> So the solution is the transportation card is writable, and each train station acts like a small data center. They sync the data periodically to the main data center.
That's also how the two subway systems I'm most familiar with do it here in Russia. In both Moscow and St Petersburg, the data stored on the refillable tickets (Troika and Podorozhnik respectively) was thoroughly reverse engineered. People who did it, of course, tried to write them too — for example, you'd make a dump, enter a station, then restore the dump with your old balance. It worked, but only for a day or two, after which the card number was added to a blacklist that all turnstiles check cards against. The conclusion was that there's a server on each station that turnstiles talk to, that syncs with some central server each night (when the subway is closed), where all system-wide transactions for the day are collated, and if anything is off, the card is blacklisted.
Oyster in London works like this too so I’ve heard. Some terminals (e.g. those on buses) are offline until the terminal is docked and connected to the main centre.
The Helsinki metropolitan area public transit system "HSL" used to be like that.
Bus passes were first mifare and the DESfire after some upgrades, but the readers in the busses contained the transactions and worked offline.
If they got filled up the the standard practice was free fares. :)
That's also how the two subway systems I'm most familiar with do it here in Russia. In both Moscow and St Petersburg, the data stored on the refillable tickets (Troika and Podorozhnik respectively) was thoroughly reverse engineered. People who did it, of course, tried to write them too — for example, you'd make a dump, enter a station, then restore the dump with your old balance. It worked, but only for a day or two, after which the card number was added to a blacklist that all turnstiles check cards against. The conclusion was that there's a server on each station that turnstiles talk to, that syncs with some central server each night (when the subway is closed), where all system-wide transactions for the day are collated, and if anything is off, the card is blacklisted.