I believe you're wrong as well. Everything I have read says that Apple Pay will work without a data signal (I might just go and test this). However, trying to compare me tapping my phone to a NFC reader to scanning a QR code and then holding my phone up to have another QR code scanned by the clerk as comparable is laughable at best. So who's really trying to exaggerate here?
Apple Pay shouldn't require a network connection
per Apple's knowledgebase article on the security/privacy, since the card ID and dynamic card verification value are stored in the secure element chip on the device, not in the cloud.
For these companies, a measly 2% is a LOT of money. However as another poster said, they're already passing these fees onto the customer (even if you pay cash), it's really about gaining another 2% in profit!
This is like the Durbin ammendment on credit cards (effective 2010, for banks with over $10B in assets the maximum they could take per debit swipe was 21 cents plus 0.05% (as in, one twentieth of a percent) of a transaction. With 1/3 of transactions being conducted on debit
(sourced from consumer reports), this should have padded retailers bottom line nicely. Of course, we all remember the price drops at retailers after this happened, right

/s
Using ACH is a good idea... but this implementation is terrible. ACH fees tend to be anywhere from a few pennies to 50 cents, depending on volume and how much their bank wants them as their client. It's much less than a card scan, either way...
ACH transactions fall under the Electronic Funds Transfer Act, which limits consumer liability for fraudulent charges to $50 only if noticed within 48 hours, $500 if more than 48 hours but under 60 days, and unlimited liability for consumers after 60 days. Your money is also tied up during any dispute, with far weaker consumer protections.
ACH transfers have their place, but for buying a pack of gum it's ridiculous and a net negative for the consumer.
... that's exactly what it does. It is just like a plastic card with a PayPass or PayWave chip. No contact, terminal takes the identifying information, sends it along to the terminal owner to validate if the number is accurate, who sends it to the bank it was drawn on to verify funds, who sends it backwards towards the terminal with approvals.
This is correct, in a sense. Authorization is similar to a card swipe, albeit with more security.
- Devices notice each other (phone, payment terminal)
- The terminal notices the account number. The first 6 digits tell it information about the bank that issued it.
- The terminal contacts the bank and asks for a challenge. The bank comes up with a one time challenge, and knows the secret in the card. It's a predictable mathematical transformation if you know the secret, if it's a really provisioned card.
- The terminal tells your mobile device the secret. It puts it in the secure element, which uses the stored secret to produce a response to the challenge.
- The terminal sends the challenge to the bank. If it's a real, properly provisioned, active virtual card (not reported as lost, etc.), and the challenge matches the expectation, the bank approves the charge.
Auth on NFC payments doesn't include the CVV1 (a secret on the magstripe) or the CVV2 (the 3 digits on the back of most cards or 4 on front with Amex), nor the expiration date, cardholder name, etc. - it only contains enough information to complete a wireless payment. Since the challenge changes each time, someone can't use equipment to listen to your iPhone pay for something once via NFC and then repeat it - the challenge is already used, and is time sensitive/sensitive to the terminal that issued it as well.
Up here in Canada, you don’t have to give your Social Sec # to anyone but banks (and only if your going to earn interest) and any government institutions where money/benefits may be involved.
Anyone else can ask for it but you don’t have to give it to them. This goes for credit card applications, cashing cheques, etc.
Do americans readily hand over their Social Sec # to anyone asking for it?
Americans traditionally don't, but when you have middlemen handling financial transactions (e.g. a mobile wallet like CurrentC), you have to do so to comply with anti money laundering provisions of the PATRIOT Act.