Crucial components of the contactless payment system, such as the protocols used in contactless transactions and the algorithms used to generate the dynamic transaction codes, should also be open to scrutiny from independent security researchers and cryptographers, Litan and Fu agreed.

"I think the dynamic CVC code is a good security scheme, but the only reason I say its good is because (the payment card industry) told me. I haven't heard that from a third party researcher," she said.

But security researchers interested in the inner workings of the RF technology shouldn't hold their breath, according to Triplett at Visa.

"We're aggressive in having people look at risk and inform us, and we share that information with critical stakeholders, but that's not something we're going to open up to industry groups to report on," Triplett said.

That approach limits visibility into the industry's system but could prove disastrous if hackers were able to crack a critical payment component like the algorithm for creating the dynamic CVC codes, Litan said.

In the end, though, the debates about possible hacks are academic, especially when compared to the quotidian nature of most credit card fraud, which often stems from ordinary theft or sloppy behavior, such as restaurant patrons in the U.S. handing over their magnetic stripe card to waiters and waitresses before paying their bill, said Jania.

Despite that, the security of the new payments technology is an issue that consumers are concerned about, said Karen Webster, a researcher at Market Platform Dynamics.

"There seems to be a schism between the perception and the reality (of security risk), but clearly in the mind of the consumer, it's an issue," she said.

For now, security in contactless payments is a small issue because despite the millions of RF cards issued, readers are still hard to find and there's no evidence that contactless payments are catching on with consumers.

A survey of around 4,000 16-to-43-year-olds by Market Platform Dynamics in 2006 found that the cards were being used for only around two percent of purchases under $25, according to information presented by Karen Webster of Market Platform Dynamics.

But as readers become more plentiful (CVS, for example, has installed 40,000 RF-enabled, signature capture Payment Terminals in 5,400 stores) and "killer apps" like payments through mobile devices take off, the payments industry will have to be poised to respond to increased interest from hackers and fraudsters.

"As payment mechanisms and form factors change, we can expect the security methodologies to evolve along with them," said Jack Jania, vice president for financial services at secure card maker Gemalto.

The U.S., for example, may soon join the EU and countries like Mexico in embracing the EMV (Europay, MasterCard, and Visa) standard for authenticating debit and credit card payments. 

"I see it as being inevitable," Jania said. "Security is like a staircase that you're always climbing."