Love this! I’m very curious what the security model is. What prevents the merchant from stealing funds? Do you only want to keep a small amount of funds on the card? Or is the payment amount limited?

The unique aspect of the bolt card system is that it has replay protection to prevent trivial cloning of the card.

This is achieved by using a feature developed by NXP (who make the chip inside the cards) called Secure Unique NFC (SUN) authentication.

Each tap of the card gives a new message and this is verified on the bolt card server. The lightning invoice from the POS device is also sent to the bolt card server.

The bolt card server then has it's own payment rules which are defined for each card that is hosted - by default just enable/disable, per-tx limit and per-day limit.

Of course, you can modify the software to put any payment rules you like into it.