Even with NFC exploits tokenized is the way to go. Tokenized payments only send a unique token to the PoS. The PoS system then (and probably not the register itself but rather their systems) then take that single use token, combine it with their secrets that only they have, and pass it up to Google/Apple/whoever to actually initialize the transaction. Google Pay/Apple/Whoever then verify that they are the ones who issued the token, and that it is signed correctly with the secrets that are shared. So not only would someone have to snoop the NFC token that was transmitted, but also have hacked into the PoS system and retrieved the secrets, which is no small feat - and even then since the token is one time only they’ve only accessed that specific purchase. They still know nothing about you or your banking information. The token expires and can never be used again.

Tokenized pay via Google/Apple/Samsung/Whoever pay is the most secure form of adhoc payment at the moment. Tap is safer than swipe or chip, but since there’s no communication to get a one time token, it requires a slightly different approach. Tldr there, if you’re that worried about it, just add your card to your phone/watch.