Emails were sent out last week to an undisclosed number of beta testers for CurrentC, the MCX alternative to Apple Pay (but also any company using NFC technology like Google Wallet), advising that unauthorized third parties had obtained their email addresses. The news came days after MCX retailers pulled in-store support for other third party payment systems.
Not a huge breach, to be sure, but neither a great first branding step for a group that seeks to position itself as a more secure service that customers should feel safe trusting with more of their personal information than ever before.
Spearheaded by retailer giants like Wal-Mart, Rite Aid and Sears, MCX’s CurrentC is designed to compete with or outright replace NCF services like Apple Pay. Apple Pay taxes merchant revenues by 2-5% and keeps the users payment information anonymous during the exchange by using a series of payment tokens.
But the retailers backing CurrentC want that information. The benefit, they argue, is integration with consumer loyalty programs but participating in CurrentC will come at a much higher cost than the old reward card. Before, retailers would have names and payment information, and in the case of loyalty programs, addresses. CurrentC will add to that Social Security Numbers and Drivers Licenses for their users, as well as location-based information.
The CurrentC app itself was not affected in the breach, and a release of leaked email addresses isn’t that critical, but it’s highly ironic given that Wal-Mart pulled support for Apple Pay because they felt that consumers deserved a system that was “widely accepted, secure and developed with their best interests in mind.” And while MCX touts their concern for customer privacy and data security, many of the merchants that are part of MCX have had a troubled history with both.
Considering that we’ve come full circle on a year of data breaches affecting nearly every kind of retailer, from small restaurant chains to big box retailers to high-end stores, it’s understandable that consumers would be leery of letting retailers themselves control the payment transaction, as well as hand over a host of additional personal identifiers they’ve never handed over before.
Past breaches have been mitigated to an extent by thieves getting an incomplete picture of the consumer. CurrentC has created an incredibly tempting target for hackers who, if they can crack the safe, can walk away with everything.