Industry

NFC in Public Transit

<\/script>\n
'; }, get iframeSnippet() { const domain = '{ SITE_DOMAIN }'; const type = '{ embed_type }'; const slug = '{ embed_slug }'; return ''; }, get activeSnippet() { return this.method === 'script' ? this.scriptSnippet : this.iframeSnippet; }, copySnippet() { navigator.clipboard.writeText(this.activeSnippet).then(() => { this.copied = true; setTimeout(() => { this.copied = false; }, 2000); }); } }" @keydown.escape.window="open = false" @click.outside="open = false">

Embed This Widget

Theme


      
    


    
    

      Widget powered by
      .
      Free, no account required.
    

  




  
  
Mobile Ticketing, Open-Loop, and Account-Based Systems

  
  
  
NFC for public transit: from closed-loop MIFARE cards to open-loop EMV payment and account-based ticketing architectures.

  
  

    
    
    |
    5 min read
    
  








  
  

    
    
      
      
  1. 
        NFC in Public Transit: Mobile Ticketing and Open-Loop Payments
      
    2. 
      
      
  2. 
        System Architecture Overview
      
    3. 
      
      
  3. 
        Closed-Loop Systems
      
    4. 
      
      
  4. 
        Open-Loop EMV Contactless
      
    5. 
      
      
  5. 
        Mobile NFC Ticketing
      
    6. 
      
      
  6. 
        Gate Throughput Engineering
      
    7. 
      
      
  7. 
        NFC in Ride-Hailing and Micro-Mobility
      
    8. 
      
      
  8. 
        Fraud and Security
      
    9. 
      
    

  









  
  

  
  

    
    

      
NFC in Public Transit: Mobile Ticketing and Open-Loop Payments


Transit is one of the highest-volume NFC deployment environments on the planet. A major city subway system may process 5 million NFC taps per day across thousands of gates. This guide covers the technical architecture of both proprietary closed-loop transit systems and the open-loop EMV contactless standard that is transforming urban ticketing.


System Architecture Overview


A transit NFC system consists of five layers:






Layer
Components
NFC Role






Card / Device
NFC tag, transit card, smartphone, wearable
Stores credentials or relays bank token




Gate / Reader
nfc-reader, validator, turnstile
Reads credentials, authorises entry




Back-office
Fare management, journey history, account
Validates, charges, detects fraud




Clearing
Payment processor (open-loop only)
Settles bank transactions




Standards
NFC Forum, EMVCo, ITSO, Calypso
Interoperability






Closed-Loop Systems


Closed-loop transit cards store value or passes directly on the card. The reader makes pass/fail decisions locally without a real-time back-office connection.


Technology choices:






Technology
Example
Memory
Security






MIFARE Classic
London Oyster (legacy), many Asian systems
1K–4K
Crypto-1 (broken)




MIFARE DESFire
newer Oyster, CharlieCard 2.0
4K–32K
AES-128




Calypso (ISO 7816-4 on ISO 14443)
Paris Navigo, many European systems
1K–2K
DES/3DES/AES




ITSO (UK)
Scottish ScotRail card
ITSO spec
AES




FeliCa
Tokyo Suica, Singapore EZ-Link
2K–16K
Proprietary






FeliCa (Type 3 NFC) dominates Japanese and some Asian transit because its 212/424 kbit/s data rate and stateless authentication allow gate throughput at walking pace — critical for Tokyo station volumes. Most Western systems use NFC-A (ISO 14443-4) which achieves sufficient gate throughput at 106 kbit/s with optimised polling.


Open-Loop EMV Contactless


Open-loop transit uses the same contactless payment card or mobile wallet that the passenger uses for retail purchases. The transit operator becomes a merchant processing EMV contactless transactions.


Transaction flow:


1. Passenger taps card or phone at validator
2. Validator reads EMV application data (PPSE, SELECT AID, GPO)
3. Validator sends authorisation to acquiring bank
4. Bank confirms balance; gate opens
5. Back-office aggregates daily journeys for fare capping
6. Day's total settled as single bank transaction at midnight



Open-loop advantages: no card issuance infrastructure, immediate adoption with existing bank cards, no top-up friction. Disadvantages: ~300 ms bank authorisation latency (vs <100 ms for closed-loop offline validation), interchange fees, dependency on network connectivity.


Fare capping is the feature that makes open-loop equitable: the back-office caps daily or weekly spend at the equivalent of a day pass or weekly ticket, crediting back excess charges automatically. Transport for London's open-loop implementation (launched 2012) is the global reference.


Mobile NFC Ticketing


Smartphones use HCE (Host Card Emulation) or a hardware secure-element to emulate transit credentials.


HCE transit: The transit app stores a tokenised credential in software. The nfc-controller routes the reader's ISO 14443-4 APDU commands to the app's HCE service. Requires the phone to be awake; most Android implementations require screen-on or Express Mode to allow transactions with the screen off.


SE-based mobile: Apple Pay transit (in supported cities) stores a transit pass in the Secure Element of the iPhone. Express Transit mode allows taps without Face ID or screen wake — achieving parity with physical card tap speed. This is possible because the SE can respond to APDUs independently of the main processor.


Gate Throughput Engineering


Transit gates are engineered for 60–120 passengers per minute. NFC interaction budget:






Phase
Time






Field detection
<5 ms




Anti-collision and UID read
5–15 ms




Application selection (RATS + ATS)
10–20 ms




Authentication + data read
30–60 ms




Gate decision + mechanical open
50–100 ms




Total target
<150 ms






Achieving this requires ISO 14443-4 transport layer optimisation: maximum frame size in ATS, SFGT (Start-up Frame Guard Time) minimised in the card's ATS response, and reader polling tuned to single-technology (no multi-tech poll loop in gate context).


NFC in Ride-Hailing and Micro-Mobility


Bike-share and scooter platforms use NFC-enabled locks. The rider taps their phone on the NFC reader embedded in the lock, which sends a Bluetooth unlock command over BLE after validating the NFC handshake. This pattern combines NFC's trusted proximity model with BLE's range for the actual unlock signal.


Fraud and Security


Transit fraud vectors and defences:






Attack
Closed-Loop Risk
Open-Loop Risk
Defence






Card cloning (MIFARE Classic)
High (broken crypto)
N/A
Migrate to DESFire/AES




Relay attack
Medium
Low (EMV dynamic codes)
Relay attack guide




Tap-and-go fraud
Low
Medium (CNP risk)
Velocity limits, geofencing




Ghost tapping (no tag near reader)
None
None
Configurable field power






See also: NFC Payments How It Works | MIFARE Classic Security Analysis | NFC Relay Attack Explained | ISO 14443 Protocol Deep Dive

    

    

    
    
    
    

    
    

      




  
자주 묻는 질문


  

    
    

      
      

        
Our guides cover a range of experience levels. Getting Started guides are written for beginners with no prior NFC knowledge. Programming guides target developers integrating NFC into mobile apps or embedded systems. Security guides are for engineers designing secure NFC deployments for payments, access control, or authentication.

      

    

    
    

      
      

        
Most guides require only an NFC-enabled smartphone (iPhone 7+ or any modern Android device) and a few NFC tags (NTAG213 or NTAG215 recommended for beginners, available for under $1 each). Advanced guides may reference USB NFC readers like the ACR122U or Proxmark3 for development and testing.

      

    

    
    

      
      

        
Yes. Programming guides include code examples for Android (Kotlin/Java with the Android NFC API), iOS (Swift with Core NFC), and web-based tools (Web NFC API for Chrome on Android). All code samples are tested and include inline comments explaining each step.