Joe wroteA quick Google search shows the insane amount of security vulnerabilities found with NFC. So, on one hand, it's safe to assume that the app author could tweak the protocol to do whatever they want with the data on your card.
On the other hand, your bank giving you the extra layer of protection through SMS should keep you from panicking. It's very unlikely whoever has your info has withdrawn any money from your account, or else you'd have heard about it.
However, banking cards are not used solely for payments. I know of several services that use valid card info to authenticate users. It is possible that there are other abuses that someone can do with your info.
TL;DR: it's likely your money's safe, but I'd still ask the bank to give me a new card and cancel the current one.
Thanks for your feedback. Agree, for the authentication. Asking for a new card is what I am going to do in person at the branch, customer support did not understand my use case. She kept telling me with NFC you have to be physically present...
What bugs me is that the bank no longer provide cards without NFC. It is not optional.
++Feedback so far:
- Wrapping our cards with tin foil, is currently the only secure protection from nearby scan. My nexus 5 can scan the NFC while the card is inside the wallet and 5 cm away. So pocket in the wallet, is not secure without a protective metal sheet to protect from a passing scan.
- Since I already read the data, the public data is encrypted, but that does not prevent from writing into a new card and using that card on a POS and then you have the readable info.
- What I am still wondering, is that doesn't the bank has some-sort of an additional layer of security to validate that the card being used is the original one?