"[Scrambling] makes the app harder to understand for an attacker, so it's not as easy to disassemble, reassemble with malicious content, and put on the app store for people to download and use," says Zumerle.
So on the device end of the transaction, there are ways that risks can be mitigated. But what about on the other end, at the point of sale?
"Well, you can put a reader on the terminal [to capture information]," says Zumerle. "And you can take advantage of an open connection during the transaction, but that starts becoming something like cyber pickpocketing that needs a physical presence and you have to do that in close proximity. In terms of POS risk, a rigged terminal is the greater concern."
Asrar, for his part, claims that McAfee has yet to come across a case of attackers nabbing credentials via NFC.
"We haven't come across a case, but it's not something that is far-fetched," he says. "There was a case a couple years ago where somebody uploaded an app that could read information from NFC communications, but it was for research purposes to show that it's a protocol and can be reverse engineered."
Even though it would appear that threats to the security of your mobile credentials can be found just about anywhere, Asrar says that users can still take simple steps to protect them from being compromised, including locking their devices and utilizing free security software.
"Even if users start using half of the features they have at their disposal," he says, "they will reduce the attack surface quite a bit."
Sign up for CIO Asia eNewsletters.