The integrated public transport system SITP, formerly known as transmilenio s.a. Is one of the largest and most sophisticated transportation systems in Colombia; access to the system is done through contactless smart cards, frequently presenting vulnerabilities and risks through this payment method at the time of entry into the transport system, the present research contrasts and evaluates the risks of using the different cards under the norm ISO 27005 focused on the security of information, specifically asset the identification of threats, vulnerabilities and risks of the cards used in the system. likewise, the use of public information found on the website of the transport system, the operation of the risk management system in the organization The results achieved allow us to detect and contrast the risks associated with the use of each of the cards that have been used by this entity, applying the ISO 27005 methodology, highlighting the different heat maps that highlight threats and vulnerabilities given the risk assessment of the proposed solution, towards the optimization of security criteria that must be implemented every day in the use of this type of cards. The research also highlights the security found specifically on the tullave smart card that allows increasing the degree of reliability and acceptance of the system of this card, which recommends to massify its use to all users of the SITP, due to security protocols. to native authentication and confidentiality within the card; it is recommended that such a single interoperable card be propagated among other mass transit systems in Colombia and Latin America.
