System level security measures for MIFARE installations
What else is there to consider for designing a secure system?

Limiting attack opportunities:
Although MIFARE DESFire EV1 and MIFARE Plus have been tested as part of their CC EAL4+ certification to be able to withstand attacks that make millions of traces of interactions with the card, it is wise to limit unusual behavior. E.g. if the same card is interacting with a terminal it is OK to accept several tens of failed authentications, which would be a legitimate case if someone moves a card slowly towards the terminal. However if many more failed authentications occur it is good practice for the terminal to stop the interaction with the card and at least log the event.  This is only one of the examples of dealing with unusual behavior.
Checking of MACs:
Request and check MACs that are used in the communication between the terminal and the card. Separate information is available on security considerations for the communication with the cards.
Relay attacks:
MIFARE Plus X supports proximity detection, which can be used to counter relay attacks. In relay attacks the communication between a legitimate card and a legitimate terminal is relayed between the card on a distance (e.g. in another country) and the terminal. If proximity detection is not implemented then such an attack is likely to succeed. If proximity detection is implemented then the attack will fail if the distance is beyond a certain minimum limit. Also here it is important to limit the amount of trials that card can make with a certain terminal by letting the terminal refuse to interact with the card after a number (multiple tens) of failed authentications.
See the documentation of MIFARE Plus X for further information.
Privacy:
Privacy is a concern among several user communities. MIFARE Plus and MIFARE DESFire EV1 have several privacy protection mechanisms, one of them being the use of Random ID in the anti-collision process. See further the documentation of the respective chips.
Backend security:
As said in the beginning of this document, the security that goes beyond the terminal is out of scope for this document. Those security threats include among others:  1.The software integrity in the terminals. If an attacker is capable to download fraudulent software into the terminal he could let the terminal open the gate if a card out of a certain set is presented without lowering the balance on the card.  2.Communication between terminal and backend. If an attacker can e.g. modify the blacklists or whitelists then this affects the security of the system.