Apple Pay (and the other phone based payment systems) are actually more secure than swiping your card. It's called tokenization. The data that gets transmitted via your phone to the point of sale terminal isn't actually your credit card number. When you put your card in Apple Pay it generates a series of random numbers that are unique to that card. That info goes to your bank as well and the only two places it exists is burned into your phone (in the same place that stores your TouchID fingerprint, so highly secured) and at your bank. So when you make a transaction it sends this unique number to the point of sale terminal who then sends it to the bank and they go "yup, xg844hah34 (the data is actually much longer) is Joe's visa, charge it!". If somebody hacks the point of sale system, all they get is a useless random number which they can't actually use for anything else.