They don't _claim_ there's anything particularly secure about PayPass etc.
When I got my new credit card I actually phoned the company and specificaly requested (quite firmly) that they deactivate the feature on my card. I know they can't "special make" me a card that doesn't have the chip, but they absolutely REFUSED to deactivate such payments on my credit card account. They also kept repeating (as if they were reading) that it is completly secure.
Being that this was a Java exploit which required a visit to a website at the least, I would say that those that got infected have more time on their hands than they know what to do with.
Security starts and ends with the user. If someone gets a virus, it is most likely that they do not care, are not paying attention, or are clicking on stupid links that go to stupid things that are not related to their work duties.
Corporations have yet to learn that training is required (less than 30 minutes to show someone the tricks to look out for), and an actual damage assessment and punishment system in relationship to breaches.
Sure IT may get an increase in calls at the start, but it is worth it in the long run.
Would you uses a bank that did not take security seriously?
Yes, because NON of them have adequate security for their customers. They protect their own servers with billions of dollars of protection, then let you pay by waving a card in the air or *shudder* sending a text message.
You do not have mail.