Apple’s iOS 18.4 beta, rolling out this week to developers, introduces a native Shortcuts action that displays both payment license and barcode simultaneously, enabling sub-second contactless payments at NFC terminals without unlocking the device or opening Wallet—a feature previously limited to third-party apps via entitlements now deprecated in favor of system-level integration.
How the Payment Shortcut Actually Works Under the Hood
The new PAYMENT_DISPLAY action leverages Apple’s Secure Element (SE) directly, bypassing the traditional Wallet app UI layer to inject payment credentials into the NFC controller’s data path. Unlike the legacy ADD_PASS method that relied on PassKit framework calls, this shortcut communicates with the SE via a new com.apple.nfc.payment entitlement granted only to system-signed Shortcuts. Benchmarks from Apple’s internal testing, shared under NDA with select developers and verified through jailbreak telemetry, display average transaction initiation latency of 380ms from shortcut trigger to NFC field activation—40% faster than double-clicking the side button to launch Wallet in iOS 18.3.1. Crucially, the action requires biometric authentication before execution, storing no payment tokens in memory; instead, it triggers a one-time-use dynamic PAN (Primary Account Number) generated by the SE using EMVCo’s tokenization standard v3.1.1.
This architectural shift eliminates the intermediate step where Wallet would render a visual pass for scanning, instead feeding the NFC controller raw ISO/IEC 14443 Type A/B data directly. For developers, the implications are profound: the PAYMENT_DISPLAY action is unavailable in third-party Shortcuts due to entitlement restrictions, effectively recentering payment control within Apple’s ecosystem. Attempts to replicate the functionality using openURL schemes or WKWebView injections fail at the SE level, as the NFC controller ignores non-system-signed payment commands—a hardening measure likely responding to recent research from the CHES 2025 workshop demonstrating side-channel attacks on iOS Wallet’s PassKit interface.
Ecosystem Implications: Platform Lock-in vs. Open Payment Standards
By moving payment initiation to a system-level Shortcut, Apple strengthens its vertical integration although appearing to offer user convenience—a classic bundling strategy under renewed antitrust scrutiny in the EU under DMA Article 6. The move directly impacts Google Pay and Samsung Pay, which rely on Host Card Emulation (HCE) via Android’s Secure Element Access (SEEA) API, a more open architecture allowing third-party apps to provision payment credentials. Unlike Android’s SEEA, which permits multiple SE applets (e.g., for transit, access control and payments) to coexist, Apple’s SE remains strictly partitioned: only one payment applet (Apple Pay) can be active at a time, managed solely by the Secure Enclave Processor.
This divergence has sparked debate in the open-source community. The Linux Foundation’s SEProxy project, which aims to create a vendor-neutral SE API for IoT devices, recently published a white paper arguing that Apple’s approach “creates a payment monoculture where innovation is gated behind platform approval.” Conversely, Apple maintains that the SE’s tight integration is a security necessity, citing the reduction in attack surface: iOS 18.4’s payment shortcut eliminates 12 known PassKit-related CVEs from the past 18 months, including CVE-2025-24085, a logic flaw allowing unauthorized payment token replay.
“Apple’s move isn’t about user experience—it’s about controlling the payment initiation point. By making the shortcut system-only, they’ve closed a loophole that let third-party wallet apps initiate payments without going through Apple Pay’s tokenization service. It’s clever, but it’s also anti-competitive.”
Real-World Performance and Developer Workarounds
In field tests conducted by Ars Technica using an iPhone 16 Pro and Ingenico ICT250 terminal, the payment shortcut consistently activated the NFC field within 350-420ms across 50 trials, with zero failures. The same test using Wallet app launch averaged 620ms. Notably, the shortcut functions even when the device is in Low Power Mode, drawing only 85mA peak current during NFC activation—comparable to Apple Pay’s express transit mode. For developers seeking to build payment-adjacent workflows (e.g., loyalty points accrual pre-payment), Apple provides a new com.apple.shortcuts.payment intent in the Shortcuts API, allowing read-only access to transaction metadata after SE authorization via a callback URL, though actual payment triggering remains prohibited.
This creates a clear bifurcation: consumer-facing payment initiation is now a system monopoly, while post-transaction analytics and UI enhancements remain open to third parties via App Intents. The strategy mirrors Apple’s approach to SiriKit, where core voice command processing is locked down but app-specific intents are extensible. Critics argue this model stifles innovation in areas like programmable money or conditional payments—employ cases actively explored in the Ethereum Community’s ERC-6551 standard for token-bound accounts.
“What Apple has built is technically impressive, but it’s a walled garden masquerading as convenience. True innovation in payments requires open protocols for conditional escrow and multi-party authorization—nothing the current SE architecture supports.”
The Broader Context: AI, Payment Security, and the Chip Wars
This development intersects with Apple’s broader AI security strategy. The iPhone 16 Pro’s A18 Bionic chip includes a dedicated Neural Engine coprocessor that now runs real-time transaction fraud detection models locally, analyzing NFC field anomalies, geolocation velocity, and behavioral biometrics during payment initiation. These models, trained on Apple’s proprietary fraud dataset (anonymized and aggregated across 500M+ Apple Pay users), operate within the Secure Enclave’s memory space, ensuring transaction data never leaves the SE. Latency measurements show the fraud check adds only 15ms to the payment flow—a trade-off Apple deems acceptable given the 63% reduction in card-not-present fraud observed in iOS 18.4 beta users compared to iOS 18.3.
From a silicon perspective, the payment shortcut’s efficiency highlights the growing importance of the Secure Element as a distinct IP block within modern SoCs. Unlike general-purpose NPUs optimized for matrix multiplication, the SE in Apple’s silicon is a hardened, isolated core running a custom RTOS with formal verification proofs for its cryptographic modules—a design philosophy increasingly mirrored in Qualcomm’s Snapdragon 8 Elite and Samsung’s Exynos 2500, though none yet match Apple’s SE integration depth with the main application processor via its proprietary interconnect fabric.
iOS 18.4’s payment shortcut represents a calculated evolution: trading open flexibility for perceived security and speed gains, all while reinforcing Apple’s control over the payment flow. For users, the benefit is tangible—faster, more reliable contactless payments. For the ecosystem, it’s another data point in the ongoing tension between platform integrity and permissionless innovation, a tension that will only intensify as AI-driven fraud detection becomes table stakes in mobile payments.
