little off topic, but I'm trying to spread the word ...
Merchants eat fraud. CC authorization is not a guarantee, just a requirement.
Stolen CC numbers are used fraudulently for card-not-present transactions. It's not the card or device that is the problem.
Current model has the merchant as agent, takes your number and such, sends it to processor. Then, for recurring transactions, card on file, or refund to same card, merchant has to store (encrypted) card info.
Proper model would be a three party transaction: card holder swipes and card info is encrypted and sent to processor. If approved, processor gives a transaction ticket number to merchant. That ticket is good only for use by that merchant, and only for refunds or if cardholder approved recurring charges at time of authentication / authorization. Merchant can store all that's needed but if it's stolen it's useless.
This is emerging as "tokenization." But the card issuers and processors are dragging their feet on it. You'd think they'd be all for it, but remember they have shifted all the losses to merchants and add more of their fees. So they make money on fraud. Their risk is non-payment of the account.
Presently, security depends on every Ma & Pa retailer to implement 200 pages of extremely technical network, firewall, auditing, and secure IT transaction details which are so complex most experts can't get it all right. It's as if Eisenhower had secured the D-Day plans by telling all the soldiers and disseminating security standards for each of them to follow.
Insane, and it starts with Congress letting the credit card issuers off the hook. They have de-facto police powers to "fine" merchants and now a part of their revenue is the fines and all the licensing fees paid by authorized security auditors and network scanning companies -- 10's of thousands per year from each.
Pure Orwell. I hope Apple is pondering a complete rethink of the payment model.