On Wednesday morning, beta testers of the NFC payment system CurrentC received an email from the company, stating that their email addresses may had been compromised by an still-unknown group of online hackers.
CurrentC, which has caused a flurry of controversy over the past several weeks in the light of Apple Pay’s announcement, is the new touchless payment processing app that was launched by the Market Consumer Exchange (MCX) as a way to help customers of chains like Walmart, Target, Best Buy and the Gap to keep all their debit and credit cards accessible from a single swipe on their phone.
The app has been in development for the past two years, and seems to have just barely missed the deadline that was set for them by the Cupertino gadget giant after the debut of Apple Pay at their iPhone 6 event from the Flint Center last month.
Now MCX is already facing what will likely be the first in a series of uphill struggles to fully gain the average consumer’s trust, after an unspecified number of its accounts were hacked (many of which were dummies to test server capacity, according to the email), and stripped of the email addresses attached to each card contained within.
“Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.”
Apple Pay has faced a massive wave of push back from major retailers since first being revealed, many of whom are scrambling to implement their own answers to compete with the virtual wallet so that all transaction fees stay where they have since debit cards first went digital; in the hands of the store that processes each purchase.
As it stands today, merchants have to bear about a two to three percent surcharge every time a customers pays for paper towels with a credit card, a cost of doing business that’s been standard in the industry for almost 30 years. This fee goes right from the retailer into the pockets of the card providers like American Express, Visa, and Mastercard, all of which base a majority of their profit share off the consumer’s desire for an easy, quick, and painless way to settle up at the register.
Apple Pay, and by a much smaller margin, Google Wallet, both threaten to destabilize this model, encrypting the valuable marketing data that stores use to recoup their costs locally on the phone, and removing the requirement for users to reveal any information about themselves except the bare bone requirements needed to successfully process a single payment.
The CurrentC breach comes at a seriously unfortunate moment for its parent companies, who just finished touting the strength of its security in response to allegations that corners had been cut during the stampede to beat out Apple at their own game.
“Consumers’ privacy and data security are our top priorities. CurrentC will empower consumers and merchants to make informed decisions regarding how information can be shared through our privacy dashboard,” said MCX CEO Dekkers Davidson.
“Because we have a number of merchants that have pharmacies, MCX may end up interacting with limited information in the course of processing payments such as location and transaction amount.”
As retailers like Target and Home Depot continue to drop like flies to even the most basic of POS scams, the scramble to implement a system-wide solution to the problem of credit card security is more heated than ever before.
While Apple Pay certainly looks promising, competition from weaker cloud-based options like CurrentC could only further stagnate the effort to finally get our bank accounts out of our back pockets, and onto the phones we keep in front.