> Your ticketing system cannot assume tickets in any form cannot be replicated- they can be and if you introduce such a vulnerability in your system, you will lose revenue
Yes, the question is not whether such system would be abused, but how much. But this is in the end what businesses care about.
Will QR codes be abused more than NFC chips? Likely yes.
Will it produce a larger financial loss than the cost of the NFC chips?
Can I mitigate these losses by a centralized validation system (each terminal needs a network connection with low latency guarantees)? Sure, but how much will it cost?
40 years ago we had a read-write system based on mechanical trimming of a piece of card and a physical time stamp[1]. It's absolutely possible to roll out a system to keep track of journeys that doesn't require fancy embedded ICs.
Yes, the question is not whether such system would be abused, but how much. But this is in the end what businesses care about.
Will QR codes be abused more than NFC chips? Likely yes.
Will it produce a larger financial loss than the cost of the NFC chips?
Can I mitigate these losses by a centralized validation system (each terminal needs a network connection with low latency guarantees)? Sure, but how much will it cost?