|
|
|
|
|
|
by matthewmacleod
2478 days ago
|
|
|
Ah, so essentially require the inclusion of a pre-signed, server-generated token identifying the user in the ticket’s QR code and perform the actual charge when the ticket is used. That’s much better, though it’s subject to some edge cases similar to the London Underground, caused by the potential for using invalid payment methods. Not bad though; probably low-enough potential for abuse to ignore. |
|
|