When contactless payment was new in NL, it was possible to pay up to € 25 without PIN, which set of all sorts of alarm bells in my head. € 25 isn't much, but the idea that payments could be done without my PIN felt deeply wrong, so I disabled it. I only really started doing contactless payment when it was supported by the banking app on my phone, which always asks for PIN.
That said, PIN isn't terribly secure either; for a common 4-digit PIN, there are only 10,000 possibilities. Too many to test by hand, but trivial to automate if you have access to the algorithm. And for the first PIN cards, the data was on a trivially readable magnetic strip. So if you have the algorithm and the contents of that mag strip, it's trivial to just run through all possibilities. That algorithm was a closely guarded secret, but still, security by obscurity isn't great, so later they replaced the mag strip with a chip that doesn't spill its contents so easily.
That said, PIN isn't terribly secure either; for a common 4-digit PIN, there are only 10,000 possibilities. Too many to test by hand, but trivial to automate if you have access to the algorithm. And for the first PIN cards, the data was on a trivially readable magnetic strip. So if you have the algorithm and the contents of that mag strip, it's trivial to just run through all possibilities. That algorithm was a closely guarded secret, but still, security by obscurity isn't great, so later they replaced the mag strip with a chip that doesn't spill its contents so easily.
So not all 2FA is a guarantee for good security.