Apple Pay competitor CurrentC hacked, alerts pilot program participants of security breach

Posted:
in General Discussion edited February 2015
CurrentC, a mobile payment system that has found itself at odds with both Apple Pay and Google Wallet, announced on Wednesday that it has been hacked and that some users' email addresses may have been obtained.




MCX, the company behind CurrentC, sent out the email on Wednesday, revealing that its security systems were breached by unauthorized third parties within the last 36 hours. The company says its investigations suggest that only users' email addresses were obtained, but not any additional information.

Multiple AppleInsider readers sent a copy of the note that MCX sent to pilot program participants on Wednesday. Currently in trial, CurrentC is expected to launch at some point in 2015.

The system has found itself in the midst of a controversy over both Apple Pay and Google Wallet, as retailers participating in CurrentC are forbidden from offering alternative mobile payment systems. As a result, both Rite Aid and CVS shut down their NFC-based payment systems this past weekend, blocking the recently launched Apple Pay.

Major CurrentC partners include Walmart and Best Buy, and merchants are onboard because the MCX system utilizes users' bank account information rather than credit cards. If CurrentC were to catch on with consumers, it would allow those retailers to avoid paying credit card transaction fees.

In contrast, Apple's newly launched Apple Pay allows users to scan in their existing credit and debit cards, and use them as they wish. It's also compatible with existing NFC-based tap-to-pay technology, which has been offered by retailers for years with existing services like Google Wallet.




Earlier Wednesday, MCX attempted to defend CurrentC with a blog post in which it noted that sensitive customer data is saved in the cloud rather than on a user's smartphone. Given its own security breach and other recent high-profile consumer data incidents, MCX's insistence that its own cloud-based services are secure are likely to be met with skepticism from consumers.

Apple Pay, on the other hand, is anonymized and does not share customer purchasing metrics with retailers. Facilitated through NFC technology, iPhones users can simply take out their handset and authenticate a purchase via Touch ID. On the backend, a secure NFC module monitors for nearby terminals and sends over tokenized payment data from a secure hardware element without need for additional user interaction.

The full email sent out by MCX on Wednesday reads as follows:
Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.
«13456712

Comments

  • Reply 1 of 232
    Well, that's quick. Was it yesterday that someone found out their email check web API was wide open?
  • Reply 2 of 232
    I guess if the emails were in the cloud they would have been safe? LOL
  • Reply 3 of 232
    rob53rob53 Posts: 1,887member

    Didn't take long did it!!!! The fun starts now.

  • Reply 4 of 232
    Lol that's awesome. I think they underestimated the power of the Internet community, and I'm sure there's more hackers hard at work just to shut currentc down
  • Reply 5 of 232
    Okay, the Apple-lover who did this, please raise your hand!
  • Reply 6 of 232
    paxmanpaxman Posts: 4,556member
    They say all PR is good PR, but really, it isn't, is it?
  • Reply 7 of 232
    maestro64maestro64 Posts: 4,168member
    Okay this only getting better need some popcorn for this show.
  • Reply 8 of 232
    [SIZE=4][COLOR=blue]Well, that was awkward![/COLOR][/SIZE]

    It couldn't have happened at a nicer time. :-)
  • Reply 9 of 232
    MacProMacPro Posts: 17,460member
    paxman wrote: »
    They say all PR is good PR, but really, it isn't, is it?

    Well the saying I know is 'There is no such thing as bad publicity'. Public relations is a tad more tricky ... :D
  • Reply 10 of 232
    MacProMacPro Posts: 17,460member
    Okay, the Apple-lover who did this, please raise your hand!

    Haha my exact first thought .... Come on guys alibis needed ....

    Wait a minute ... "found itself at odds with both Apple Pay and Google Wallet ... " Hello .... Gatorguy was it you?
  • Reply 11 of 232
    Quote:

    Originally Posted by macinthe408 View Post



    Okay, the Apple-lover who did this, please raise your hand!

    I just had a vision of Tim Cook standing over some Apple hacker, slapping him on the should and saying "good work, son". ;-)

  • Reply 12 of 232

    Hahahahahaha....wow. Trying to get around the CC companies will most likely end badly for these people. I know I wouldn't want to give my bank account info to them.

  • Reply 13 of 232

    All I could manage to do when I read this headline was giggle.

  • Reply 14 of 232
    This is just hilarious!
  • Reply 15 of 232
    wigbywigby Posts: 671member
    Quote:

    Originally Posted by macinthe408 View Post



    Okay, the Apple-lover who did this, please raise your hand!



    I think this was more of a security lover/protector. Let's just hope that Apple Pay is as secure as they say and as it seems to be in theory.

  • Reply 16 of 232
    chadbagchadbag Posts: 1,053member

    Just tweeted this:

     

    #mcx Secure cloud? You've been hacked already, you're not even launched. A fool and his money are soon parted. #SayNOToCurrentC #ApplePay

     

     

    --

     

    Need to get more #ApplePay and #SayNOToCurrentC tweets out there.

  • Reply 17 of 232

    You're welcome guys. Google Wallet and Apple Pay user. ;):D:smokey:

  • Reply 18 of 232
    Quote:

    Originally Posted by digitalclips View Post





    Haha my exact first thought .... Come on guys alibis needed ....



    Wait a minute ... "found itself at odds with both Apple Pay and Google Wallet ... " Hello .... Gatorguy was it you?

     

    Tim, while in China...



    "I've heard that there are some very good hackers in this country. If that's the case..."

  • Reply 19 of 232
    MacProMacPro Posts: 17,460member
    wigby wrote: »

    I think this was more of a security lover/protector. Let's just hope that Apple Pay is as secure as they say and as it seems to be in theory.

    It would be a long row to hoe hacking each iPhone, assuming you could, one by one. Then you'd be lucky to have any data of any use since each transaction's token is unique.
  • Reply 20 of 232
    Quote:
    Originally Posted by digitalclips View Post





    Haha my exact first thought .... Come on guys alibis needed ....



    Wait a minute ... "found itself at odds with both Apple Pay and Google Wallet ... " Hello .... Gatorguy was it you?

     

    Google Wallet users have just as much at stake as Apple Pay users. I use both but know many people that use Google Wallet that are just as mad about this as Apple Pay users.

Sign In or Register to comment.