1. Not all passes work at 13.56 MHz and fall under the NFC standards. Even worse, the vast majority now are low-frequency (125 kilohertz, etc.). keywords: HID proxcard clamshell.
Yes, BSC is 13.56 MHz and ISO-14443, but there is a proprietary implementation from NXP (Mifare), and only old generations of Mifare cards are hacked.
Accordingly, if you want to emulate BSC, then you need to become a partner of the Metropolitan itself and integrate into their system. No other way.
There are, however, stupid read-only Mifare Ultralight cards in Moscow, in principle, they can be emulated from the phone, but they still need to be bought first in a convenient way.
2. A colleague has already said about the difficulties with cloning. All payment smart cards imply that, roughly speaking, secret keys and / or secret data are sewn into their secure memory, and the card gives out only what reliably authenticates it to the reader. It is possible to get valuable data from protected memory, but it is too expensive.
3. Developers and integrators have already thought about it. Yes, a smartphone with NFC can emulate several contactless bank cards, but there is one problem - both NFC SE SIM and NFC SE embedded in hardware require secret keys to establish a secure channel with SE. In the case of NFC SE SIM, this is a complicated procedure, contracts and hemorrhoids with OPPS, whose SIM, and in the case of the built-in NFC SE, is the same, but already with the phone manufacturer. It is clear that MasterCard can do this to work its PayPass Wallet on popular brands of Android smartphones, but an individual or a small company is unlikely: at least too long and expensive.

Smart cards, by definition, assume that they cannot be copied, which is why they are made.
There are attacks, but they do not work always and everywhere, and require separate hardware.
In general, the answer is “unrealistic”.

Depends on which contactless smart card you want to emulate.
If we are talking about HID prox, EM-Marin and the like (by the way, Clamshell is just a kind of card case) operating at a frequency of 125 kHz, then nothing will come of it.
You can emulate Mifare cards:
Ultralight and Classic - only if the device's chipset supports it. Classic will require keys.
DESFire - everything is a little more complicated, but in principle it is possible if you write a SAM emulator, and you also have all the necessary keys.
Now with regard to the statement of the previous correspondent regarding the subway.
The metro uses mainly Mifare Ultralight and there are no "proprietary" cards there. Mifare is a de facto standard and is the same everywhere. Of course, Ultralight is a stupid card, but not ReadOnly at all. She reads all sectors without any difficulties. If you download a program from NXP TadInfo in the market, you can see a dump of any metro map.
In real life, the main problem with copying Mifare Classic and Ultralight is that the UID on these cards is flashed at the factory, it is unique for each card and cannot be changed. And even if you have white plastic and all the keys (for Classic), then you will not be able to repeat it completely because of the same UID.
Thus, if your chipset supports arbitrary UIDs, then you can emulate Mifare cards, provided that you write a top-level software emulator yourself.
EMV-cards are also perfectly emulated, because. work on the same ISO 14445 and on that there are well-known applications.
PS If I understand correctly, the question is about card emulation, and not about breaking them. Emulation implies that you already have all the necessary information (keys, identifiers, dumps).

How about a door phone key?