NXP has published two application notes covering end-to-end system security risk considerations for implementing contactless cards. One is for contactless cards in general, while the other is specific for the use of MIFARE Classic.
These documents provide recommendations for implementing an appropriate level of security in systems using contactless cards. They do not cover all possible threats related to the use of contactless cards but instead focus on the security of the communication between the reader and the card.
The documents do not cover attacks on the reader devices, the back-end system or communication between reader and back-end. They also do not cover hardware attacks on the card such as probing, chip analysis, chip modification, etc.
The documents are available via the NXP web site as application notes AN155010 and AN155122. You can request a copy of these documents on the Application Notes section for MIFARE smart card ICs.
In addition to these two application notes, we have also published a FAQ page on the security of MIFARE Classic.