This will go badly sooner than later
I give it less than a year to the first large scale security problem with NFC payments. The associated industries keeps pushing for NFC while the two ISO standards that do exist for NFC make no requirements on the security side of things. As such, it is up to the implementers to incorporate proper security procedures to avoid data interception, man in the middle attacks, traffic replaying exploits etc.