“MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked,” Sarah Perez reports for TechCrunch. “The data breach involves the theft of email addresses, but the CurrentC mobile application was not affected, the company confirms to TechCrunch.”
“Within the last 36 hours, MCX says it learned that unauthorized third parties obtained the email addresses of some of its CurrentC pilot program participants and other individuals who had expressed interest in the app,” Perez reports. “MCX says it’s continuing to investigate the situation and will provide more updates as they arrive.”
“It’s unclear at this time how exactly the addresses were stolen. As dummy accounts were taken, too, that would seem to rule out a phishing scheme,” Perez reports. “CurrentC began making headlines recently, when retailers involved with the initiative shut off NFC in their stores… Customers were trying to use Apple Pay at stores like Rite Aid and CVS, where at first Apple Pay-initiated payments were functioning properly, thanks to the retailers NFC-enabled point-of-sale terminals. But then those retailers disabled NFC at their registers, ending their unofficial support for Apple Pay.”
Perez reports, “After a number of high-profile data breaches in recent months, which have seen consumer data stolen from Target, Home Depot, Nieman Marcus, Staples, P.F. Chang’s, Supervalu, and others, there’s a feeling among consumers that retailers should not be trusted with our sensitive information, including payment card data and other personal details any longer.”
Read more in the full article here.
MacDailyNews Take: Smirk.
CurrentC will track users’ purchases — or, it would, if anybody actually uses it, which they won’t because it’s a cumbersome clusterfsck of overly-intrusive bank account access and arduous QR-code scanning laboriousness — and that, tracking users’ purchases, cuts to the issue of what Walmart, CVS, Rite-Aid et al. really want besides more money: They want to know what their customers buy and when they buy it, so that they can hit customers with targeted ads.
Apple doesn’t save your transaction information. With Apple Pay, your payments are private. Apple Pay doesn’t store the details of your transactions so they can’t be tied back to you. That is what Walmart, CVS, Rite-Aid et al. hate about Apple Pay and why they currently won’t accept it.
Boycott non-cash payment systems from any company that willfully turns off NFC in an effort to block the vastly more secure, much more private, and far easier-to-use Apple Pay service.
[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]
Related articles:
Why Walmart, CVS and Rite-Aid really hate Apple Pay: They can’t track your buying habits – October 29, 2014
CurrentC retailers’ conundrum: MCX contract expressly bars Apple Pay acceptance – October 29, 2014
Retailers like CVS and Rite Aid that block Apple Pay are taking a big security risk – October 28, 2014
Apple Pay tussle with CVS, Rite Aid the first shot in mobile payments war – October 28, 2014
In one week, Apple Pay already No. 1; used more than all other mobile payment systems combined – October 28, 2014
Alibaba’s Jack Ma says open to working with Apple on Apple Pay – October 28, 2014
Tim Cook blasts CVS, Rite Aid over Apple Pay blockade: ‘You only are relevant if your customers love you’ – October 28, 2014
Seeking personal data, Walmart, Best Buy, and others won’t let shoppers enjoy Apple Pay privacy – October 27, 2014
Boycott CVS and Rite Aid – October 27, 2014
Bad business: CVS and Rite Aid antagonize their most well-heeled customers by blocking Apple Pay – October 27, 2014
CVS stores reportedly disabling NFC to shut down Apple Pay – October 25, 2014
iPhone users earn significantly more than those who settle for Android phones – October 8, 2014
Yet more proof that Android is for poor people – June 27, 2014
More proof that Android is for poor people – May 13, 2014
Apple’s iOS dominates in richer countries, Android in poorer regions – March 25, 2014
Twitter heat map shows iPhone use by the affluent, Android by the poor – June 20, 2013
iPhone users smarter, richer than Android phone users – August 16, 2011
Yankee Group: Apple iPhone owners shop more, buy more, remain more loyal vs. other device users – July 20, 2010
This will serve very nicely for my daily chuckle.
Haaahaahaaahaaa
Already hacked? And not even in use yet?
CurrentC prediction: Project killed in 3 months. By Jan 29th 2015.
Security by obscurity also hacked!
Wait.
.
.
Wait for it…
.
.
Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahah!
Ok, that’s funny. Your laugh literally went off the website.
Never grows old. Thanks.
I accidentally realized this web page had a horizontal scroll, and I was like WTH, then scrolled down and saw this comment. lol [trollface]
I couldnt help myself. LOL.
CurrentC — if it has value it will be hacked to provide currency for the hackers.
Perhaps the best comment on this page.
Is there a pool on what company will be the first backtrack and announce they are abandoning CurrentC?
I have CVS in under 24 hours.
Schadenfreude!
Here’s an article from yesterday, of someone describing his test of CurrentC’s software
http://www.imore.com/depth-look-currentc-and-personal-data-they-want-collect
To this guy’s horror, CurrentC started spitting out long lists of user data including email addresses, without any authentication of any sort. The list appeared to be all fake/test email addresses, but it’s reasonable to assume real email addresses may have been mixed in wit hit.
Such an obvious security problem will be fixed before it’s released – but it is a really bad indication of the system’s overall design. Security was clearly not a primary concern when designing this system – sharing data was. Mark my words: there are going to be a ton of security breaches when (or if?) this is system goes live, once people really start trying to steal information from it.
Cripes, it doesn’t even exist yet and it’s already screwed up. This thing’s dead before it even launched.
Stillborn
“Srewed up” didn’t stop Winblows.
This is stupid on their part because Rite-Aid already tracks my purchases when I put in my Rite-Aid club number to get their discounts. I’m fine with that when I choose to put it in. I’m not fine with them having (and storing on their computers) direct access to my checking account, and turning off my Apple Pay.
I used the MDN email link, gave them my gold status Rite-Aid ID, and told them they have till December to fix their mistake or I’m taking my business to Walgreens.
SSN fraud. Expect it with this.
Incorrect use of the word “feeling”…
“there’s a feeling among consumers that retailers should not be trusted with our sensitive information”
How about “realization” or “growing awareness”?
This could be the perfect excuse some of these CurrentC retailers need to leave the system.
Sounds like PAY BACK.
I believe they will eventually add support for apple pay. The only way they will survive is if they offer some sort of rewards programs for using there product over apples. $10 for every $100 spent, for example. This is there only hope , IMO.
I”ve the perfect solution to this problem. Go into each of these stores and load up a cart with $1,500 of merchandise and go to checkout and when you pull out your iPhone 6 to purchase using Apple Pay and they state that you can’t use Apple Pay
just walk out leaving the merchandise for them to return to the shelves.
Many have made a similar suggestion. Don’t know about you but my day is WAY to busy and my time way too valuable to waste a bunch of it on doing this.
Yeah, and then instead of buying that, just put a $0.50 candy bar on an Amex so it costs them more in product and running the card than you give them, basically forcing them to sell it at a loss.
Don’t boycott those stores, go in armed only with your iPhone 6/6 plus, no cards or cash — fill a trolley load, get to the sales register. Sorry I only have Apple Pay – promptly leave the store and leave your trolley load at the register. 😉
Better make sure the store really doesn’t support ApplePay lest you end up buying that trolley load. 😀
Frankly, the shopping cart stunt may sound gratifying but to me is a waste of time. Less energy expended by simply boycotting them. That will hurt them immeasurably more. Too bad for the employees who work there, though.
Interestingly, another issue so far not being discussed is how Apple’s presence in this industry has been disruptive. Apple by definition disrupts any technology it chooses to go into. Shaking up Status Quo is beneficial to the Customer but chaotic to competitors. Ultimately endusers benefit from Apple’s thoughtful executions.
News Flash just in:
In a surprise rebranding move, MCX is now DOA.
Now we know where the programmers of HealthCare.gov 1.0 went!
http://wh.gov/icBmj
Something everyone should know about ACH withdrawals from your bank accounts, something I learned to my dismay last year from one of my business accounts when we got our bank statement. We found several large ACH withdrawals that had been made from our account about three weeks prior to receiving our statement. I called the bank to tell them they were not authorized by us. . . and the bank representative informed me that there was nothing they could do about them because we had passed the time to put them in contest. I immediately argued with them as we had just learned about them when we got the statement. I was told that by regulations, there is only a 48 hour window after the time an ACH charge hits your account that you can claim it is fraudulent. After that window closes, YOU ARE STUCK WITH IT! The bank assumes you authorized it and it cannot be reversed!
Since the three charges on our accounts were quite substantial, I immediately went down to the main bank offices (thank God it was a locally owned bank) and pounded on the table a bit. They were quite insistent that the regulations were explicit. 48 hours were all we had to alert the bank of fraud on ACH. I said, “Fine, I’m closing all of our accounts immediately. Prepare cashier’s checks for all balances.” The VP of the bank decided they could make a “one time accommodation” for us, and the bank decided the “eat” the charges this time, but in the future, they would not. They suggest that we go on line daily and check all transactions in all accounts for unauthorized ACH transactions in the future.
How many consumers are going to be willing to do that? Or even know that they are going to be on the hook for any fraudulent ACH transactions they don’t challenge within 48 hours? What if they are in the hospital? On vacation? This is totally unacceptable.
So how do loyalty cards work with ApplePay? Still have to carry them around? As for purchase tracking the CC companies still know how much you spent where (though probably not the content) and they are more secure.. Probably still the least traceable is cash w/o using a loyalty card. That is unless you consider that video surveillance could get advanced enough to link you with your purchase. Or that Walmart proceeds with putting RFID tags on products tracked by your cart or the POS terminal on purchase. Too many other ways to link purchase info to customers these days despite ApplePay anonymity. I think I watch “Person of Interest” too much. 😛