Are there any systems that would allow the customer to supply the QR Code for a wallet? The merchant would enter all of the payment details and just scan the customers QR to receive payment, preferably with password authentication much the same as the Chip & Pin system for card payments only with QR Codes.
Not yet as far as I know but there will be.
"ECDSA signing tags" could permit simple and fast payment at brick-and-mortar stores, and reduce the risk of zero-confirm fraud. A host device (for example a merchant's PoS system) would query the tag for its bitcoin address, look up this address's unspent outputs in the blockchain, and then create a raw transactions that spends the appropriate amount of funds from the tag's address to the merchant's address. After the tag receives a signature request for this raw transactions from the host device, the tag would check the request against a set of rules and sign the transaction, provided none of the rules are violated. User-defined signing rules could permit various levels of security from none (sign all requests), to locking the spend addresses, limiting the value of transactions, and requiring a password from the tag’s owner or cryptographic authentication from the host.
These "ECDSA signing tags" could be interoperable with existing PoS systems that support contactless (e.g. Visa PayWave) and contact smart cards (e.g., standard chip-and-pin technology). I am working on an NFC project now called "sigsafe". This tag could be used as a "tap-and-pay" device at a bitcoin-enabled PoS system. The merchant would enter the amount owing and the customer would scan his tag to pay. The sigsafe would check that the transaction didn't violate any spending rules (for example a per-transaction maximum or a daily spend limit), and, if the transaction request was allowed, would return the signature to the host. The host would then broadcast the transaction to the network.
A second advantage of the merchant constructing the raw transaction is that they can reduce the risk of zero-confirm fraud. Not only is the legitimate TX highly likely to be broadcast first, but it can be constructed in a manner such that it will be accepted into mempool by vast majority of the network (e.g., it won't send outputs to on-chain gambling sites that are blacklisted by certain mining pools).
