Seven public transit agencies needed to support live, real-time payment transactions on about 4,000 buses, while keeping end-to-end latency under **500 milliseconds** and avoiding a major expansion of on-board infrastructure. They addressed this by standardizing on a **single integrated device** on each bus: the **Ericsson Cradlepoint R1900**. This device combines: - **5G and multi-carrier cellular connectivity** - **Wi-Fi (including Wi-Fi as WAN)** - **SD-WAN capabilities** - **Security features** - **Support for containerized applications** By consolidating these functions into one platform, the agencies could: - Enable **live payment processing** that consistently met the **sub-500 ms latency** requirement. - Avoid deploying multiple separate boxes for connectivity, security, and applications. - Use **containerized apps and APIs** to integrate payment services and other on-board systems. This approach let them comply with the mandate while keeping installations and ongoing maintenance more manageable and cost-effective.

To protect live payment data and support **PCI DSS** compliance, the agencies implemented a **zero-trust based WAN** using **Ericsson NetCloud Secure Connect**. Key elements of the security approach include: - **Zero-trust architecture**: Every connection is authenticated and authorized, reducing reliance on traditional perimeter-based security. - **Encrypted connectivity** for sensitive payment traffic across cellular and Wi-Fi links. - **Elimination of complex VPNs and private APNs**: NetCloud Secure Connect replaces these with a simpler, policy-driven secure overlay. - **Centralized policy management**: Security and SD-WAN policies are defined once and automatically applied to all routers. In addition, the solution supports **very low-touch / zero-touch deployments**: - When a router is installed, it can **automatically update its software**, **pull its configuration**, and **inherit zero-trust and SD-WAN policies**. Together, these capabilities help the agencies protect cardholder data in motion, align with **PCI DSS** requirements, and reduce the operational overhead of managing secure connectivity across thousands of vehicles.

The agencies needed to support several on-board services at the same time—such as **Computer-Aided Dispatch (CAD)**, **Automatic Vehicle Location (AVL)**, **DVR cameras**, and **Wi-Fi as WAN**—without compromising payment performance. They used **NetCloud SD-WAN** together with the **R1900 routers** to achieve this: 1. **Multi-carrier resiliency and coverage visibility** - Each R1900 includes **dual cellular modems**, enabling **redundant carrier connections** (for example, Carrier A and Carrier B). - **Coverage mapping** provides **route-level visibility** into the quality of each carrier’s coverage. - The system can **select carriers based on signal quality**, improving uptime and consistency for critical applications. 2. **Application-aware traffic steering** - **Application-based traffic steering** prioritizes **payment transactions** and **operational traffic** (like CAD and AVL) on the **highest-quality link**. - Less time-sensitive or bandwidth-heavy traffic, such as **video offload from cameras**, is steered to **Wi-Fi as WAN** when available. - **Forward Error Correction (FEC)** helps mitigate packet loss, improving the quality of experience for real-time applications. 3. **Automated asset tracking and flexible deployment** - On-board **SDK-based applications** provide **automated asset tracking** for each bus, so operators no longer need to manually track which systems are installed where. - The solution can be delivered **on-premises or from the cloud**, depending on each agency’s operational and regulatory requirements. This combination lets agencies run multiple critical services over the same integrated platform, maintain **high availability**, and keep payment and operational traffic performing reliably across their fleets.