What are the security risks in Barclaycard OnePulse?

Peter Tomlinson pwt at iosis.co.uk
Wed Jun 17 20:35:14 BST 2009 

Roland Perry wrote:
> In article <4A38FB6E.2050509 at iosis.co.uk>, Peter Tomlinson 
> <pwt at iosis.co.uk> writes
>> I have heard (but not yet seen written evidence) that the London 
>> Organising Committee for the Games has decided to use mag stripe 
>> tickets for travel, to be sent out with your event tickets...
>
> My comments were predicated upon your earlier one that there might be 
> a project to make sure Oyster was rolled out all over London by the 
> Olympics (maybe to show off to those damn furriners). It wouldn't make 
> any sense to do that, then issue the bundled tickets on paper!!
Indeed, and that was because I knew of some public sector aspirations to 
show off. A kludge would have worked for a one-off event, because the 
fraudsters would not have time to work out how to defeat it, and a smoke 
and mirrors job tends to fool journalists (and politicians). Or do we 
have the journos that we have because we have the politicos that we have?
>
> My reaction was to say that if they are "almost" ready, then a few 
> kludges for those particular Oyster cards would be sufficient. For 
> example, even if they are in fact a return ticket from (say) Reading 
> to Stratford via Paddington and St Pancras, accept them *as if* they 
> were an all-zones travelcard - and thus valid "everywhere". The people 
> concerned, having paid through the nose, will be watching the games in 
> Stratford, not riding round the Circle Line all day.
It was clear that there were pressures to do something for the Olympics 
with an updated Oyster scheme and smart card tickets accepted on rail 
services (reported in some industry newsletters), but Dave Birch of 
Consult Hyperion (who I know has been quite close to the machinations) 
reported a couple of weeks ago in a comment on silicon.com that the ODA 
was not convinced that the technology update could be ready in time (it 
used to be reported that all systems needed to support the Olympics 
should be proven by end 2010, but that has not been heard for a while). 
Typical British public sector mess...

Peter

More information about the ukcrypto mailing list