Beveiliging OV-chipkaart



OV-chipkaart security is the highest priority for Translink. We aim to remain one step ahead of hackers and fraudsters. That is why security is a continuous process for us, through which we constantly tighten our anti-fraud protection. We have also launched a migration project to improve the security of the chip even further. No passengers have been affected by fraud so far.

 


Security is a continuous process

From the start, we have taken security measures at various levels in the OV-chipkaart system. Continuously improving fraud detection systems and fraud detection measures is also part of our security. When new fraud scenarios arise we adjust these measures. We work with security experts, ethical hackers and scientists. Unfortunately, 100% security can never be guaranteed. A range of fraud detection mechanisms are implemented in the back office. These are used to detect manipulation of an OV-chipkaart and a card can then be blocked.

OV-chipkaart fraud
 

In January 2008 the mifare chip in the OV-chipkaart was hacked in a laboratory. As a result of these security problems, the fraud detection systems were adjusted and refined. So it is now possible to detect a number of fraud scenarios more successfully.

New, temporary chip
 

As a result of this we phased in an improved chip in August 2011. The new chip is identical to the original chip in terms of use, but offers improved security features. These were added to the chip at the request of Translink. Since this new chip was introduced, there have been no incidences of fraud. This is because fraud tools found on the internet no longer work with this chip. The low level of fraud that still takes place uses the older chip. There are still a number of old chips, which remain vulnerable to fraud, in circulation.

Blocking a card
 

If we identify fraud, we block the card and can then report the matter to the Public Prosecution Service or National Police. The Public Prosecution Service or National Police then conduct an investigation based on the report. We cooperate in this, along with public transport companies. We provide details on request. For questions about the investigation we always refer to the Public Prosecution Service or National Police.

Compensation
 

It is almost impossible for a passenger to suffer financial loss through fraud caused by security weaknesses in the OV-chipkaart. If this does happen, the cost will be refunded by TLS and the public transport companies. The OV-chipkaart does not contain any personal details and is therefore not vulnerable to fraud. A personal OV-chipkaart only contains a date of birth. We emphasise that anyone defrauding an OV-chipkaart is committing a criminal offence. In December 2010 a fraudster was convicted of hacking and counterfeiting more than twenty OV-chipkaarts.

Migration programme
 

Parallel to the continuous tightening of security, we are also working on a migration programme. This programme aims to further increase the security level of the chip. We are constantly working to improve security. We are already developing the next generation of OV-chipkaarts. This even more secure OV-chipkaart will be launched in the second half of 2014.