You can do anything you want on the phone without using Touch ID at all. The fingerprint sensor is not a necessary factor in their implementation, while the passcode is.
I can't try because Apple Pay isn't available here yet. According to this support document it works without Touch ID (emphasis mine):
> To help ensure the security of Apple Pay, you must have a passcode set on your device and, optionally, Touch ID. [...] To send your payment information, you must authenticate using Touch ID or your passcode.
A fingerprint, like any piece of data, is handled at the lowest levels as a number. A number with some constraints, but a number.
By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box. Further, it's also possible to take fingerprints through social engineering, or by getting at the database of a company that uses fingerprints as security. Five bucks says someone's already storing a bunch of fingerprint data as plaintext.
>By feeding numbers into the scanner instead of fingers, you can accomplish the same effect as feeding random strings into a password box.
Isn't this exactly why they DON'T allow you to use the iPhone with a potentially tampered with HW/TouchID -- e.g. the very feature/issue we're discussing?
The fact that you need to enter PIN right after boot, just shows that they use "two factor authentication" to make it even more secure.
It doesn't IN ANY WAY show that TouchID is "the less secure authentication" method of the two.