CurrentC hit by hackers

In a blog post yesterday, Merchant Customer Exchange (MCX), the consortium of retailers developing the CurrentC mobile payment system, revealed that unauthorized third parties were able to gain access to the group’s system and obtain e-mail addresses of people participating in the pilot program as well as others who had expressed an interest. The group said the CurrentC app itself was not affected.

MCX said that its partners were told of the incident and that each of the individuals affected were notified. The group said it was continuing its investigation and would provide updates as necessary. What’s not known is how many e-mail addresses were stolen or which retailers were participating in the pilots.

Dekkers Davidson, CEO of MCX, said deployment of CurrentC would not be affected by the hacking incident and that he was confident in the group’s ability to safeguard consumers’ financial information.

"Our systems have been attacked repeatedly in the last seven or eight days and have withstood far more significant attacks," Mr. Davidson said on a conference call with reporters (via Bloomberg News). "Any kind of attack or incident is one you have to learn from and get stronger."

Numerous studies have shown that consumers are increasingly concerned about data security, although that has failed to appreciably change shopping behavior to this point. The question is whether adoption of a new app such as CurrentC could be hindered with negative press of this kind.

"This kind of hack isn’t like[ly] to install a lot of confidence among skittish customers looking for reassurance that they can safely buy at retailers," Geoff Webb, a senior director with NetQ, told USA Today.

MCX has also gotten some unwanted press of late as retailer members of the group have refused to allow customers to use Apple Pay. In a RetailWire discussion and poll on Tuesday, the overwhelming majority of respondents thought MCX members were making a mistake by not accepting the rival payment technology.

Speaking earlier this week at the WSJD Live Global Technology Conference, Apple CEO Tim Cook said Apple Pay was already the leader in "contactless" payments with more than one million credit cards activated within 72 hours of its launch in the U.S.

BrainTrust

Discussion Questions

Will adoption of the CurrentC app be affected in any way by the press surrounding this hacking incident or the dust up over members refusing to accept Apple Pay? Are you any more or less confident about MCX’s data security measures as a result of the e-mail hacking incident?

Poll

13 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Max Goldberg
Max Goldberg
9 years ago

The adoption of CurrentC is only being affected by its inability to launch. While Apple Pay is available to consumers, CurrentC is vaporware. Vaporware that is being hacked. Not an auspicious start.

That start, combined with member refusal to accept Apple Pay, is a public relations black eye for CurrentC. MCX should have welcomed Apple Pay and saluted it as an alternative to traditional credit cards. It’s the credit card companies and their fees that MCX wants to defeat, not consumers.

Steve Montgomery
Steve Montgomery
9 years ago

CurrentC certainly finds itself in an awkward position. First Apple Pay beats it to the marketplace. Then they have to reveal they have been hacked.

Even though the reports indicate the app itself was not breached, the headlines read hacked or breached. Those are two words consumers don’t want to hear about payment systems.

Paula Rosenblum
Paula Rosenblum
9 years ago

Overall, this is going to fall into the category of “seemed like a good idea at the time.” I don’t know which would be worse for MCX. If consumers adopt CurrentC, retailers are on the hook for fraud. If they don’t, they’ve wasted a lot of time and money.

Retailers outsourced IT often because they realized their job was to be retailers, not technicians. Becoming payment providers just doesn’t strike me as the best idea in the world. A distraction at best.

Ryan Mathews
Ryan Mathews
9 years ago

Of course it will. If the system is hacked before it’s deployed, participating retailers will have to offer ironclad security and compensation guarantees.

As for Apple Pay, I guess that depends on how popular that turns out to be. If there is widespread adoption, refusing to accept it will be an issue.

The whole Friedrich Nietzsche approach (“Whatever doesn’t kill you makes you stronger”) to life might work as a warmup speech to a high school football team but it’s hardly an effective substitute for effective encryption or a balm for the nerves of shoppers who have already had multiple accounts hacked. So, no, I don’t think that you necessarily have a better system simply because you have been successfully hacked. That’s equivalent to saying that people who have been mugged multiple times are safe walking down dark alleys counting their cash.

Camille P. Schuster, Ph.D.
Camille P. Schuster, Ph.D.
9 years ago

The impact to MCX will depend upon how widespread the notice of being hacked is. Since MCX is not widely used yet, the hacking may not make much impact on consumers. However, retailers may rethink their approach. For MCX, it is like getting its gun stuck in the holster during a shoot out.

J. Peter Deeb
J. Peter Deeb
9 years ago

Retailer-controlled electronic payment plans are a bad idea (as confirmed earlier this week). Getting hacked only reaffirms this in my mind. Retailers should stick to marketing and merchandising (their reasons for existing) and let the experts in payment systems develop strong programs that give their customers a choice. Many consumers want single or simple choices when it comes to payments and they want them to be accepted in most places. I still don’t buy the transaction fee point from retailers that lower fees would result in lower prices. That type of efficiency, if universal, will get swallowed up with no price declines.

Ralph Jacobson
Ralph Jacobson
9 years ago

Although mobile payment systems have been around for years internationally, it will take some time for the U.S. marketplace to settle on a dominant service provider. Security threat response will definitely be one major determining factor as consumers begin to migrate to one platform versus another. Consumer confidence (including mine) will grow as rock-solid security and privacy measures prove to be capable of staving off significant breaches.

Jason Goldberg
Jason Goldberg
9 years ago

It’s been a very rough week for MCX and their prospects for future adoption have been materially hurt.

Rite Aid/CVS turning off NFC (and therefore disabling Apple Pay) due to their exclusivity agreements with MCX has definitely hurt its public perception. Adding the breach on top of the already negative sentiment has insured that many consumers’ first exposure to MCX/CurrentC is a strongly negative impression.

From a technical standpoint, the breach is a non-issue. Most retailers have had their e-mail service provider breached at some point, and most of the current e-mail service providers have suffered a breach. And of course, this is during a private beta. The problem is when a significant component of your value proposition is digital security, the optics of this are really bad.

MCX already had an uphill fight to get millions of consumers to trust retailers with their bank information in the best of circumstances. When you add the fact that they got beat to market by Apple, don’t offer the “cool factor” of NFC and now have the negative perception from the exclusivity and security issues this week, I think MCX is going to struggle.

I’m less confident that MCX’s struggles somehow open the door for Apple Pay to become a ubiquitous payment method, as Apple Pay has its own problems.

As popular as Apple devices are, the fact that Apple Pay is only ever going to work on Apple devices means it’s never going to be as ubiquitous as a credit card. Only one million of the first ten million iPhone 6 owners added payment info to Apple Pay, and now that the pent up demand is fulfilled the rate of growth will be slower. Apple claims that it’s already the most popular digital wallet, but the truth is that Starbucks currently has over eight million digital wallet users and does over 6 million digital wallet transactions a week. Interestingly, Starbucks uses a GUI much more similar to CurrentC (QR Code with integrated affinity program).

Apple needs to get a lot more of its users to upgrade to new hardware, get more than 10 percent of them to add payment info, add support for many more credit card issuers (business cards and private label) and come up with a way to support affinity programs if they every want to be more than a novelty that is mostly intended to drive phone sales.

Robert Heiblim
Robert Heiblim
9 years ago

While the awkward response is promoting Apple Pay for the most part, and almost all of these systems get hacked, I think the greatest issue for CurrentC is that after three years it still is not in deployment and the app and interface and its technology are not at the cutting edge. With a late start, it is hard to see why consumers would opt for this especially as they look at the app. There is no guarantee that Apple Pay will be a huge success either, but good execution is required regardless. So far, Apple Pay seems to work when allowed, if CurrentC does not provide a similarly good experience it is in trouble.

Statements like today’s acknowledgement of NFC are not encouraging as a technical change would not be executable in any short time period. Perhaps these retailers need to instead integrate their loyalty systems with other payment systems, and in the end I suspect that will be the outcome.

Ed Rosenbaum
Ed Rosenbaum
9 years ago

We continue to read the same story with a different retail system involved. The story is the same, but there is a different villain each time. I can’t help but think of the old movies or books where the castle where the queen lives protected by a moat is always being attacked. The only thing that changes is the castle and time.

Gene Detroyer
Gene Detroyer
9 years ago

Peter Deep says it best, “Retailer-controlled electronic payment plans are a bad idea … Retailers should stick to marketing and merchandising (their reasons for existing) and let the experts in payment systems develop strong programs that give their customers a choice.”

Bill Davis
Bill Davis
9 years ago

Given the frequency of data breaches in retail this year (e.g., Target, Neiman Marcus, Michael’s, Kmart, Dairy Queen, Staples, etc.), I believe this will have an impact on how people perceive MCX. While the issue itself isn’t a major one, it does get to the heart of the matter, which is, can a retailer consortium bring the technology savvy that leading technology firms can?

In just about every instance that answer has been a resounding no, but with billions of dollars of transactions on the line maybe the retailers will up their game this time. It’s certainly going to be interesting to watch how this unfolds.

James Tenser
James Tenser
9 years ago

Adoption of NFC-enabled wallets seems to be moving ahead slowly. Besides CurrentC and Apple Pay, Google Wallet and Softcard (formerly ISIS) are also engaged in market tests. NFC-enabled card readers are showing up at more POS locations due (I think) to routine replacement cycles, but merchant acceptance is spotty.

Yes, the CurrentC email hack looks bad, but I think there are other reasons why contactless payments are not setting the world on fire. One is limited store coverage. Another may be shopper anxiety about loading their credit and debit card information into a mobile app on a device that is easily lost. If you have to carry a regular wallet full of cards as a backup, the benefits may be seriously diluted.

Bottom line is that mobile wallets are not yet a practical, everyday solution for consumers. The providers are and will be tempting targets for hackers. With $trillions worth of transactions on the line, the banking establishment has plenty of reason to try to outmaneuver the upstarts too.