You already had your cookies then
Though mine are better. Paid for the ingredients in cash, made them myself. So there. Anyway.
If we'd only listened to the banks, we'd *know* their systems are perfectly safe, one hundred percent or all your money back no questions asked, no hassle, they're completely trustable, will never fail to work, skimming doesn't exist, magstripes really don't need to be replaced and chip&pin is even more impossible to subvert, and we all live in teletubbieland. Same with paypal. And credit cards. They'll never sell your data and they'll never shut you off unless it is for your own good. Their call, but they're enlightened so it's all good. Honest.
I'm so glad you found a completely trustworthy source for some fine, valuable information regarding this "pay by putting your hands in the air and wave them like you just don't care", er, system.
So useful, in fact, that I'm a bit at a loss why I bothered reading the thing. You wrote something of eerily similar tone and with about as high quality sources something like a year ago. NFC is still being pushed through from on high. Apparently it, like so many alternative do-away-with-cash electronication schemes, has trouble pushing out cold hard cash on its obviously much superior merits. Wonder how that's possible, eh.
By the by the kit to do just about anything (fully programmable and all that) as either a tag or as a reader is freely available for a modest sum; don't even have to dive into the "security research"-infested depths of the digital black market. Should some form of registration be required, well, then you just dive in anyway and you buy a sack of identities to abuse. Complete with bank account in Bermuda, then toss the dosh to the next, and the next. Cash it out all over Europe. These are commercial services and you can set it all up in very little time.
Thing is, NFC is a stack of complexity that from the get-go needs so many parties to work, even for just a single transaction, that there's bound to be gaps, holes, back routes, garden paths, and so on, and so forth, up the yin yang. The black market definately has the complexity and the grasp to match, no worries.
What I find far more worrying is that again most of the security argumentation rests on handwaving away "impracticalities" that are only so on cursory examination, that is "for the average user". But it's exactly that average user that's getting fleeced, regardless of what shady bunch do it and what side of the law they're officially on. The people doing the fleecing do so in large quantities because they can get away with it better that way. They're set up just fine to overcome hurdles that are "impractical for the average user". Like how the push to require government ID for every bank account has actually increased the demand for "money mules", and people are still falling for that just like they're still falling for nigerian four-nineteens. What do you mean you managed to require the perp to register? He's paid someone a pittance to take the fall. And that's just the deep end of the trouble.
Take, for example (and this has been raised before, but curiously not answered) the simple problem of your NFC phone going walkies, whether lost or stolen. How, exactly, are you proposing I trigger that wonderful process where the network will kindly tell the NFC component to stop spending my hard-earned dosh? I call them? My what a suggestion. That was my phone, you son of a silly person. A payphone? Paid for how, exactly? Someone else's phone? Why, I'll just have to beg random strangers on the street for the use of their phone (that itself is NFC enabled and thus too valuable to let go out of sight for a minute). Sound plan.
Now, what number do I call again? That, too, was stored in my phone. Well.
Useful, that, Bill. Wonderful. Truly useful. Not a flaw in sight. I applaud your efforts and feel reassured already. Thank you kindly, sir.