Your mother's iPad will take you through the process of creating an Apple ID, but you can also create one on her behalf at Apple's website. Whatever you specify as the country of her mailing address there will determine the Apple Store she becomes associated with.
So the answer to your first question is yes, it is based on the Country/Region you specify when creating a new Apple ID.
The answer to your second question is no, it doesn't matter what you set as the regional localization of your iPad itself. You can change the iPad's localization as often as you like, indeed I do this when moving between the UK and the US. The iPad localization determines things like date and telephone number formatting conventions, spelling dictionaries, and so on.
As an addendum, you can have multiple Apple ID's on a single device. This is kind of annoying to do, but sometimes it's the only way to get an app. In my case, my main Apple ID is linked to the American store, but my London bicycling maps are only available on the British store. So I maintain two different Apple IDs, and when I update my apps I have to type in both passwords and juggle them a bit.
Your mother may not want the hassle of doing that, in which case you are well-advised by @stuffe to keep everything on a single ID.
[EDIT] - This edit revises my answer to:
- more specifically answer the OP's question for their exact scenario
- reduce ambiguity by making clearer the parts of my answer that were more general in nature
1. Answer to OP's exact question/scenario
Yes, your payment details are 100% safe, as you've already set up Apple Pay on your devices prior to doing a jailbreak in future. This is because your card information is not saved to the device. In other words, since the data isn't on the device to begin with, there's no risk of it being accessed from your iPhone, even after doing a jailbreak. The information simply isn't there to steal!
2. Apple's own words re encryption and data protection on jailbroken devices
According to Apple
The secure boot chain, code signing, and runtime process security all
help to ensure that only trusted code and apps can run on a device.
iOS has additional encryption and data protection features to
safeguard user data, even in cases where other parts of the security
infrastructure have been compromised (for example, on a device with
unauthorized modifications). This provides important benefits for both
users and IT administrators, protecting personal and corporate
information at all times and providing methods for instant and
complete remote wipe in the case of device theft or loss.
Source: Apple's iOS Security White Paper, 2014, p8. NOTE: Bold emphasis mine, not Apple's.
As you can see, according to Apple, even jailbreaking a device will not result in non-trusted code or apps being able to access certain areas, such as the Secure Enclave.
More specifically, Apple states:
The Secure Enclave is a coprocessor fabricated in the Apple A7 chip.
It utilizes its own secure boot and personalized software update
separate from the application processor. It also provides all
cryptographic operations for Data Protection key management and
maintains the integrity of Data Protection even if the kernel has
been compromised.
Source: Apple's iOS Security White Paper, 2014, p5. NOTE: Bold emphasis mine, not Apple's.
The Secure Enclave is part of Apple's A7 and later processors. This enclave is documented in Apple Patent Application 20130308838 and also has its own OS called SEP OS.
So, according to Apple, your data is safe.
3. General info about Apple Pay and security
The best way to enter your card information when setting up Apple Pay is to use your iPhone's camera. This is because doing so means your card information is never saved to the device or stored to the photo library. In other words, since the data isn't on the device to begin with, there's no risk of it being accessed from your iPhone.
Once you've set up your device for Apple Pay, your bank (or financial institution) creates a Device Account Number (DAN) which is unique to your device and is encrypted and sent to Apple so they can add it to what's called the Secure Element on your device. This element is totally isolated from iOS and watchOS, is never stored on Apple's servers, nor backed up to iCloud.
It's important to also note that the DAN is never actually decrypted by Apple, they merely perform the action of placing it on your device in its encrypted form.
If you have to manually enter your card information (i.e instead of using your iPhone's camera), this information is also encrypted and sent to Apple servers. Since the information is stored on your iPhone prior to encryption it is theoretically possible that a 3rd party could log this, but the risk of this happening on a non-jailbroken device is 0% because the data (i.e. your card info):
- is stored in encrypted memory
- only stored for a very short period (a few seconds at most)
- is protected by AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
In summary, I don't think it is possible to absolutely 100% guarantee that a hacker could never retrieve your card details, but in reality the risk of this happening is actually from a hacker breaching your bank's systems instead, not from your iPhone.
4. Further reading:
Best Answer
I talked to Apple Support on the phone. They directed me to visit the url:
Under "Account Settings", click "Shipping and billing".
This brings you to a much older Apple website, still styled with aqua controls!
I was able to add a new credit card on this site.
When I return to the Developer Program site, the red banner has gone away.