Regarding authentication

It's also unlikely that cards are immediately authenticated against the database on bus journeys. also I assume that the inspectors also accept the cards contents at face value.

I vaguely remember TfL claiming that they wanted to allow the Oyster card to be useable for small transactions in newsagents and the like, which would make such an attack more interesting. As I doubt that every contactless transaction would be authenticated at purchase time in smaller shops.

Where the attack interests me is cloning other peoples cards, and it's the geneuine owner whos card gets disabled the next day. How many cards could a small team disable in one day ?

Before anybody says that you can't write a new serial number to one of these cards, remember it dosn't have to be a genuine chip in a card, just something that behaves like an original and has the visual appearence of a real card.

I'm sure there are plenty of far east manufacturers who will produce a card that looks like a Oyster card but with custom internals.