Without looking like a glossy magazine, I’m hereby declaring the new found way to pay in our public transportation dead.
Why? Because security is important.
Multiple times delayed, and without a clear introduction date the OV-chipkaart (Public Transportation ChipCard) is becoming a small fiasco.
I can safely admit to the fact it really is a good thought. By eliminating paper cards as payment method, and introducing a tamper-free card which needs no additional checking by humans to detect illegal use of the transportation several advantages will become reality.
For instance: there will be less nuisance due to homeless people using the metro/bus/train as heated and comfortable mobile housing, the revenue of the use will increase due to the fact everyone has to pay the entire fee and money is saved on loans and wages as less personnell is needed.
Theoretically, the OV-chipkaart is great! The practice turns out to be somewhat different.
Lately, a couple of German "hackers" has turned their attention to the RFID-tag that is inside every card, and is used to store the data concerning the credit you have and the possible subscription to travel daily. They discovered that the security of the chip and it’s stored data is terrible and ever since 1883 deprecated.
The key term here is: Security by obscurity.
That should give a big enough hint to see that should not be the solution to do things.
Hiding keys that unlock the encrypted data has been proven to be ineffective by A. Kerkhof back in 1883, and is mysteriously implemented in the current version of the OV-chipkaart; which leads to the inevitable conclusion the card is unsafe and not ready to be rolled out.
The question that should be asked is the following: Why is such an ineffective way of securing the system used, and what should be done to protect the data better?