How secure is Apple Pay?

Apple Pay uses a sophisticated security system that makes it even more secure than using your actual credit card. For starters, you need the PIN and/or fingerprint ID to use Apple Pay on your device. Once you've added a card, your payment network/bank issues a Device Account Number that is specific to your device. This is encrypted and sent to Apple (who can't decrypt it) who then adds it to the Secure Element in your device, along with other information. This Device Account Number is stored in the Secure Element and isolated from iOS. Apple never knows it and it is not backed up to iCloud. Apple also has no access to your credit card numbers - Apple Pay only stores a portion of each card number and Device Account Number.

Apple Pay transactions are made at NFC payment terminals, which operate over very short distances (typically 10 cm or less). The transaction must be authenticated by your fingerprint or passcode. Once authenticated, your Secure Element generates a transaction-specific security code that is sent to the terminal along with the Device Account Number. Your bank is contacted by the terminal and it can verify your transaction via the unique transaction code. Your credit/debit card number is never transmitted at any point during the transaction.

See here for more detailed information about Apple Pay security.