How does TfL's Oyster card work?

Oyster has usurped physical tickets and cash in London, but what's the technology behind Transport for London's iconic card?

Advertisement

Its been 15 years since Londoners first got their hands on the Oyster Card, the travel card that's now synonymous with wallets across the capital. The piece below, originally written in 2016, explains exactly what makes your little blue friend tick.

Beep. The gates clunk open. The Oyster card has become synonymous with London transport, but, for most of us, it’s nothing more than another card in the wallet. It’s technology reduced to nothing but two noises: a happy beep or an angry blip. Inside that slip of blue plastic, however, there’s more than just a dumb microchip.

How does it work?

At its most basic, an Oyster card works with radio-frequency identification (RFID) technology, which is the same technology used by NFC in smartphones. Place an Oyster card near a suitable RFID reader, and an electromagnetic field is created between the reader and the chip in your Oyster card. This allows data to be transferred from the reader to your card, indicating that you’ve either started or finished a leg of your journey. The Oyster card receives data, and the reader records the card’s unique user ID, so you can think of it rather like a paper ticket being stamped.

You’ll need to hold it a bit closer to the reader, Boris.

The clever bit is that there’s no power source in the Oyster card itself – when it’s close enough to the card reader, the reader sends energy to the card via radio waves, generating power via a phenomenon known as electromagnetic induction. This powers up the microchip in the Oyster card long enough to let the reader access the data stored inside, allowing it to check whether the card contains a valid Travelcard or enough pay-as-you-go balance for the journey, and then write data back to it.

What happens to my Oyster data?

The Oyster readers at stations don’t immediately communicate with the TfL servers. Instead, they upload the recorded Oyster card information in batches to the central servers, which is why there’s a roughly 24-hour lag between you making a journey and the data being visible on the TfL website.

Transport for London retain the data of a particular Oyster card for eight weeks. This means that – if you’ve registered your card – you can go to the TfL website to see all the journeys you’ve made over that period, and whether you touched in and out successfully at each end. This is a good way of checking you haven’t been overcharged by a faulty Oyster reader. After eight weeks, the data isn’t deleted, but is anonymised, so is no longer associated with your user ID.

What is the technology inside the Oyster card?

When the Oyster card first came onto the scene in 2003, it was powered by a very basic microchip – the NXP/Philips’ MIFARE Classic. This technology was widely used for workplace ID cards and electronic wallet applications. The chip did little more than store data – a whopping 1024 bytes of the stuff, or fifteen million times less storage than your average smartphone – and used NXP’s own proprietary 48-bit encryption technology.

However, NXP’s MIFARE Classic was dogged with security concerns. In January 2008, a German computer club, the Chaos Computer Club, worked alongside colleagues from the University of Virginia in breaking the card’s encryption. This allowed them to freely read data from the MIFARE Classic chips, add money to empty payment cards, generate new users with access rights, or even clone cards in their entirety.

Following a variety of successful hacking demonstrations, in July 2008 researchers from the University of Radboud in Holland went one step further and managed to successfully travel on the London Underground with cloned cards.

The future of Oyster cards

"The CPU in modern Oyster cards is based on an Intel design from the 1980s."

This prompted TfL to retire the MIFARE Classic-based cards in 2009, replacing them with the far more advanced MiFARE DESFire EV1 technology. The current cards based on this technology are far more advanced than their Classic predecessors. They’re no longer relatively dumb data-storage chips, but are actually tiny, basic CPUs that are capable of basic computing tasks. In fact, the CPU in modern Oyster cards is actually based on the Intel MCS-51, a microcontroller designed by Intel way back in the 1980s.

The new Oyster cards still have no battery or power source, so are only powered when they’re near an RFID reader, but they contain their own operating system, have a file structure for storing files and data, and their processing functions allow them to perform encryption to the far more resilient AES 128-bit standard. Pretty clever stuff for something that looks like a credit card.

Can you hack an Oyster card?

Fancy your chances at hacking a modern Oyster card? That’ll be tricky. Even though third-party RFID readers can power and communicate with them, the only way to recover the required AES encryption keys would be to steal one of the Oyster readers and reverse-engineer the whole process. Best of luck with slipping one of those in your back pocket.

Read more: Contactless technology has revolutionised travel and retail, but it's also making it even easier for scammers to steal your cash. Click here to find out how to protect your card from contactless fraud. 

Read more about: