More News:

June 17, 2016

Why I goofed putting my SEPTA Key on social media

Cybersecurity SEPTA Key
06162016_SEPTA_Key Jake Blumgart/For PhillyVoice

Jake Blumgart's SEPTA card, with the account number properly manipulated to avoid identification.

Social media rewards posting early and often.

This week, as the first 10,000 SEPTA keys were released to the public, I broadcast my participation across Facebook, Twitter, and Instagram. The public must know about my eagerness’ to see Philly’s mass transit enter the 21st century.

But overzealous sharing was perhaps not the most discreet choice when it comes to my newly obtained passport to transportation. The cards come with a string of numbers across the front, like a credit card, along with a MasterCard emblem. I did not obscure that account number, as most other transportation reporters did in their eager bouts of Instagramming.

Alas, PlanPhilly’s Jim Saksa warned me on Facebook: “These will eventually work like credit cards, so you probably don't want to broadcast your number to the Internet.”

“We are seeing Philadelphia as an early pioneering city – they are leap-frogging over other [transit systems] in implementing smart card technologies." – Randy Vanderhoof, executive director, Smart Card Alliance

Uh oh.

I have a healthy fear of credit card fraud, debit card fraud, and all the other myriad forms of fraud that come with our newfangled personal financial transactions. Had I just compromised the safety of my bank account, my credit score, and my precious new SEPTA key?

According to SEPTA’s public information manager, Andrew Busch, I don’t have to freak out…yet.

During this initial pilot phase of the SEPTA Key, only daily and weekly passes can be uploaded on to the card. (In the next phase, a monthly pass option will be included.) Due to these exceedingly limited options, those who accidentally share their card numbers with everyone on the internet don’t have much to worry about.

But if all goes according to plan – and that’s a big if for this oft-delayed rollout — money will soon be able to be uploaded on to the Key for both rides on SEPTA and everyday purchases at participating retailers. And that’s when I might have to start worrying.

"Because this is an early-adopter launch, if your card is registered you don’t have to worry about replacing it [due to social media indiscretion]," says Busch. “We will get to a time when we definitely would want you to replace it….[When SEPTA Key can be used as] a general purpose wallet for purchases outside of SEPTA, at that point in the rollout that’s when we would want you, even if it was registered, to get in touch with us right away and we would blacklist that card, get it canceled out, and get you a new one.”

All this talk of black listing, registering and financial panic may seem a bit extreme to those who haven’t been keeping up with the eight-year process of bringing a smart card system to Philadelphia commuters. In short, our fair city is trying to leapfrog from having the most antiquated mass transit system in America — and perhaps the world, for who else still uses tokens? — to become one of the most sophisticated.

That is being accomplished by turning SEPTA Key into a fare card AND a bank card. It’s a potentially revolutionary approach that several other cities across the world have taken up. Cities like Mumbai and the Kantō region have successfully implemented such a system. Hong Kong’s Octopus Card began life as a smart mass transit fare card and has since become a ubiquitous payment method.

“We are seeing Philadelphia as an early pioneering city – they are leap-frogging over other [transit systems] in implementing smart card technologies,” says Randy Vanderhoof, executive director of the Smart Card Alliance. “It’s still fairly new for the transportation agencies to open up their payment system to a bank card.”


Chicago’s Ventra smart card debuted in 2014 and it is the closest American equivalent of the SEPTA Key, although its headline-making failures are allegedly part of the reason Philly’s rollout is taking so long. The Ventra also has a debit card function, but it remains unclear how many people actually make use of the function. In both cities, the use of regular bank cards at the turnstiles is either already in practice or soon could be. The spread of this technology is hastened by the widespread usage of the new chip-based and more fraud-resistant credit and debit cards.

But the SEPTA Key’s “Travel Wallet” function is unlikely to be implemented for a long while yet. Everything about Philly’s smart card has taken far longer than it should have. (I first wrote a piece about SEPTA Key in early 2013, noting that it was meant to see widespread use by the end of that year.) For now, simply registering your card at should offer protection enough if you have lost your card or stupidly plastered an image of it all over the internet.

Part of the point of this early-adopter program is that people like me will make foolish errors, notice bugs and suggest improvements. Then SEPTA will be able to fix those things before the great bulk of the ridership starts using them.

“During this extended pilot phase, someone who wasn’t familiar with the card, went out to get it on the first day, and ran into an issue like this, they don’t have to scramble [to fix it],” says Busch. “They don’t have to worry about losing any significant value or having someone use their card to make purchases. Then when we get closer to rolling out the other phases we’ll certainly be highlighting the benefits that come with having this general purpose wallet, and what folks need to make sure they have themselves protected.”

Busch won’t vouchsafe precise dates for these next phases, so perhaps it’ll be another eight years until I have to fret about my promiscuous social media photography.

Just to be safe, I’m just going to get a new card next week.