Radio-frequency identification (RFID) technologies allow remote identification as well as generic data access using radio waves. It is also commonly used in transportation and other payment systems, e.g., the MIFAREof NXP Semiconductors, one of the most widely deployed contactless smart card standards. Recently, the interest in using RFID for micro payment grows rapidly as users get used to the convenience brought by RFID,and corporations discover that RFID can significantly lower the cost of operation. However, there are security concerns, as many passive RFID technologies do not have adequate cryptographic protection. Furthermore, thecommunication can be eavesdropped by a third party, making RFID particularly vulnerable to all sorts of attacks.In this work, we examine the EasyCard of the Taipei Metro Rapid Transit (MRT) Corporation, a transportation ticketing system based on the MIFARE Classic technology. We capture and analyze the communication betweena legitimate reader and an EasyCard using GNURadio, an open-source software-defined radio running on PC. We will share our experiences with EasyCard security and hopefully provide some insights into RFID security inpractice.