It doesn't even have to be a card-shaped anymore, since it's NFC. There are other form factors that handled real-word payments, like bracelets, watches and phones. All of those can be easily equipped with a display (enough to show a transaction amount) and some sort of sensor (keypad, touchscreen, single "approve" button, fingerprint scanner) to handle user authorization.

This will probably break the "fix" though, as the "card" may take up to tens of seconds to "respond", awaiting for owner granting permission. And won't work for stores that can't handle NFC.

A device like that could use a 2-phase protocol so that each step of the transaction is kept under 2ms even if the whole thing takes 10s.

Would require double-tap though, which would be especially inconvenient for stuff like public transport in London.

It could be configured to automatically allow X transactions below $Y every Z seconds. So you could tag into the subway once every five minutes without any user input, but larger or more frequent transactions would require confirmation.

Or allow a tap to pre-approve purchases for the next 60 seconds.