Apple Pay requires confirmation with the double click and Face ID, but OMNY is able to take payment merely by device proximity. Guessing this is NFC-based. But without confirmation? Aren’t there dangerous security implications to the mechanism behind whatever technique is being used here? Thanks
Since the funds can only go to one party there is little opportunity for fraud. Likely you can only pay once at a turnstile (or station for that matter). Not sure how OMNY works but usually transport passes will not work unless you've checked-out before using it for another entry.
The pass is only an identifier, it contains no payment information (you could be using pre-paid, credit card, direct debit but that happens on the "server" end).