visit www.rackspace.co.uk or call for FREE hosting advice on 0800 988 0100.