Given all the number of magnetic swipe cards out there for various things and the recent cases rash of "hack the card" incidents [Oyster card case, many others] there are several lessons-learned here that I think apply to every one of these cases.
- Centralize card-management: For the love of all things good and pure, a centralized card-management system stops a vast majority of these "hack the fare card" issues. Dave and Buster's started doing this when someone figured out that you could simply pick up a game card, load $10 on it, take it home, and magically program another $100 into it (don't ask how I know...) - why hasn't this lesson been learned industry-wide?
- Use strong encryption: This is important - because in order to "dismantle" these cards one first must generally crack the encryption key on them... right? So it would follow that a strong crypto-algorithm (and likely not one that's custom-made... why do people insist on reinventing the wheel?)
- Checksum bits: Like in this CharlieTicket/Card case where the checksum was only 6 bits (2^6 = 64 total combinations) weak checksums are silly. If you only have 6 check bits then one in every 64 tries will be a winner. Like the PDF above-referened suggests... all one has to do is implement 16-bits for checksum (2^16 = 65,536) which will make only 1 in 65,536 cards a winner.
Lesson-learned here, although I suspect we'll still keep seeing this stupidity in the future, is think things through and don't try and take the simple implementation - because you'll be very upset when it gets hacked and it'll be all your own damn fault. As a side note, NXP is at fault for more than one of these gaffs in security... think that through... shouldn't the MBTA be suing NXP?
BTW: *great* editorial piece on this topic here [BorePatch].