[Gllug] Oyster cards vulnerable?

Nix nix at esperi.org.uk
Sat Jan 26 02:28:28 UTC 2008 

On 25 Jan 2008, Daniel P. Berrange outgrape:

> On Fri, Jan 25, 2008 at 11:24:39PM +0000, Richard Jones wrote:
>> There has to be some reason why paper tickets suddenly became so
>> expensive.  It's not because paper itself is more expensive than the
>> fancy cards.  It can't be because of the cost of hauling cash around
>> (people still pay for their Oyster top-ups using cash).
>
> They delibrately made the paper tickets more expensive to "force"
> people to switch to Oyster so they could then track you ;-)

There was another very important reason: it hugely improves flow around
ticket barriers if most people use Oyster, because it takes a fraction
of the time to validate the card as it does to feed a ticket through.
(Normally about a fifth as long.)

That's a *very* significant change when you're talking the volumes major
London Underground stations process.

Remember the constant huge queues at rush hour at the Kings Cross
Underground entrance? It used to take five minutes to get to the gates,
and they'd often just throw them open to speed things up. That's not
needed at all anymore.

(disclaimer: an old family friend was involved with the implementation
of Oyster and is now doing something similar in Leeds, so I have quite a
bit of inside scoop... and yes, he *did* moan about the underlying card
tech and its sucky proprietary encryption, but that was an irrevocable
management decision, and as stupid as such decisions usually are...)

(IIRC there are balances stored both on the card and centrally: the card
balance is checked against the central one every so often and the card
deactivated until manually checked if something suspicious seems to be
going on, like, say, a card going from 4.50 to 3.00 twice in a row
without ever being incremented in the middle.  I think the fixed
Oyster-card readers are permanently connected and the on-card and
central balances reconciled frequently, but the ones in buses are not:
last I heard they connected at the end of the day only. The card
deactivation only takes effect once you use the card on a
permanently-connected card reader, so if you *do* clone a card you can
use the clones on the buses for as long as you like.)

-- 
`The rest is a tale of post and counter-post.' --- Ian Rawlings
                                                   describes USENET
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list