So how does the Chinese system work then?
Does the till display a QR code that encodes "pay XXX yuan to account YYY", the phone picks that up and displays to the user "pay XXX yuan to account YYY - authorise?", the user selects YES and the phone tells the bank to send the money.
Or, does the phone display a QR code that encodes "my account is ZZZ", the till scans that, and tells the bank "transfer XXX yuan from account ZZZ to YYY". In that case, where's the customer authorisation other than the physical proffering of the QR code? How does the retailer know that the proffered QR code is actually the customer's QR code? A QR code is a QR code is a QR code, there's nothing physically preventing you displaying somebody else's QR code, and it's so much easier than stealing somebody's contactless debit card.