NFC transactions are powered by the EMV chip, and include all the same signing ond one-time-key exchange as a chip-insertion but without the potential for skimming the mag strip

Encrypted in the same sense that https is encrypted. Doesn't do jack if you have control over the "server".

And in this case the server can have a large antenna and not require physical contact.

So in essence, orders of magnitude worse than the magnetic strip.

This is fundamentally incorrect.

Sniffing the NFC traffic gives the attacker nothing useful, just as skimming an EMV contact transaction gives the attacker nothing useful.

>The contactless EMV chip transaction path leverages the cryptographic functions normally associated with a contact EMV chip transaction and uses the same authorization and settlement fields as a contact chip transaction. [0] [1]

[0]: https://www.emv-connection.com/downloads/2015/12/EMV-and-NFC...

[1]: See EMV specifications, “Book 2 – Security and Key Management,” Version 4.3, November, 2011, http://www.emvco.com/specifications.aspx?id=223.

Why would you need to sniff anything?

Just ask for it yourself. That's what I meant with encryption not meaning jack if you are one of the participants.

the "server" in this case provides a one-time key to sign the transaction with, which is only valid for that transaction and that merchant. if you have a large antenna that can provide valid transaction keys for a trusted merchant, then yes, you have a significant exploit.

to my knowledge, nobody has ever successfully demonstrated an exploit of this nature.

The "server" in this case is a rouge device.

It is trivially employed.

I’m not sure why the color of the device matters here