Apple filed a patent application in Sep 2012 which got published on 16th January 2014 that reads METHOD TO SEND PAYMENT DATA THROUGH VARIOUS AIR INTERFACES WITHOUT COMPROMISING USER DATA. It talks about a commercial transaction(s) method using the concepts of NFC secure element as well as Bluetooth, wifi and others. The method first establishes a secure link over a first air interface by a purchasing device. This secure link is between the purchasing device and a point of sale device. The method further identifies a second air interface, which is different from the first air interface, and the second air interface is used to conduct a secure commercial transaction.
Basically it looks like a concept where Apple is going to use the goodness of NFC (securely initiating the transaction) and the goodness of relatively longer-distance technologies like wifi, iBeacons and Bluetooth in general. Connecting the dots I think it is very much possible that NFC and secure element approach could be used for initiating the payment transaction as long as the customer is near the POS and use slightly longer distance communication protocols (and perhaps iBeacons) for other transactions that can be carried out, in the same session such as push offers, discounts, receipts, and other good stuff. The two transactions would have a shared secret describes the patent.
In the growing competition towards conducting a wireless commercial transaction that is both user friendly and secure Apple doesn't want to leave any stones unturned. The proximity payments at the merchants, at the restaurants, at the POS are the most interesting part of the Commerce value chain that the technologists are trying to disrupt. And this disruption is being attempted at Apple, at Paypal, at dozens of startups, and joint initiatives such as ISIS.
The security concept described in the patent is believed to employ the same logic used in NFC secure elements and chip and pin cards. Apple also described in the patent application that - Currently, payment information such as credit card data in mobile devices is sent directly from a secure element (SE) located in a device such as a mobile phone through proximity interfaces, such as near field communications (NFC), without an associated application processor (AP), such as an application program in the device, accessing the payment information. Preventing the AP from accessing the sensitive payment information is necessary because current payment schemes use real payment information (credit card number, expiration date, etc.) that can be used to make purchases through other means, include online and via the phone, and data in the AP can be intercepted and compromised by rogue applications. Thus, there exists a need for a secure method of executing a commercial transaction that is both secure and user friendly.
Apple's iPhone 5S brought the biometric fingerprint concept last year and has a secure enclave that stores authentication data for verifying fingerprints input, but Apple has stayed away from including NFC in its phone so far. We have discussed in the past that Apple is not going to completely stay away from NFC and is working on various permutations and combinations involving patent related to NFC.
Quick Flashback on some of our other articles around Apple in Payments: