I should read the EMV contactless standards to find out how secure static data authentication is, since I know US banks are still issuing cards without CDA or XDA.