Is this the same system used by Boston MBTA? I was surprised to see single-use tap cards when I visited there for the first time yesterday. I wondered why the ticket isn't reloadable.
Most people who live in Boston use the reloadable CharlieCard (https://www.mbta.com/fares/charliecard) - these report as Mifare Classic 1k, which is a similar chip
There are single-use fares as well, the "CharlieTicket" that you might've encountered.
Yeah I figured but you can't buy a charliecard online to load into your smartphone wallet, and I only needed it the once, and since it took more than an hour to get to Cambridge due to some combination of circus acts I used Blue bikes for the remainder of the day.
Ah yes, it's not quite there, but almost. Contactless payment directly at the turnstile is coming to Boston MBTA this year, I believe. Like how NYC works now, where you can just use your credit card for entry.
This is the London system we’ve had for a decade, it was licensed to other areas a few years ago.
I found myself in Paris having to cross the other day and forgot how terrible the old way of buying tickets was, amazed that it’s still the norm in so many cities
Single tap cards are usually just used with their "hardwired" chip serial number. That is stored in a central system which invalidates the number once you used it. This makes it rather easy (even if its environmentally unfriendly) to issue these cards: load a number of cards into your machine, register the serial number and invalidate it when used.
That's no longer the case: Many of the newer single-use ticket ICs (including the MIFARE Ultralight one mentioned in the article) actually support data storage and (very) basic cloning protection.
While it is possible to use advanced features from newer chips, I know more than one actual system where they just use the serial number, even when rolling out more advanced Mifare based cards. So your "that's no longer the case" is a bit too general/optimistic IMO.
And sure, simply using the serial number might pose a security risk depending on the application, but that rarely stops implementors to implement such schemes. More often than not do people believe in security by obscurity, sigh. For a simply ticket system the serial number should be secure enought as it is a use-once application.
That the chips support data storage doesn't mean that that feature is used. There are systems that use MIFARE Ultralight cards for the UID alone just because they are cheap and easily sourced.
