John Brandon on NFC spoofing:

Spoofing an NFC transaction involves creating a dummy reader—say, another smart card or a smartphone—that sniffs out a close-by signal and steals the data during a transaction.

This would be an issue if the device being sniffed held your credit card number. This is a big lesson learned by Apple and a reason why Apple Pay is much more secure than other wallet mechanisms.

Still, even if a hacker could snag your transaction data as it passes from your iPhone to the terminal, they’d get a single-use token with nothing to identify you by name. Connecting that to the credit cards stored securely by Apple might not be impossible, but the experts we spoke to agree that it’s a lot harder than just stealing some credit card numbers.

Interesting read.