This specific demo doesn't actually send payment data over audio, just a link to pay from. Post-payment would still go though signed stripe webhooks like a normal online payment.
Seems like an interesting way to start a transaction without needing to buy any specialized equipment.
You don’t need to read the payment data. I think a phishing/spoofing attempt may be possible by playing a louder or directional ultrasonic message to introduce an alternate payment url. Or you may be able to accomplish a denial of service via jamming.
(If some one knows more, please step in and comment.)
I’m guessing some of these could be issues with NFC too but from what I have skimmed online it seems both the tag and receiver would need to be modified to work at larger than normal distances of “1-5cm”[1]. Also much more power is needed to extend the range of NFC than sound since sound strength diminishes with the square of the distance and, from what I have skimmed, magnetic induction used by nearfield NFC diminishes with the cube of the distance [2][3].
Seems like an interesting way to start a transaction without needing to buy any specialized equipment.