On 30 May, 08:24, Steve wrote:
I would expect the basic level of security is that if the "same" card is
used a distance apart at the same time then that id is blocked, this
couldn't really be realtime and would need to be done overnight. They
could have put more security in the datablock regarding the id, but I doubt
it, better to put it around the travel cards and the cash amount.

I suspect the pay as you go side would be most attractive to
criminals. They could just buy the cards as normal from ticket
offices, hack them and just put whatever amount of money they felt
like on the cards then sold them at much less than face value they
could make quite a few quid. Thinking about it, monthly or yearly
cards would probably be nice little earners too.

This will be hacked eventually, but the hard part is not getting caught.
Duplicates and cards with false cash/travelcards will be easy to spot, and

Duplicates you could spot , not sure how you'd spot the fake balance
or period unless the gate communicates with a database containing that
info for every ticket which I don't think it does. However even
duplicate id issues could be bypassed if you could update its software
- just use a rolling id system. Each time the card is used it rolls
over to another (hopefully valid) id. So if the gate won't let you out
first time just keep trying.

B2003