I’m not entirely sure how the technology is implemented in practice, but an easy way I can see it implemented is with encryption. Instead of sending a password, the password is stored on the card and never output. Instead, it receives a message, encrypts it with the stored password, outputs the encrypted message, and the receiver verifies that the encrypted message was legitimately encrypted. Transaction approved.
Edit: seems like NFC authorization flow is generally as I’ve outlined.
Latest Answers