Pay TO tag makes sense. Pay USING tag seems like it could be ruggable. "Pay this 10 sat invoice" (which is a 1000 sat invoice) with no immediate way to verify amount.
Discussion
Behind the scenes, the vault only honours the servers that is running the right code. All requests are signed; if an unknown instance, the transaction won’t go through.
I'm working on a plan to integrate the Ntag424 NFC chips to create a pin protected Nostr event signer. There's room on those chips to also have them sign LN transactions and/or eCash payments. I think the Bolt wallet app can likely be forked to make a combo tap-2-sign/pay MFA solution. Think Yubikey for Nostr and LN.
This enables brings us something we have/something we know levels of state of the art security. I know all this is possible, just need to work it out.
"Trust me bro, this QR code is a 10 sat invoice"
The server behind the QR code is legit, but the presentation could be changed by putting the valid QR code on the "company" page which lies to me.