Other than mentioning that the store declined the debit card (which is by definition an interaction between the POS and the credit/debit clearinghouse).
But since you've raised the issue, you've shown exactly where you missed the boat.
The exploit is completely OUTSIDE of the POS<->bank interaction. (Cuz, "debit refused"). The exploit occurs in the "call a fake bank, offer up a fake reference number, have the Apple Store drones accept it as proof of a valid credit/debit transaction" phase AFTER the machine-to-machine part.
Apparenly, you've fallen for the same trick the Apple Store drones did: fixating on the machine-to-machine debit transaction (which failed as expected) and completely neglecting the social engineering that followed.