CurrentC won't let email hack delay launch as it explores NFC

People interested in checking out CurrentC, the mobile payment app from a retailers group that includes Walmart, Best Buy, and other major brands, signed up for the app's email list to get advance news about the launch. But that email list was hacked on Tuesday, leaking the addresses of a slew of early CurrentC testers. The news couldn't come at a worse time for the app, which has incurred the wrath of Apple Pay fans before its public debut.

Merchant Customer Exchange, the retail group behind CurrentC, sent emails to the affected users and disclosed the hack in a Wednesday blog post. On a conference call with reporters, MCX CEO Dekkers Davidson said the attack was perpetrated on its email provider, which he declined to name, and said MCX's systems have fended off a slew of more serious hacking attempts in the last week.

"It does not impact the rollout of CurrentC at all," Davidson said of the hack. "One of the reasons we've launched the way we've launched is to test our systems in a safe environment with our employees. We expected attacks. There have been many attacks. We will deal with them."

Why this matters: When it launches next year, you'll have to authorize CurrentC to access your checking or savings accounts to make mobile transactions at participating stores. MCX says your financial data will be stored in the cloud, not on your phone, and said Wednesday that the leaked email addresses weren't stored in the cloud. But the stakes for mobile payment security are incredibly high, especially when CurrentC requires your driver's license number and Social Security number to verify your identity. So far, MCX isn't reassuring the app's potential users that it has the tools in place to protect their financial information.

CurrentC's plans revealed

MCX CEO Davidson's call with reporters was vague, but the exec did have some new information to share about CurrentC's development.

The merchant group isn't tied to the QR code technology it will use at launch. Davidson said CurrentC has the ability to "pivot to NFC over time," and "started with a cloud-based QR code technology because it allows us to go to market broadly across almost all devices." No support for BlackBerry or Windows devices is planned. The merchant members of MCX are also itching to adopt low-energy Bluetooth solutions, similar to what Apple is working on with iBeacons.

MCX is hammering out agreements with credit card companies and financial institutions (sound familiar?) so CurrentC users can pay with their debit and credit cards. The app was designed to help MCX members like Walmart, Gap, and Target bypass the merchant swipe fees that credit card companies charge per card swipe by hooking into users' bank accounts, but Davidson said CurrentC is actually about deepening the relationship between shoppers and their favorite stores. He added that you can hide your information from stores at any time, or use prepaid cards so retailers don't know who you are.

Contrary to a Wednesday New York Times report, "there are no fines to MCX merchants" who choose to partner with Apple Pay and leave the merchant group, Davidson said. Retailers paid to join MCX and financially backed the app's development, so it's possible that they don't get their money back if they leave the group. Davidson declined to say if any merchants have left. Rite Aid and CVS are sticking with CurrentC--at least for now.

Davidson said mobile payments won't succeed if only one company is pushing them. "We believe it will require two or three strong players in this space" to see mobile payments catch on with consumers, he said. He also said MCX has a "great deal of respect for Apple and Apple Pay."

Join the CSO newsletter!

Error: Please check your email address.

Tags Applesecuritymobile paymentWalMartCurrentCBest BuyApple Pay

More about AppleBest BuyBlackBerryCVSNFCQRRite Aid

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Caitlin McGarry

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place