If they can assume connectivity it would be best to invert the flow and instead make the Customer receive an invoice ID from the NFC, then work directly with Apple servers to actually pay. Then the Business gets a push notification the invoice was paid.
That way the customer phone never actually sends anything directly to the business, and the only thing sent to the customer is basically public (sure, pay my invoice if you want...)
Skimming happens because you have to enter trusted things into _their_ device w/o any authentication mechanism for the device you're interacting with (the pump).
They are going to accept payments from contactless credit cards as well, so connectivity isn't assumed. If it could be, the flow you describe is brilliant.
That way the customer phone never actually sends anything directly to the business, and the only thing sent to the customer is basically public (sure, pay my invoice if you want...)
Skimming happens because you have to enter trusted things into _their_ device w/o any authentication mechanism for the device you're interacting with (the pump).