Transit Payment System Security

Publication Date: August 2008

• Click here to download the white paper
• Click here for information about the Smart Card Alliance Transportation Council

Transit agencies worldwide have implemented automatic fare collection (AFC) systems that use contactless smart card technology for transit-issued fare media. These systems are popular since they deliver fast, easy access to riders and reduced operating costs and improved efficiencies to transit operators.

Recently, questions about the security of these systems arose when researchers reverse engineered one contactless chip product–the MIFARE Classic product–that is used in many transit AFC systems. The Transportation Council of the Smart Card Alliance prepared this white paper to discuss this research and to outline the approaches that the transit industry uses throughout its payment systems to ensure the security of transactions and data.

The MIFARE Classic product was introduced over 10 years ago as one of the original contactless integrated circuit (IC) products and used encryption and design strategies consistent with the time of development. Since then and since the completion of the ISO/IEC 14443 contactless smart card standard, multiple vendors introduced a variety of contactless IC products. Many of these products incorporate more modern and sophisticated designs and are used in global transit projects and other applications. These newer products have not been exposed to the recently announced breach.

Security is a core element of any payment or access system; a properly-designed system is not dependent on the security of any single component. No single security mechanism provides complete security and, indeed, complete security does not exist. The objective in any secure system design must be to implement the appropriate security measures to address the expected risks and threats to the system. The result should be that the time and effort required to compromise a system is greater than the gain to the organization or individual attempting the compromise.

Transit payment systems have traditionally been designed with multiple layers of security to prevent, detect and react to fraud. While the recent MIFARE Classic security breach may compromise security at the card-level, other security measures used in the transit payment system should limit the exposure that transit agencies have to possible criminal attacks. Transit agencies should work with their systems integrators to review their system security design and practices and understand the security measures that are in place to mitigate risk to the system.

This white paper explores typical system-level security mechanisms that are used to prevent, detect and react to fraud in public transportation fare collection systems that use transit-issued fare media, thus mitigating the risk of tampering at the card level. As discussed in this white paper, the careful application of contactless IC products and sound system architectural infrastructure, along with proactive strategies and approaches to analyze and oversee operations, will provide transit agencies with confidence in the integrity of their fare collection systems.

About this White Paper

This report was developed by the Smart Card Alliance Transportation Council for transit industry management to outline the approaches that the transit industry uses throughout payment systems to ensure the security of transactions and data and to discuss recent research on one contactless chip product that is used in many transit AFC systems.

About the Smart Card Alliance Transportation Council

The Transportation Council is one of several Smart Card Alliance Technology and Industry Councils, focused groups within the overall structure of the Alliance. These councils have been created to foster increased industry collaboration within a specified industry or market segment and produce tangible results, speeding smart card adoption and industry growth.

The Transportation Council is focused on promoting the adoption of interoperable contactless smart card payment systems for transit and other transportation services. Formed in association with the American Public Transportation Association (APTA), the Council is engaged in projects that support applications of smart card use. The overall goal of the Transportation Council is to help accelerate the deployment of standards-based smart card payment programs within the transportation industry.

The Transportation Council includes participants from across the smart card and transportation industry and is managed by a steering committee that includes a broad spectrum of industry leaders.

Transportation Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects. Additional information about the Transportation Council can be found at http://www.smartcardalliance.org/pages/activities-councils-transportation.