Der Spiegel reports that the NSA is following the money trail on credit card purchases and SWIFT bank transactions by monitoring the printer traffic of various banks.
The implications of this 'Tracfin' financial databank of the NSA for privacy are very serious. In January this year, Apple revealed that the App Store had over 500 million accounts on file had over 500 million active accounts. In the recent keynote, Tim Cook announced that number was now 575 million. Although not all of them have credit cards (because Apple allows you not to do so as long as you buy just free apps), it's reasonable to expect a significant portion of them do.
These users are spread across 155 countries in the world. And they buy apps with - credit cards.
In the context of the Wall Street Journal report showing that the NSA has access to 75% of all U.S. Internet traffic, this poses a significant privacy threat as the NSA could potentially have the information to associate spending patterns of each individual on the App Store with content/products/services.
Enter the Passbook. Till now Apple's Passbook was just about familiarizing users and companies (airlines) to the utility of such a system, and hence, the payment itself was not routed through the App Store credit card accounts database. But Apple has big plans to expand Passbook via the new Touch ID and iBeacons Framework (a low power bluetooth framework with significant retail implications) into a complete mobile transaction service. Note the use of the word 'transaction' rather than word 'payments' - as Apple itself allows Passbook passes to make or receive payments.
This has the potential to provide the NSA with detailed information on any purchase made with the same credit card offline(as we do now in retail) and associate it to a person's iTunes account, after which they could easily use their "backdoors" in all encryption to access the contact information (name,phone number, address and any other information Apple has tied to that credit card). This would allow them to target all known purchasers of a particular product or service.
You can read more about this type of privacy invasion which specifically affects mobile payment services in comparison to regular credit card use in retail here.
In some cases, that might help in solving cases like the Boston Marathon bombings (where a large amount of fireworks were purchased) by extracting all electronic correspondence and location information of a large number of purchases of similar products using credit cards in retail, as known to be used in such an event.
The NSA could also make the argument for prevention via large-scale monitoring of purchases of potential weapons in a large area prior to an event, or constantly, by tracking credit card use at retail, connecting it to Apple IDs via credit cards on file, and extracting electronic correspondence such as email, social networking information, and location.
There would be cases which would risk the privacy of individuals wishing to keep private a purchase made even via normal credit card use at retail. At least 500 million App Store customers who could experienced weakened privacy as a result in the future as Apple moves to integrate the Touch ID, Passbook and iBeacons Framework.