Apple Pay’s biggest competitor backed by major retailers has been hacked before it even launched.
Retailers like Walmart, BestBuy, Gap, and CVS are waging a war against Apple Pay with their own mobile wallet solution, CurrentC, but the pending doom of their QR-code solution is looking even more obvious now, as the company just alerted customers that they’ve been hacked.
Customers who signed up to use CurrentC were notified today via email that hackers have “obtained the email addresses of some of you.”
Email addresses were the only information the hackers stole (because CurrentC isn’t even out yet), but we doubt this is going to make shoppers eager to share their social security number and bank account info with MCX’s partners, once the app launches next year.
Here’s the email:
To add a funny twist to the hack, MCX – the company behind CurrentC – published a blog post this morning reassuring customers that their data is safe, because they don’t store sensitives data in the app, it’s up in their super-secure cloud.
“We want to assure you, MCX does not store sensitive customer information in the app. Users’ payment information is instead stored in our secure cloud-hosted network. Removing this sensitive information from the mobile device significantly lowers the risk of it being inappropriately disclosed in a case that the mobile device is hacked, stolen or otherwise compromised.”
Buster Hein is a freelance writer who lives in Phoenix, Arizona. Twitter: @bst3r.
32 responses to “Apple Pay’s biggest competitor has already been hacked”
Hilarious.
Yeah; but look at it this way- anyone worried about their email address getting added to a marketing list probably shouldn’t be online.
I still get emails from people claiming to be the Prince of Nigeria, but I also know if he really wants to talk to me, and send me money, he can pick up the phone.
And let’s hope they’ll only place your Email address in risk in the future.
I’m actually not worried about that. I’ve had my email account hacked before. Tons of spam sent that day. But I went upon my job, and everything is peachy-keen.
Probably an Apple black op
Perhaps. Sometimes the reverse makes the most sense.
I’m starting to think that the new service probably actually be called PayApple (Stylized as Pay). Because in order to use Apple’s product a customer has to Pay Apple $600 for a new phone or device first. It’s a high price of admission to engage in commercial activity and conspicuous spending.
Or they can keep their I phone 5S and buy the Apple watch for almost half that price.
Or… OR… You know, probably just pay with cash or with a plastic card, Right? Because nobody is pushing you to use ApplePay.
Your logic is like saying, “Wow, so to listen to the radio in a car I have to buy a car first? This should be called PayChevrolet”
More likely to be a Reddit or 4Chan plan.
Stop it … I can’t breath … HAHAHAHAHAHA!!!
Because storing credit card info and social security numbers in the cloud is sooo much more secure than storing it within the secure element of the iOS device in question in an encrypted format completely isolated from everything else on the device and likely very difficult or impossible to retrieve even if you had physical access to the device and could manually read the secure element somehow…
Are you being sarcastic or for real? Fck the cloud for storing my financial information. If you can have access to my iPhone to get my financial information, you’d better off hacking Bellagio in Vegas.
First, you must steal my phone without me knowing it…yeah, my phone is in my front pocket.
Second, you must recreate my finger print to unlock the phone and use the right finger print on Apple Pay (what finger: left/right, index/thumb/middle/ring?)
Third, you must do this within minutes because by the time I know my phone’s lost, Find My iPhone will wipe out all content on my Phone.
BTW, my iPhone doesn’t store my CC number in case you’re not informed. So What do you get from it? The answer is NOTHING.;
I’m definitely being sarcastic (emphasis “sooo much more secure”) ;)
MCX = FOOT IN MOUTH.
$10 bucks says the hack wasn’t to steal anything, just a big “fuck you” to CurrentC.
They stole email addresses… Pay me my $10.
I realize they took them, what I’m saying is that wasn’t the sole reason for the hack.
I see what you’re saying. I’m sure “they” hack for the fun of it and stealing any information is just part of the thrill/hacker protocol.
I can’t wait for people to give them their bank routing info, drivers license and complete SS number AND have all their transactions stored in the cloud only to see it get hacked on a weekly basis. This will be the treasure trove target for every hacker on Earth. SMH
Yea…like I’m going to trust them with direct access to my checking account??? That’s NEVER going to happen.
However, they will fail for all of those reasons and because the name of the app is just a bad pun on “currency”.
CurrentC’s pitch to retailers is the availability and ease of accessing customer data.
10/29/2014 MCX: “Users’ payment information is instead stored in our secure-cloud hosted network.”
10/29/2014 MCX: “Within the last 36 hours, we learned that unauthorized third parties [HACKED our secure-cloud hosted network].
FAIL !!!
Good luck with that! :)
Welp! Can’t say we didnt see that coming. I knew these companies were lax on security when they started talking about securing your bank information and SSN with QR Codes.
F = MCX
The point of MCX CurrentC is to obtain your information without having to hack for it. So others will hack MCX and obtain all that info you willingly gave away. Good luck to them!!! NOT!
My debit card has been replaced three times in the past year because companies cannot keep their network secure. Why exactly would they expect me to voluntarily give them my SSN and bank account information so they can store it on their “secure” network when I have never had sensitive information hacked from my device.
Why do stores have a problem against Apple Pay, I don’t get it.
As Puff Daddy once said… “It’s all about the Benjamins”
The real target of CurrentC is not Apple Pay, it’s the credit card companies. They charge retailers 1 – 3.5% of the transaction. If you’re Walmart who processes $million/hr in transactions across their entire fleet of stores, you’d want a system that avoids credit card transaction fees and takes money directly from your clients accounts for nearly free too.
The secondary issue is – Apple Pay does not pass any info along with the transaction. Stores collect that info, like I used to collect baseball cards as a kid. The only difference – they can sell that info and make money off it, and my Mom threw all my baseball cards away! There are estimates that stores can sell that info they collect from your debit/credit cards for about $300/yr/customer.
So, Apple Pay is costing them money in transaction fees, and stopping them from making money selling data (because it doesn’t supply any data).
In comparison, CurrentC will save them on transaction fees, and deliver even more data for them to collect (they will be able to draw almost everything off of your phone, including health data with CurrentC).
From the consumer perspective, there is no fraud protection with CurrentC. If your CurrentC account gets hacked, and your bank account drained, Walmart, CVS & Rite Aid could care less – you deal with it, it’s not their problem!
Because their contract with MCX forbid them to support any mobile payment other than CurrentC.
Because Cloud storage is the most secure solution on the planet. Sure. Just ask Kate Upton or Jennifer Lawrence.
Breaking news: APPLE WINS!!! MCX said they will no longer fine a retailer for accepting Apple Pay. http://techcrunch.com/2014/10/29/mcx-press-conference/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29