Re: not without some justification
It's probably worth adding a bit of information on some of the security measures about contactless payment (or what we expect to be the measures in implementations such as this). For a start, systems like this are in place and in use in places like Japan or China. In some places, people will just walk on and walk off a bus without having to worry about talking to the driver or fiddling with coins. Ditto all sorts of other use-cases. The thing with instances like this is that they are all low-cost items. People are willing to accept the security risk when it might mean they lost £5 or less in exchange for trouble-free experience the rest of the year round. If something tries to charge you £20 or £50, that's not going to go through without you entering a pin or approving it in some way. Similarly, these devices wont allow massive and rapid deduction of small amounts either - so that's not a way round this. If someone follows you round all day and bumps into you every twenty minutes, sure, they might get a larger sum off you. But most people would notice.
So instead, people wanting to exploit this would be trying to skim small amounts off large numbers of people. People are more willing to tolerate this risk than anything that is large scale to themselves. They might rightly point out that they're more likely to lose a physical fiver from their pocket as to get robbed of the same.
The attempt to skim small amounts off large numbers of people is problematic in the first place anyway. For a start, whilst the chance of someone reporting (or noticing) a fiver lost is much lower than them reporting £400 lost, the chance of someone in a hundred victims noticing and reporting is almost a certainty. And once that happens you have a problem. Because this isn't physical money. It is inherently traceable. That loss that someone reported isn't a missing fiver, it's a record of a transaction from them to thee. If you want to steal money this way, you first off have to be able to fool the proximity of the device (possible, but you need to be able to get away with getting your device in a few centimetres of other people's devices repeatedly and potentially triggering whatever security measure they have on that - e.g. a motion-sensor based bump trigger they have to do with their phone by tapping it against the receiver). Even just identifying which users have a suitable and enabled device in their pocket is a technical challenge unless these things become ubiquitous. And once you've done this, you're in a race to get that money out of the receving account and somewhere safe before either someone reports it or (more likely) an automated system notices and raises an alarm.
You need a business account that is approved for receiving funds by some reputable bank. So you're already moving into money laundering to enable you to steal money this way. You need to be able to get the money from that account quickly. And the limits on the amounts people can transfer this way without PIN or similar are low so the quicker you acquire money, the faster you set off alarms, get the account frozen. And then if you want to do it again next month, you'll have to be trying to set up a new approved receiver, etc.
The main scope for abuse of this is a legitimate seller of a service over-charging people and hoping they don't notice. But someone will and at that point it's quite easy to reverse the process and give the money back to everyone who was overcharged. Much more feasible than tracking down a few thousand visitors you had to your bar / shop / train / whatever over the course of the past year and each giving them their £2 back. And thus much more likely to be forced to do it (plus any applicable charges).
And when all that is done and taken account of, banks and credit card companies will want to use this system because it leads people to think less before spending so they will happily absorb these low risks by guaranteeing to cover your losses if there's a problem, just as they do with credit cards and for the same reason. What does MasterCard or Visa care if they have to cover the occasional small loss? If they didn't provide this service, people would move to someone who did. and in the meantime they'll rake it in. And they'll happy crash down from a great height on your behalf upon anyone who uses this system to defraud you.
Although I instinctively distrust this system because it rings all sorts of alarm-bells, on a society-level, it's probably fine and safe and the individual risk is low. It might even be safer if it means a mugger has to be a professional money launderer in order to rob you (or else march you to the shop to buy things for her). I'm more personally concerned about privacy implications than security. Which gives me small relief in seeing that MS are partnering wth your choice of backer rather than, e.g. Google with GoogleCheckout or a proprietary one with Apple. Or (Hell no!) PayPal. It looks like you'll be able to use or not use which you want. And I'd prefer doing business with a company that just wants my money up front, than think they can make money off my data.