tap to pay = RFID == lower security
Can we not spread bullshit and FUD on /. please?
The "tap to pay" interface is linked directly to the smart card. There are some protocol differences to handle the faster nature of the transaction, but it's still EMV, it's still just as secure as the chip itself, it's just contactless.
Even if the terminal itself was compromised and you could read the chip directly, you won't get anything useful from it. Sure, you'll get track2 data (i.e. the magstripe information) but it's useless for EMV as an EMV transaction has several layers of security. Encryption, hashing, cryptograms, essentially there's no way to replay a transaction even if you capture every bit of data from it. In EMV, the terminal isn't trusted, it just acts as an intermediary between card and host. Both the card AND the host can decide to decline a transaction. The card, at any point, can force a terminal to go online if it's not satisfied with the terminal (and will occasionally do so just for the sake of it, because certain floor limits have been hit) and if the terminal doesn't do this, the transaction is cancelled.
AT BEST, a criminal could remotely pass through your card's APDU's wirelessly to another transmitter to perform a fraudulent transaction but contactless payments are limited by a maximum spend (usually something like $15 or $20) and will often still require your PIN to proceed.
Your scaremongering isn't helping anyone, it's just causing people to stick with magstripe which is so insecure it's utterly laughable.