ArsTechnica reports Dutch researchers claim to have broken the encryption used to protect information on CharlieCards and similar systems:
... The group at Radboud carried out its investigation with the help of Ghost, a tag emulator, reader, and eavesdrop device that they built for around 40 euros. ...
The company that makes the CharlieCard system has come out with a more secure encryption system, but it's more expensive and making it backwards compatible with older readers actually introduces more vulnerabilities, ArsTechnica writes.