Apple Pay competitor CurrentC hacked, alerts pilot program participants of security breach
CurrentC, a mobile payment system that has found itself at odds with both Apple Pay and Google Wallet, announced on Wednesday that it has been hacked and that some users' email addresses may have been obtained.
MCX, the company behind CurrentC, sent out the email on Wednesday, revealing that its security systems were breached by unauthorized third parties within the last 36 hours. The company says its investigations suggest that only users' email addresses were obtained, but not any additional information.
Multiple AppleInsider readers sent a copy of the note that MCX sent to pilot program participants on Wednesday. Currently in trial, CurrentC is expected to launch at some point in 2015.
The system has found itself in the midst of a controversy over both Apple Pay and Google Wallet, as retailers participating in CurrentC are forbidden from offering alternative mobile payment systems. As a result, both Rite Aid and CVS shut down their NFC-based payment systems this past weekend, blocking the recently launched Apple Pay.
Major CurrentC partners include Walmart and Best Buy, and merchants are onboard because the MCX system utilizes users' bank account information rather than credit cards. If CurrentC were to catch on with consumers, it would allow those retailers to avoid paying credit card transaction fees.
In contrast, Apple's newly launched Apple Pay allows users to scan in their existing credit and debit cards, and use them as they wish. It's also compatible with existing NFC-based tap-to-pay technology, which has been offered by retailers for years with existing services like Google Wallet.
Earlier Wednesday, MCX attempted to defend CurrentC with a blog post in which it noted that sensitive customer data is saved in the cloud rather than on a user's smartphone. Given its own security breach and other recent high-profile consumer data incidents, MCX's insistence that its own cloud-based services are secure are likely to be met with skepticism from consumers.
Apple Pay, on the other hand, is anonymized and does not share customer purchasing metrics with retailers. Facilitated through NFC technology, iPhones users can simply take out their handset and authenticate a purchase via Touch ID. On the backend, a secure NFC module monitors for nearby terminals and sends over tokenized payment data from a secure hardware element without need for additional user interaction.
The full email sent out by MCX on Wednesday reads as follows:
MCX, the company behind CurrentC, sent out the email on Wednesday, revealing that its security systems were breached by unauthorized third parties within the last 36 hours. The company says its investigations suggest that only users' email addresses were obtained, but not any additional information.
Multiple AppleInsider readers sent a copy of the note that MCX sent to pilot program participants on Wednesday. Currently in trial, CurrentC is expected to launch at some point in 2015.
The system has found itself in the midst of a controversy over both Apple Pay and Google Wallet, as retailers participating in CurrentC are forbidden from offering alternative mobile payment systems. As a result, both Rite Aid and CVS shut down their NFC-based payment systems this past weekend, blocking the recently launched Apple Pay.
Major CurrentC partners include Walmart and Best Buy, and merchants are onboard because the MCX system utilizes users' bank account information rather than credit cards. If CurrentC were to catch on with consumers, it would allow those retailers to avoid paying credit card transaction fees.
In contrast, Apple's newly launched Apple Pay allows users to scan in their existing credit and debit cards, and use them as they wish. It's also compatible with existing NFC-based tap-to-pay technology, which has been offered by retailers for years with existing services like Google Wallet.
Earlier Wednesday, MCX attempted to defend CurrentC with a blog post in which it noted that sensitive customer data is saved in the cloud rather than on a user's smartphone. Given its own security breach and other recent high-profile consumer data incidents, MCX's insistence that its own cloud-based services are secure are likely to be met with skepticism from consumers.
Apple Pay, on the other hand, is anonymized and does not share customer purchasing metrics with retailers. Facilitated through NFC technology, iPhones users can simply take out their handset and authenticate a purchase via Touch ID. On the backend, a secure NFC module monitors for nearby terminals and sends over tokenized payment data from a secure hardware element without need for additional user interaction.
The full email sent out by MCX on Wednesday reads as follows:
Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.
In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.
MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.
Comments
Didn't take long did it!!!! The fun starts now.
It couldn't have happened at a nicer time. :-)
Well the saying I know is 'There is no such thing as bad publicity'. Public relations is a tad more tricky ...
Haha my exact first thought .... Come on guys alibis needed ....
Wait a minute ... "found itself at odds with both Apple Pay and Google Wallet ... " Hello .... Gatorguy was it you?
Okay, the Apple-lover who did this, please raise your hand!
I just had a vision of Tim Cook standing over some Apple hacker, slapping him on the should and saying "good work, son". ;-)
Hahahahahaha....wow. Trying to get around the CC companies will most likely end badly for these people. I know I wouldn't want to give my bank account info to them.
All I could manage to do when I read this headline was giggle.
Okay, the Apple-lover who did this, please raise your hand!
I think this was more of a security lover/protector. Let's just hope that Apple Pay is as secure as they say and as it seems to be in theory.
Just tweeted this:
#mcx Secure cloud? You've been hacked already, you're not even launched. A fool and his money are soon parted. #SayNOToCurrentC #ApplePay
--
Need to get more #ApplePay and #SayNOToCurrentC tweets out there.
You're welcome guys. Google Wallet and Apple Pay user.
Haha my exact first thought .... Come on guys alibis needed ....
Wait a minute ... "found itself at odds with both Apple Pay and Google Wallet ... " Hello .... Gatorguy was it you?
Tim, while in China...
"I've heard that there are some very good hackers in this country. If that's the case..."
It would be a long row to hoe hacking each iPhone, assuming you could, one by one. Then you'd be lucky to have any data of any use since each transaction's token is unique.
Haha my exact first thought .... Come on guys alibis needed ....
Wait a minute ... "found itself at odds with both Apple Pay and Google Wallet ... " Hello .... Gatorguy was it you?
Google Wallet users have just as much at stake as Apple Pay users. I use both but know many people that use Google Wallet that are just as mad about this as Apple Pay users.