Retailer-backed MCX Apple Pay rival has already been hacked; testers’ email addresses stolen

“MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked,” Sarah Perez reports for TechCrunch. “The data breach involves the theft of email addresses, but the CurrentC mobile application was not affected, the company confirms to TechCrunch.”

“Within the last 36 hours, MCX says it learned that unauthorized third parties obtained the email addresses of some of its CurrentC pilot program participants and other individuals who had expressed interest in the app,” Perez reports. “MCX says it’s continuing to investigate the situation and will provide more updates as they arrive.”

“It’s unclear at this time how exactly the addresses were stolen. As dummy accounts were taken, too, that would seem to rule out a phishing scheme,” Perez reports. “CurrentC began making headlines recently, when retailers involved with the initiative shut off NFC in their stores… Customers were trying to use Apple Pay at stores like Rite Aid and CVS, where at first Apple Pay-initiated payments were functioning properly, thanks to the retailers NFC-enabled point-of-sale terminals. But then those retailers disabled NFC at their registers, ending their unofficial support for Apple Pay.”

Perez reports, “After a number of high-profile data breaches in recent months, which have seen consumer data stolen from Target, Home Depot, Nieman Marcus, Staples, P.F. Chang’s, Supervalu, and others, there’s a feeling among consumers that retailers should not be trusted with our sensitive information, including payment card data and other personal details any longer.”

Read more in the full article here.

MacDailyNews Take: Smirk.

CurrentC will track users’ purchases — or, it would, if anybody actually uses it, which they won’t because it’s a cumbersome clusterfsck of overly-intrusive bank account access and arduous QR-code scanning laboriousness — and that, tracking users’ purchases, cuts to the issue of what Walmart, CVS, Rite-Aid et al. really want besides more money: They want to know what their customers buy and when they buy it, so that they can hit customers with targeted ads.

Apple doesn’t save your transaction information. With Apple Pay, your payments are private. Apple Pay doesn’t store the details of your transactions so they can’t be tied back to you. That is what Walmart, CVS, Rite-Aid et al. hate about Apple Pay and why they currently won’t accept it.

Boycott non-cash payment systems from any company that willfully turns off NFC in an effort to block the vastly more secure, much more private, and far easier-to-use Apple Pay service.

[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]

Related articles:
Why Walmart, CVS and Rite-Aid really hate Apple Pay: They can’t track your buying habits – October 29, 2014
CurrentC retailers’ conundrum: MCX contract expressly bars Apple Pay acceptance – October 29, 2014
Retailers like CVS and Rite Aid that block Apple Pay are taking a big security risk – October 28, 2014
Apple Pay tussle with CVS, Rite Aid the first shot in mobile payments war – October 28, 2014
In one week, Apple Pay already No. 1; used more than all other mobile payment systems combined – October 28, 2014
Alibaba’s Jack Ma says open to working with Apple on Apple Pay – October 28, 2014
Tim Cook blasts CVS, Rite Aid over Apple Pay blockade: ‘You only are relevant if your customers love you’ – October 28, 2014
Seeking personal data, Walmart, Best Buy, and others won’t let shoppers enjoy Apple Pay privacy – October 27, 2014
Boycott CVS and Rite Aid – October 27, 2014
Bad business: CVS and Rite Aid antagonize their most well-heeled customers by blocking Apple Pay – October 27, 2014
CVS stores reportedly disabling NFC to shut down Apple Pay – October 25, 2014
iPhone users earn significantly more than those who settle for Android phones – October 8, 2014
Yet more proof that Android is for poor people – June 27, 2014
More proof that Android is for poor people – May 13, 2014
Apple’s iOS dominates in richer countries, Android in poorer regions – March 25, 2014
Twitter heat map shows iPhone use by the affluent, Android by the poor – June 20, 2013
iPhone users smarter, richer than Android phone users – August 16, 2011
Yankee Group: Apple iPhone owners shop more, buy more, remain more loyal vs. other device users – July 20, 2010

34 Comments

  1. Wait.
    .
    .
    Wait for it…
    .
    .
    Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahah!

  2. Here’s an article from yesterday, of someone describing his test of CurrentC’s software

    http://www.imore.com/depth-look-currentc-and-personal-data-they-want-collect

    To this guy’s horror, CurrentC started spitting out long lists of user data including email addresses, without any authentication of any sort. The list appeared to be all fake/test email addresses, but it’s reasonable to assume real email addresses may have been mixed in wit hit.

    Such an obvious security problem will be fixed before it’s released – but it is a really bad indication of the system’s overall design. Security was clearly not a primary concern when designing this system – sharing data was. Mark my words: there are going to be a ton of security breaches when (or if?) this is system goes live, once people really start trying to steal information from it.

  3. This is stupid on their part because Rite-Aid already tracks my purchases when I put in my Rite-Aid club number to get their discounts. I’m fine with that when I choose to put it in. I’m not fine with them having (and storing on their computers) direct access to my checking account, and turning off my Apple Pay.

    I used the MDN email link, gave them my gold status Rite-Aid ID, and told them they have till December to fix their mistake or I’m taking my business to Walgreens.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.