I have quite a lot to do with passengers using contactless cards on trains.
There are quite a few recent cases where I have come across kids in their early teens with contactless cards. In the cases I found, I had no reason to doubt that those cards belonged to them. Most of these cards have been issued well within the last year or so. Some of them seem to specifically use them as a cash-free way for their parents to pay for their train ticket.
(Interestingly, quite some time ago when I was a young teenager and got my first bank account, I was issued with an offline-authorised debit card straight away. There was some complication because a member of my family already banked not just with that institution, but the same branch, and my account was linked to theirs for a few years. This was pretty much before anyone had even heard of contactless payment!)
I also find that the vast majority of contactless payments via the "Envoy" (or whatever it's called this month) ticket software, used by a lot of onboard staff on trains these days, require authorisation. I'd say only about 10-15% of sales will be processed without a data connection and authorisation. Sometimes refunds / cancelling transactions can also be quite complex if the systems fail half way through the transaction! Lastly, it's interesting that even with full updates of blacklisted cards and valid authentication, Envoy still needs to set itself up and process its first transaction in an area with mobile data signal (or wifi), before it can take any card payments. Cash payment is unaffected by this.