NFC combined with the fingerprint scanner would be a huge development. But I'm going to guess NFC is still not in the 5S, Apple is just getting the fingerprint scanning down before they integrate it in the next model (iPhone 6). At this point, NFC use really won't be mainstream until Apple adopts it, Apple knows this so they are taking their time with it. They can't wait too long though.
NFC won't be a mainstream payment option until Apple AND A major payment processor adopts it, and adjusts all it's PoS systems... that's a cost.
Personally, I see this as a protection patent (just in case NFC does wing.).
Apple however, could say... 'for the price of an iPad and a good internet connection, We'll provide you a new Point of Sale system.' What's that - $1000-2000[carrier or hardwire internet], and $500 per PoS device after that?
I really think Apple is looking at a different technology, one that is internet based, and is a 3 way 'all AuthN/Z's meet at Apple' protected:
- You order your half-caf Latte'
- you select 'ApplePay (whatever) at PoS device (touch, or Barista presses for you... Assume it's an iPad/iPhone...
- PoS device - tells device who you are (in an Apple ITMS signed identifier)
- iOS 'paying' device' - receives that, you select payment type and you supply a 'press home key to confirm'
- gets fingerprint from the press
- uses the fingerprint to authN to device; Device/AppleID/and timesensitive token created, sends the PoS device and your 'ticket request' to Apple (including amount to pay)
- Apple gets that, sends a okay to pay (if all is cool) back to iOS device
- Apple can check to see if the iDevice is listed as 'lost' or 'stolen'
- can see if the device looks to be compromised (the location of the device is consistent with recent locations, was 'logged in' using same fingerprint, etc etc.)
- can see if the AppleID isn't under fraud review for any reason.
- device says 'cool, thanks' sends the 'token' that is encrypted in an embedded key (1 time pay/timelimited, amount limited)
- PoS device receives this, resends request to apple to approve token
- Apple says, all looks cool, approves Xaction, start debiting PoS owner out of payers AppleID account.
- payment done. receipt sent to iOS device via notifications.
... and you get your latte'.
If Apple hasn't given up the 'keys to the kingdom' to "No Such Agency," this is pretty secure... a lot more secure than std CC transactions, and more secure than NFC current iteration.
- You've Authed all parties (again, if Apple hasn't exposed ECC or it's encryption keys)
- Apple has huge 'awareness' of where the device is, and who has handled it.
- You've created a 3 way 1 time transaction (no credit cards numbers were sent, time limited, controlled by device and Apple [PoS system can't replay the transaction])
- PoS device has 3rd party confirmation the device holder is approved to spend using the device at time of sale (big deal for retailers).
- Spending Auth is sent to the payer first, to avoid the 'you not approved on this payment type' sent to the PoS (allows for building a multi-payment [gift card, multi-credit cards] at your end).
Most importantly, Apple now is a payment processor, can charge 3-30% of the transaction value. If apple can show a business that that $2000 investment can return over $5000 a year in net revenue (lower fraud, faster transaction processing, less worker effort), it's a slam dunk sale.
And... Apple now is potentially getting a little piece of every retail transaction everywhere there is a working cell tower. Big Box, Small shop, a bicycle pulled icecream cooler... you got LTE/3G, probably even 2G.. you can sell stuff.
The best of Square, the best of NFC, the best of chip/pin, the best of PKI.
