The MaaS movement and fraud


Why authorities and providers should consider fraud risk in their integrated digital transport service platforms

From the growth of micro-mobility solutions, such as e-bikes and e-scooters, to the rise in car-sharing platforms and services, urbanites have plenty of choice when getting around their cities. Yet, finding the most suitable transport means, be it public transport, taxi, car rental, or even e-bike, is not always straightforward. The concept of Mobility-as-a-Service offers a solution that puts the traveller and their personal preferences, such as cost, time, comfort, and convenience at the centre.

Mobility-as-a-Service (MaaS) is a term used to describe digital transport service platforms that integrate end-to-end trip planning, booking, ticketing, and payment across all modes of transportation. In other words, MaaS brings all modes of transport, public or private, together into one intuitive mobile app where travel planning and payment is easy and instant. In the long run, MaaS has the potential to transform relatively inflexible and unconnected transport systems into one convenient service that can meet an individual's mobility needs.

The MaaS initiative was first pioneered in Finland's capital in 2016 and has grown rapidly since. The MaaS market was valued at $182.12 billion in 2018 and is projected to reach $210.44 billion by 2026.[1]In the UK, the Solent region is developing a multi-city MaaS application "Breeze" and following a successful pilot, Transport for West Midlands is soon to launch a similar MaaS solution.

In theory, MaaS has great promise to improve accessibility, affordability and sustainability in transportation networks. However, with digitisation and novel technology comes the risk of fraud and misuse. The mobility sector is no different; consumers and operators alike fear the attractiveness of this movement to potential fraudsters. Trowers & Hamlins have considered the fraud threat landscape for public and private sector organisations participating in the MaaS movement and have identified the following risk areas:


1. Identity Fraud


A digital identity is crucial to the success of MaaS applications. To protect against fraud and misuse operators need to know and trust their customers and who they claim to be. Attackers may use fake or stolen identities to create accounts and pay for transport services.

Identity is a particularly important consideration for MaaS operators who are ultimately responsible for ensuring users can demonstrate that they can legitimately operate services that require a driver's licences or have an age limit, such as e-scooters. Sophisticated fraudsters may make use of fraudulent driver's licences or deepfake technology to challenge even the more advanced ID verification processes.

Operators should consider their customer on-boarding processes and explore all possible e-KYC (electronic know your client) solutions to ensure their users are really who they say they are.

2. Ticketing and Payment Fraud

One of the great benefits of MaaS is that it integrates payment across different modes of transport. Instead of having to make separate payments for different types of tickets such as rail, bus and scooter this can be done in one place at the best price. Currently, most MaaS applications operate on a pre-pay subscription or post-use payment model.

A weakness in this system has already been recognised. Fraudsters have taken advantage of the post-payment feature and created accounts and registered payment cards credited with nominal amounts. This means that at the end of the journey when payment is due, operators cannot quickly and easily receive payment of the full ticket price since the card registered to the account deliberately has insufficient funds.

It is important that operators implement effective fraud detection systems to monitor transactions and flag suspicious patterns, this could include the use of AI tools.

3. Refund and Compensation Fraud

MaaS is an innovative movement but remains as equally at risk to traditional refund and compensation fraud as regular travel operators. Refund and compensation fraud is where passengers dishonestly claim refunds for unused tickets or compensation for delays.

Once more, this highlights the importance of thorough customer verification processes. For example, operators could invest in technology to identify the particular device accounts have been made on, or recognise accounts that use similar credentials. These accounts can then be flagged as suspicious or banned if they have made a disproportionate or unusual number of refund or compensation claims.

4. Data and Cybersecurity

Data is a valuable commodity and a key asset that enables competitive advantage and is therefore attractive to fraudsters. At the heart of any MaaS partnership is data-sharing. For any multi-modal MaaS application to work platform providers need to be able to access data from participating providers to increase the functionality of their apps by offering users tailored information on service availability, timetable data, payment methods, reservation details and disruption data.

The free flow of data between operators should be encouraged so service providers can best tailor their services to the traveller, however, robust agreements on data sharing must be in place to mitigate leakage. Likewise, operators should conduct regular audits of their data policies and processes to identify and address any potential vulnerabilities in their own data handling systems and protocol. All of this should be considered from the outset, and factored into the procurement of the solution, making clear what the minimum security requirements should be, as well as actively encouraging solutions to fraud concerns in any tender responses. Data-sharing is one area addressed in the Department for Transport's Consultation on Mobility as a Service Code of Practice[2] and is expected to be a significant focus in the upcoming Code of Practice.

MaaS is driven by a desire for seamless and convenient transport services and a laborious and bureaucratic on-boarding process to access to the app clashes with the movement's mission. However, the fraud risks identified have the potential to undermine the projected profitability for operators embracing the MaaS movement. Ultimately, there is a balancing act between accessibility and security to enable service providers and operators to unlock the benefits of MaaS, which if achieved successfully, could change the way in which we travel for the better.


High Court refuses permission for ClientEarth to bring derivative action on behalf of Shell plc against its directors


Covid-19 Inquiry – WhatsApp-ening to Boris Johnson's messages?


Covid-19 Inquiry – 3 new investigations announced


Ali v Chief Constable of Bedfordshire Police – how to incorporate privacy requirements into safeguarding referrals


Webinar – Clause and Effect: a Litigator's Guide to Commercial Contracts


Cyber Security Breaches 2023