NXP has recently submitted two application notes covering end-to-end system security risk considerations for implementing contactless cards. One is for contactless cards in general, while the other is specific for the use of MIFARE Classic.
These documents provide recommendations for implementing an appropriate level of security in systems using contactless cards. They do not cover all possible threats related to the use of contactless cards but instead focus on the security of the communication between the reader and the card.
The documents do not cover attacks on the reader devices, the back-end system or communication between reader and back-end. They also do not cover hardware attacks on the card such as probing, chip analysis, chip modification, etc.
The documents are available via the NXP document control office; document reference numbers 155010 and 155110.
You can request a copy of these documents by filling out the 
Password Request Form for Confidential MIFARE
Documents and mailing or faxing it to the document control office.
In addition to these two application notes, we have also published a FAQ page on the security of MIFARE Classic.