don't sweat it. It is not possible to clone a chipped card.
Well, here the pin code is not passed on and the phone is kept with you.
You can still get a 2nd card and use it, and transfer money from the main one only from the computer.
Well, almost all "robbery" is social engineering. You yourself enter the confirmation code or card details.

I will try to describe very briefly:
A plastic bank card is literally a card number, date of action, some technical information and EVERYTHING. so it was originally. no keys, etc. it didn't have it originally. but then when they appeared, they began to perform a slightly different function than signing transactions
at the end of the 2000s, chip (emv) cards appeared massively, which, in addition to the card number, actually store a certain key and can check the pincode offline (so as not to send requests to processing and for offline operations) and remember the last balance of money. but that's all. the increase in security here is that the card still has a strip where its number and date are recorded to support old standards
The security of this scheme is ensured by the fact that all transactions on a chip card must be made on a chip, if they are carried out on a strip (instead of a chip) and then protested, the bank must return the money to you without any special investigation for six months.
Systems like GPay - do not make a copy of the card, they issue some kind of virtual card analogue and make payments on behalf of this 'virtual' card ... deducting money from yours, just like if you subscribed to an online cinema with an auto-pay function.
Further, two-factor authentication is not mandatory, at all. in the Russian Federation it is a little more common than in the rest of the world, but it is always optional and protects not the buyer (no matter how strange it may sound)
==
and the most important and incomprehensible-inaccessible to many, even some bank employees
A bank card transaction can be carried out with ONLY a card number. ALL. no CVV/CVC needed, no expiration dates, no owner name, no chip details, nothing, ONLY a number.
This operation, of course, cannot be done by any employee in the store (about 7 years ago they covered a very big hole in this direction, by the way), but it is possible and is often used by hotels, for example.

The most dangerous invention is a smartphone case with card pockets. And the most fiasco is when the phone is not password protected. Or the password is displayed for a split second as you type. It's easy to remember.
The essence of the fear is clear, but there are so many of us that thieves and scammers do not have to resort to ingenious high-tech hacks of ordinary laymen. There is always a decent mass of individuals who part with funds voluntarily.
As the cat and the fox sang in the famous film: "A fool does not need a knife ..."
Sleep well))

I don’t understand the details of how the card works, but I think that whoever takes possession of your phone gets access to your account. Even if the mobile phone is password-protected, it can be opened. I think the only guarantee is if the card data is stored encrypted and you remember the key or keep it somewhere separate from the mobile. and the data is transferred to the bank after decryption. and at the same time, the history of Internet requests in the mobile is not saved. on the other hand, a person who knows how to open mobile phones in this way makes good money and if you don’t have a lot of messing around in your account. and having access to the account, this money still needs to be cashed out, which is risky

Can you elaborate on the fact that the processing center can disable the requirement to present a PIN code or CVC code, is this a law? Can I send an appeal to the bank so that some operations, such as resetting the login and password for the application, could not be done in the application itself, but only during a personal visit to the bank office?