MCX CurrentC mobile payment solution hacked – personal information lost

TechCrunch reports that CurrentC, the controversial mobile payments solution backed by retail consortium MCX, has been hacked. CurrentC is currently only being piloted, and is due for launch in 2015.

The CurrentC mobile app itself was unaffected by the hack, but a number of testers’ email addresses were stolen. MCX – a consortium of over 50 retailers including Walmart, Gap, Best Buy, Rite Aid, and CVS – is investigating the situation, and has emailed affected participants in its pilot program.

MCX is launching CurrentC for two major reasons. First, by using its own payment system it can avoid credit card processing fees – typically between 1% and 2% per transaction. Second, by owning the mobile payments system it can collect large amounts of customer data, rather than relying on competitors whose NFC (near-field communication) payment solutions prevent access to personal information.

Following the recent spate of high-profile data breaches, customers are becoming increasingly wary about entrusting their personal information to retailers, and frustrated fans of more secure NFC digital wallets, such as Apple Pay and Google Wallet, have been less than sympathetic to MCX’s plight, as a quick glance at Reddit and other discussion boards will confirm.

Controversy over CurrentC’s bid for market dominance has been rife since its pilot scheme was launched. Although MCX CEO Dekkers Davidson denied that MCX partner merchants were contractually obliged to refuse alternative payment methods, many retailers have refused NFC payment solutions since CurrentC was launched.

The CurrentC app relies on the use of QR codes, and has been derided as a ‘clunky and undesirable’ alternative to Apple Pay ‘based more around solving the retailers’ credit card fee problems than the consumers’ payment friction problems.’

The PCI SSC (Payment Card Industry Security Standards Council) has recently issued guidelines for merchants, describing how they can securely accept mobile payments. For more information on payment card security, please download our free green paper on the PCI DSS (Payment Card Industry Data Security Standard.)

green-papersU (1)