Transport for London 2FA
Transport for London (TfL) has set up Two Factor Authentication (2FA) on their Oyster Card website which means no more access for me. I will explain.
What is the Oyster Card
Like other transport systems, TfL has the Oyster Card, a credit card size payment system to ride on the London Underground network. More here.
Why I Prefer To Use Oyster Online
London is a completely crazy city with rude and impatient people trying to get from one place to another with the least possible barriers. Loading up an Oyster Card via the TfL website or app, or setting up auto-reloads means one doesn’t have to wait to use a machine and can do that from anywhere with an internet connection. The modern world is interconnected and about reducing workflows in getting things done. I have enjoyed setting these things up from here in Canada prior to making a trip home.
Having a record of transactions from the Oyster Card account is great for submitting backup information for tax returns and per deim.
How The TfL Update Affects Me and Others
This was the announcement from TfL regarding their new 2FA setup. So this means, if your IP address is outside of Europe you will no longer be able to login to your Oyster account. Their setup in Cloudflare has also blocked VPNs from accessing the site as well.
So for me, this means:
- I can no longer access my Oyster Card account
- I cannot review my balance
- I cannot view or change any of my details; address, credit card, notifications etc
Even If I’m back in the UK I can’t use their site/app because I have a Canadian mobile.
So, I am sent back in time before the Oyster Card website was created and will have to resort to doing everything manually; lining up in a busy tube ticket hall in a more complex workflow.
Comments
London is the only city that has created this restriction, as far as I’m aware. Even though I’m a UK citizen and voter I’m now, in TfL’s eyes, a “visitor”, a bit of a condescending blow really. If they had set up the 2FA using an authentication app that would have been better than text SMS only service. It’s a matter of accessibility vs security vs ensuring London is open for business from all corners of the world. The more barriers that are created the less likely I’m open to doing business with people.
There really is no point in having a login account with Oyster anymore so I will reach out to them to delete/deactivate it.
In addition to the above, contacting customer service at TfL presented some barriers. I can’t reach an 0343 number from Canada and their online form wouldn’t accept Canadian telephone numbers, and their social media team “didn’t have access” to answer my question. So, it’s pretty frustrating.
I shall update this blog entry should I receive a response from TfL.
UPDATE as of 11th January 2023
The Good – they respond quickly despite their target being 10 days. A 10-day turnaround for customer service requests is dire in 2023 but pleased this is not the case with them.
The Bad – everything else.
Trying to get them to delete my online Oyster account is impossible. So much back and forth with zero results. They never read what has been written to them. They are not thinking that London is an international city. The customer service process for international customers is too difficult. They close a ticket without taking any action. The social media team don’t have access to account information and is useless at those issues.
I had a customer service request about 4 years ago and experienced the same back and forth then, so there really hasn’t been much progress within the organisation.
The story continues…
UPDATE as of 12th January 2023
The TfL social media team advised me to write to a particular email address, this generated another ticket. Now 2 tickets on the go, one of which TfL closed without taking any action.
I was getting so fed up with TfL so I decided to bite the bullet and make an international call to them. I was less than happy. Despite going through their long tedious call centre workflow the rep answered fairly quickly. He then couldn’t find my Oyster Card on the system, despite a previous rep finding it ok, and took some back & forth to get to it. Gave him details to refund the Oyster Cards on the system. I asked him to delete my Oyster account which he said would happen within 28 days. Due to the gong show of poor customer service, I asked for written confirmation of the deletion which he refused to do, only verbally.
Hopefully, this resolves everything but the whole issue of denying access to those travelling or based overseas is contrary to London being an “international” city and “open for business”. It’s not good in my opinion.
UPDATE as of 13th January 2023
I thought yesterday was the end of the story and I wouldn’t hear from them again. However, for some reason their system keep generating new issue tickets, I’ve now got 5 of them that are open. There is no correspondence attached to them, just acknowledgments of different ticket reference numbers. I have no idea what is going on with these people but will wait to see how things turn out. It’s quite laughable really.
UPDATE as of 16th January 2023
I received the refund they promised to my bank account, I consider that a minor miracle. However, they still have a number of tickets open against my name so who knows what is going to happen to them.
UPDATE as of 23rd January 2023
I received a lengthy form email from them to notify me that they had deleted my account. However, it looks as though it won’t be a complete GDPR “right to be forgotten” action as they said they would keep certain things on file about me and continue to send me emails. I specifically ask them not to send me certain messages so not sure if that will happen, we shall see.