And I'd still prefer cash.

Not because the lack of protection, but because it's entirely clear what's happening. You hand over cash, presumably sober and in full possession of your faculties (well, most of the time anyway), and you can, well, feel, the cash passing. I mean, you *know* you just paid.

In fact I tend to quickly count the petty cash in line for the checkout, so I can minimise the number of coins passed back and forth and manage the amount of petty cash I carry, with a convenient side effect that I know down to the last penny how much I'm carrying. That, and not carrying more than necessairy, are good ways to keep spending in check.

With waving contactless stuff around, it's entirely possible you've paid without knowing, maybe for someone else even. It has already happened. That also means someone else might make you pay without you so much as noticing, nevermind consenting. If that's the big plan to make "stand and deliver" safer to life and limb, I'll take the danger, thanks. At least then I'm aware of what's happening and might possibly call for help.

No amount of regulation of NFC is going to deliver us from contactless abuse. That goes for passive cards as much as active devices like phones; for any extra confirmation step there might always be an virulent override stuffed down the device's throat through one wireless interface or another. And then it's just a game of numbers, like a zombie botnet. Recall that spam still pays. The problem is that this is how the thing was designed to work, and there is no protection from that short of not using the thing at all. Especially people in IT should understand *that*, at least.