Can such cards be hacked? And is encryption involved?
That would depend on your definition of "secure." The ISO 14443 air-interface protocol used for RFID-enabled credit cards does support encryption. But the cards have several elements that are designed to make them secure. One is a short read range. This reduces the possibility that people will eavesdrop on the communication between the card and reader. Another is that the card verification value (CVV) number changes with each transaction. With a standard mag-stripe card, the CVV is fixed and, if stolen, can be replicated. With an RFID card, the CVV changes for each transaction, so you might read it once but it wouldn't be useful again. It also cannot be used on the Internet, as the electronic CVV differs from the printed CVV on the card.
The bottom line, however, is that all systems can be hacked, with enough time, money and effort. RFID cards are more secure than conventional mag-stripe cards, which is why they were introduced.
—Mark Roberti, Founder and Editor, RFID Journal