A great idea if they do it right...
.. and based on my experience, they almost surely won't.
1. NFC phone detects NFC POS terminal.
2. Terminal establishes SSL link to phone
3. Terminal sends transaction details (receipt line items, total, tax, unique transaction ID, time and date, etc)
4. Phone asks user to accept this transaction
5. Users enters their pass phrase, allowing the phone to access their keyring, phone uses their private key to cryptographically sign the transaction certificate
6. Terminal sends the transaction certificate to visa, which has the phones public key on file, verifies it is user X, and debits their account
The above process is completely secure, could be setup online in minutes after you loose your phone and buy a new one. Old phones could be deativated. Transactions would be unique, so they could not be re-run or have the amount changed. The phone would store a complete record for upload to Quicken or whatever. Both parties could verify the others identity, and it would all be cryptographically secure.
Now here is how they will actually implement it:
1. Nokia gives you a private key, which they will keep a copy of, so that the government, cell phone operator, and of course Nokia can decrypt your transactions.
2. The private key will be stored in some public area of your phones memory, and probably accessable by remote bluetooth buffer overflow
3. Credit card terminals won't be upgraded to NFC, so you will still have to use your phone as a chip-and-pin device anyway.
4. Any nearby ease dropper could sniff your unencrypted credit card number right out of the air
5. Terminals won't transmit the amount, or any other details to your phone, and there will be no unique transaction ID. Waitresses will be able to up the amount later, or put in a fat tip after you've agreed to a lesser amount
6. Your phone will be able to be scanned by just about anyone with an RFID sniffer, probably handing over your birthdate, social security number, credit card info, and mother's maiden name.
7. As soon as anyone defrauds you in any of the above ways, credit card companies will insist that you actually committed the fraud, since their super-new "crypto-tech" is obviously "unbreakable".
8. Some security researcher will try to publish a paper detailing how insecure it all is, but his paper will be supressed by judicial gag-order, then he will be caught, shot, excommunicated, and sent to Gauntanamo for immidiate re-education through sustained water boarding.
Visa... its everywhere you want to be.