Ed Felten has described some interesting and somewhat simplistic flaws in a Dutch smartcard
based transportation payment system.

Among other foolishness, the designers used a custom cryptosystem and 48 bit keys.

The fundamental security problem with the disposable Ultralight card is that it doesn’t use cryptography, so the card cannot keep any secrets from an attacker. An attacker who can read a card (e.g., by using standard equipment to emulate a card reader) can know exactly what information is stored on the card, and therefore can make another device that will behave identically to the card. Except, of course, that the attacker’s device can always return itself to the “fully funded” state. Roel Verdult of Raboud University implemented this “cloning” attack and demonstrated it on Dutch television, leading to the recent uproar.

The Dutch have only invested $2 billion so far for this amazing system that accidentally gives away rides for free.

More detail on the hacks can be found in a presentation by Karsten Nohl and Henryk Plötz called “Mifare: Little Security, Despite Obscurity“, hosted by the 24th Chaos Communication Congress.