So completely insecure in other words? 😮‍💨
So that adds to my concerns:
  1. Are limits configurable? Can I set a limit of N sats per tap, and N taps per hour?
  2. Example: the terminal shows 5,000 sats. I tap. Later, I find 100,000 sats deducted. The merchant was dishonest. My "tap" authorized it though.
  3. There is protection against a replay attack (single use token), but not against someone stealing my card and draining funds either at other merchants, or the thief manually sucking everything out.
reply