What are the security risks in Barclaycard OnePulse?

Peter Tomlinson pwt at iosis.co.uk
Tue Jun 9 07:07:50 BST 2009 

Roland Perry wrote:
>
> Waived :) You wave the card!
Sometimes I feel as if I'm not waving but drowning...
>
> They [DfT] should bite the bullet and have something that works during 
> the games, even if it's a kludge. After all, almost everyone heading 
> for the venues will have paid [for an entrance ticket and bundled 
> travel], so do they really need to prove it?
Given the kludge for the bus passes (no programme to securely verify 
them in use, or report use, by rolling out the technology other than in 
some isolated schemes), that is what some of us now expect they will try 
to implement for the Games, including smart media across the rail 
network as well as in the London area - but a DfT consultation on 
'ticketing strategy' for public transport (including full rollout ideas 
for electronic ticketing) is now expected in July, with a 3 month 
consultation period.
>
> Two examples from today - they've recently [last week] installed 
> barriers at St Pancras mainline and I accidentally used the wrong 
> ticket, which proved all they are apparently doing [at the moment] is 
> making sure each passenger has a ticket, not a valid ticket.
Currently heavy rail has a well developed method for organising and 
reporting ticket sales, but ticket checking does not do much and does 
not report the journeys actually taken. A 2005/6 DfT Chief Scientific 
Adviser's Unit research contract looked at making better use of journey 
data [1] and should (it was in the brief) have looked at new methods of 
collecting it but totally failed to do that (after 4 months of trying, 
last week I finally got a copy of the study report).
>
> And arriving in Nottingham the bus home had a defective smartcard 
> reader/ticket machine, so the driver was taking "donations" and 
> waiving anyone with something that looked like a smartcard or a bus 
> pass. A less pragmatic alternative would have been to take the bus out 
> of service.
Bring back the clippy. (The Nottingham scheme is I think still the 
original homebrew scheme, not national spec technology - if that is 
indeed the case, it cannot verify the national spec bus passes.)

Peter

[1] http://www.dft.gov.uk/rmd/project.asp?intProjectID=12077 'Detailed 
tracking of rail passenger journeys' - contract was given to AEA 
Technology Rail, now Delta Rail

More information about the ukcrypto mailing list