This is really bugging me.
Up until recently debit cards with an electronic chip were the most popular electronic form of payment available in Poland (I'd wager that in other European countries as well). It does seem pretty safe too - in order to make any kind of purchase (either from an ATM or in a store), the user needs to provide a PIN code. While said PIN isn't particularly long it's there to provide an extra level of security: the first being the card itself.
In recent times PayPass (or similar) cards have been gaining popularity and it seems banks are pushing these cards onto the public. These cards can act just like the regular debit cards described above, but you can also use them to make payments using NFC.
Here's the big deal: when making a payment through NFC the user doesn't need to input the PIN.
It seems to me that with a wireless technology like this, a PIN should be a definite requirement as it feels the technology isn't particularly secure. One example of this is the proxy attack, where one person with a cell-phone gets some items in a store and goes to pay for them, while another person with a cell-phone looks for a PayPass card to read (on a crowded train / bus / station / etc.). Depending on the technology used, those cards can be read from quite a distance away as well.
Which brings me back to the matter of PINs... Why aren't PINs always a requirement when paying using NFC?
EDIT:
I do realize that the amount you can pay for using NFC is limited*. However, as far as convenience goes (no need to put the card in / swipe wallet) it seems like we're trading security AND some convenience for... slightly more convenience.
What I mean: as it is, you can pay for small things by just swiping the card. Great. But inputting a 4 digit pin after swiping shouldn't be much of a deal, right? And then you wouldn't need to limit the amount you can pay for. You could still keep the card in your wallet, and the whole thing would be just as fast. In fact, ideally, you could have a "PIN-less" limit as it is now but allow NFC transactions over that amount... just require the PIN! Or are there other technical / security concerns with PINs and NFC in general?
* While it seems that this limit could easily be changed, I haven't heard of a bank (in Poland at least) actually allowing the customer to make such a change. I know I tried calling my bank directly and was informed this is impossible...