Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple researching how to enhance security of future QR code Apple Pay transactions

QR codes are already being used for Walmart Pay.

Apple Pay transactions could take place without needing to use NFC, as more evidence surfaces that Apple is strongly considering allowing in-store purchases to take place by securely scanning QR codes.

For years, Apple Pay's transactions with physical retailers relied on the use of NFC, with an iPhone coming close to a payment terminal to perform the purchase as if it is a contactless payment card. While such transactions are quite commonplace, the NFC method isn't the only way Apple is considering how to communicate the payments.

In July, a code leak from the second iOS 14 beta indicated Apple Pay had a new feature on the way for "Code Payment," which would enable Apple Pay transactions to take place via QR codes. By scanning a code displayed in-store, this would instruct the Wallet app to perform the transaction via Apple Pay's servers over its own cellular system.

In a patent granted by the US Patent and Trademark Office on Tuesday titled "Effecting payments using optical coupling," there is more evidence that Apple has considered using the technique for some time.

The filing describes the entire process for a secure transaction, where there isn't any direct communication of sensitive data between the user's device and a retailer's system. Apple reasons that the use of Bluetooth and NFC are still at a potential risk to privacy breaches, due to actively broadcasting a user's transaction data.

There is also the concern that contactless payments are not supported by every payment terminal. For example, retailers who do not have a payment terminal capable of accepting NFC communications.

In the system, Apple proposes a camera could be used to scan and decode "optical codes," which can take the form of a QR code. The code contains a claim number, which the user's device can use to transmit to a clearing house server electronically.

A QR code transaction would be an indirect transaction between customer and retailer, via a clearing house. A QR code transaction would be an indirect transaction between customer and retailer, via a clearing house.

The clearing house system uses the unique claim number to cross-reference with purchase orders placed into the same system by the retailer. A file is sent back to the customer's device containing another code, either as a barcode or another QR code, with a number of identifiers relating to the order and associated data.

At this point, the user is then presented with an authorization screen to confirm they want the transaction to take place, which is then sent back to the clearing house. After that, the clearing house then sends the merchant a communication that the invoice was paid.

With the code being transmitted to a clearing house, Apple suggests there would be a level of anonymization in the process, as it would inform the merchant that the invoice was paid, but not the payer's identity. It is likely that the need for privacy is included is in part due to the original implementation of the patent as being intended for the payment of prescriptions at a pharmacy.

The list of claims includes references to whether a prescription was filled, the anonymization of the prescribing doctor, and the use of pharmacy systems. There are even references to adjusting the number of pharmacy refills in confirmation messages, the issuing of additional instructions from doctors in transmissions, and other medical-related details.

Though the claims largely handle a medical-related transaction, descriptions of the patent further down the filing also talks about more general transactions.

The patent, originally filed on August 18, 2016, lists its inventor as Binu K. Mathew.

Apple files numerous patent applications on a weekly basis, but while the existence of a patent filing indicates areas of interest for Apple's research and development teams, they do not guarantee the existence of a feature in a future product or service.

Aside from the leaks of Apple's potential Apple Pay addition, QR codes are already being used for some payment transactions. Retailers such as Walmart and Kroger have come up with their own mobile wallets and QR-based payment systems, though they are largely only for use via one retailer instead of working for vast numbers, as Apple Pay currently does.

This is also not Apple's only visual code transaction patent. In 2015, it gained patents for an "Invisible optical label for transmitting information between computing devices," namely embedded machine-readable codes that can be captured by another device's camera.

It is thought the patents in that filing explained how the particle cloud pairing system of the Apple Watch worked.



9 Comments

GeorgeBMac 11421 comments · 8 Years

I don't get it....
My experience is that FAR more brick & mortar stores use NFC for Apple Pay than there are QR code POS terminals.   My understanding is that the only ones who use them are places like Walmart and, formerly, CVS -- so that they could use contactless payments but still track their customers and steal their data.   (That's how Target got in trouble:   when they were hacked, anybody who had used a card there also had their personal information exposed as well).

So, what would switching to QR codes do?   The places that use it won't switch to anonymous systems -- so why would I want to bother with ti?

mike1 3437 comments · 10 Years

I don't get it....
My experience is that FAR more brick & mortar stores use NFC for Apple Pay than there are QR code POS terminals.   My understanding is that the only ones who use them are places like Walmart and, formerly, CVS -- so that they could use contactless payments but still track their customers and steal their data.   (That's how Target got in trouble:   when they were hacked, anybody who had used a card there also had their personal information exposed as well).

So, what would switching to QR codes do?   The places that use it won't switch to anonymous systems -- so why would I want to bother with ti?

Possibly, all the stores that don't have active NFC terminals (and there still seem to be a lot) could use the ubiquitous scanner to complete the transaction. Maybe?

Rayz2016 6957 comments · 8 Years

I don't get it....
My experience is that FAR more brick & mortar stores use NFC for Apple Pay than there are QR code POS terminals.   My understanding is that the only ones who use them are places like Walmart and, formerly, CVS -- so that they could use contactless payments but still track their customers and steal their data.   (That's how Target got in trouble:   when they were hacked, anybody who had used a card there also had their personal information exposed as well).

So, what would switching to QR codes do?   The places that use it won't switch to anonymous systems -- so why would I want to bother with ti?

Nobody said they were switching to anything. 


This sounds like a way of paying for something without even taking it to the NFC terminal.  By putting the QR codes on the menu, then folk can order their meals and pay for them at the same time. It means that people who say “But I didn’t have any wine” will no longer be left out of restaurant meet-ups with folk unlucky enough to be their friends. 

Apple already does this in its stores. Lots of small items, such as cables and cases, can be purchased by just scanning the item with your iPhone. The thrill of shoplifting with none of the consequences. 

rob53 3312 comments · 13 Years

mike1 said:
I don't get it....
My experience is that FAR more brick & mortar stores use NFC for Apple Pay than there are QR code POS terminals.   My understanding is that the only ones who use them are places like Walmart and, formerly, CVS -- so that they could use contactless payments but still track their customers and steal their data.   (That's how Target got in trouble:   when they were hacked, anybody who had used a card there also had their personal information exposed as well).

So, what would switching to QR codes do?   The places that use it won't switch to anonymous systems -- so why would I want to bother with ti?

Possibly, all the stores that don't have active NFC terminals (and there still seem to be a lot) could use the ubiquitous scanner to complete the transaction. Maybe?

So they'd have to spend money on getting a QR creator and scanner. Why spend money on technology that's worthless when you could simply buy upgraded POS terminals, almost all of which come standard with NFC?

GeorgeBMac 11421 comments · 8 Years

Rayz2016 said:
I don't get it....
My experience is that FAR more brick & mortar stores use NFC for Apple Pay than there are QR code POS terminals.   My understanding is that the only ones who use them are places like Walmart and, formerly, CVS -- so that they could use contactless payments but still track their customers and steal their data.   (That's how Target got in trouble:   when they were hacked, anybody who had used a card there also had their personal information exposed as well).

So, what would switching to QR codes do?   The places that use it won't switch to anonymous systems -- so why would I want to bother with ti?
Nobody said they were switching to anything. 
This sounds like a way of paying for something without even taking it to the NFC terminal.  By putting the QR codes on the menu, then folk can order their meals and pay for them at the same time. It means that people who say “But I didn’t have any wine” will no longer be left out of restaurant meet-ups with folk unlucky enough to be their friends. 

Apple already does this in its stores. Lots of small items, such as cables and cases, can be purchased by just scanning the item with your iPhone. The thrill of shoplifting with none of the consequences. 

Yeh, very possibly.   That sounds similar to the Bezos vision of checkoutless grocery stores.   I was thinking checkout counter.   But selfcheckout may be where this is headed.