That's also how the two subway systems I'm most familiar with do it here in Russia. In both Moscow and St Petersburg, the data stored on the refillable tickets (Troika and Podorozhnik respectively) was thoroughly reverse engineered. People who did it, of course, tried to write them too — for example, you'd make a dump, enter a station, then restore the dump with your old balance. It worked, but only for a day or two, after which the card number was added to a blacklist that all turnstiles check cards against. The conclusion was that there's a server on each station that turnstiles talk to, that syncs with some central server each night (when the subway is closed), where all system-wide transactions for the day are collated, and if anything is off, the card is blacklisted.
If they got filled up the the standard practice was free fares. :)
The bulk of the ticket will still be the Felica card though, because as far as I know neither the QR code or EMV open-loop system can handle required throughput of 60 persons/minute/gate.
So the solution is the transportation card is writable, and each train station acts like a small data center. They sync the data periodically to the main data center.
I think the syncing tech is getting better, Japan train companies are going to experiment with QR code soon. So read only is feasible.