"Neither are they for card payments, except possibly by the retailer."

Serious question: how is that possible? At some point, the token that the pay app transmits to the retailer must be correlated with your bank account. Someone must have the record associating one with the other, therefor the payment is traceable.

