MCX Breach Shows Stores Can’t Be Trusted With Customer Data

30 Oct 2014 | Author: | No comments yet »

Apple Pay Competitor CurrentC Apparently Hacked.

The maker of digital payments system CircleC, which is preparing to take on rival Apple Pay in checkout lines across the country next year, acknowledged Wednesday that its systems have been breached. A mobile payment program supported by more than 50 national retailers has been breached, according to an e-mail sent to people testing the product, in what could be a setback for what the merchants hope will be an alternative to Apple Pay.The launch of Apple Pay had already turned into mess for CurrentC, a rival payment network backed by Walmart and other retailers—and that was before hackers gained access to the e-mail addresses CurrentC’s pilot users.Apple Pay competitor CurrentC said Wednesday that hackers have gotten their hands on some users’ information, according to a statement from MCX, the service’s developer. Hackers obtained the email addresses of some of CircleC’s pilot users, according to the coalition of retailers developing the system, Merchant Customer Exchange, or MCX.

Linda Walsh, a spokeswoman for MCX, the company building the CurrenC system, tried to play down the problem. “Many of these e-mail addresses are dummy accounts used for testing purposes only,” she said in an e-mail. “The CurrentC app itself was not affected.” MCX has contacted the users involved in the breach and pledges to investigate further. Morgan‘s Tien-tsin Huang, who follows computer services, noted that CurrentC, an electronic payment system competing with Apple‘s (AAPL) Apple Pay, has been hacked. “We just received notification from CurrentC, the merchant coalition’s (MCX) branded wallet, that within the last 36 hours unauthorized third parties obtained some e-mail addresses of pilot users or those requesting invites to try CurrentC,” wrote Huang. Over the last few days, Rite Aid and CVS have stopped accepting Apple Pay because they, along with Walmart, Best Buy and other retailers, exclusively support CurrentC under the e (MCX). The system, which lets customers pay for items with their phones by scanning QR codes, is slated to officially debut next year. “MCX is continuing to investigate this situation and will provide updates as necessary,” the group said in the note. “We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.” The attack represents a black eye for a coalition that’s working to win the trust of consumers and gain an edge over the Apple Pay system. Users will also be asked to embrace features that allow CurrenC to track their physical location, information about their transactions, and other data.

Finally, how consumers fund the wallet will be key, as the app says it will accommodate checking account, select merchant gift cards, credit and debit account funding, but given merchant angst towards the high cost of credit card acceptance, we are unclear on how bankcards can eventually play a role. Apple is aiming to gain wide acceptance for its payment system – – something that has eluded previous efforts by Square Inc., Google Inc. (GOOG) and Softcard. MCX’s privacy policy says it may make commercial deals to acquire personal data from third parties, combining that with data it is gathering on its own to build its service. Apple CEO Tim Cook said Tuesday in an interview with The Wall Street Journal that the situation amounted to a “skirmish.” News of CurrentC’s vulnerability also adds to the less-than-warm reviews of the mobile payment service, which some reviewers say was designed more for the benefit of retailers than for customers.

MCX said the mobile wallet will offer “merchant loyalty programs and instant coupon savings, all stored on the phone and available right at the point-of-sale.” However, MCX said in a blog post that all members of its group have agreed to use CurrentC exclusively, meaning they can’t accept other forms of mobile payments like Apple Pay. We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. CurrentC would be linked with a customer’s debit-card account or a store credit card and require shoppers to scan QR codes — bar-code-like symbols that phones detect with their cameras.

Apple also uses a technique called tokenization: temporary codes, rather than credit card numbers, are used to process payments, which can’t go through unless a user also scans a thumb with an iPhone fingerprint reader. A Federal Reserve study released earlier this year found that while using mobile phones for banking is becoming more common, concerns about the technology were among the primary reasons people cited for staying away. “Consumers appear to be more cognizant of the need to protect the extensive personal information stored on their phones,” the report said. At stake is a mobile-payments market will grow sevenfold to $90 billion in 2017 from $12.8 billion in 2012, according to Forrester Research Inc. (FORR) With Apple Pay already out in the market and functioning, the race is on for competing platforms that are hoping to win over consumers, said Nick Holland, an analyst at Javelin Strategy & Research. “Time is clearly of the essence to win hearts and minds,” he said. “As a retailer, you should be accepting all of these.

She says that payments using near-field communication, the technology behind Apple Pay and other smartphone wallets, have doubled since Apple Pay’s launch last week. But the most important partners are those that people visit multiple times a week, like McDonalds, Chevron, or Duane Reade (which is owned by Walgreens.) The fact that stores are willing to stick with CurrentC even if it means antagonizing Apple customers illustrates how high the stakes are.

Merchants are buying into mobile payments not because people are clamoring for them—few people are—but because they’re hoping to get something in return.

Here you can write a commentary on the recording "MCX Breach Shows Stores Can’t Be Trusted With Customer Data".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site