Here are the scenarios of going to Target:
1) pay via credit card. Target now has your credit card number.
2) pay via NFC. Apple and Google never hand over your CC number. They hand over a one time use token. If that token is later used again, a flag is thrown. Not sure about Apple, but Google credits a new MasterCard CC and uses that to make the purchase. Doesn't matter what CC or payment method you have tied to your GWallet account. A MasterCard number is what Target will get and a new number is created per transaction.
From what I understand, Apple stores your CC information on a separate chip embedded in the phone. Google stores your CC on their backend servers. So your phone doesnt hold your account info.
For the Target hack and that HVAC, reddit was saying the hacks were done via CurrenC's pipes. i'm not too sure tho
edit: if for some reason fraud happens via ApplePay and GWallet, you still have your regular CC protection to back you up. with CurrenC, that is removed because its tied directly to your bank account.
Interesting. NFC payments never interested me simply because they seemed to rely on novelty (there's zero difference in effort between swiping your card and holding up your phone), but I never knew they added another layer of security. I may actually try ApplePay because of it.