Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > CurrentC payment system customer emails stolen

CurrentC payment system customer emails stolen
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Oct 29, 2014, 12:41 PM
 
Contactless payment platform CurrentC has fallen victim to user information theft. Merchants Consumer Exchange (MCX), The company behind the mobile payment system is informing beta users of the service that "that unauthorized third parties obtained the e-mail addresses of some of you." The company claims no other data has been stolen, but the theft calls into question the data security of the not fully operational payment system.

An email send to customers today said that based on investigations by MCS security personnel, that it believes that only email addresses were stolen. It urges customers to not open links or attachments from unknown third parties, that may be sent as a result of the data theft.

A statement from the company confirming the theft said that "we have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users' information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary."

CurrentC's technology will likely launch next year, and compete with Apple Pay and Google Wallet with the support of a number of major retailers including Target, WalMart, Best Buy, CVS, and Riteaid. The company's purchase method uses a QR code-based scheme as opposed to near-field communication, and will also track users' purchase histories and trends. It will likely require entering bank account and routing numbers, whereas Apple Pay and Google Wallet both simply require credit or debit card numbers.

The company has claimed to be subject to US Health Insurance Portability and Accountability Act (HIPAA) data security and reporting requirements, which require that all data collected by the company that is Internet-facing be encrypted as a result of it collecting data potentially related to healthcare. Electronista has learned that the emails stolen were stored in plain text, giving some question to the security claims by the company. The company did act in accordance with HIPAA data breach reporting rules, however.
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Oct 29, 2014, 01:29 PM
 
repeat after me: Ha. Ha. Ha.
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Oct 29, 2014, 01:31 PM
 
"Electronista has learned that the emails stolen were stored in plain text, giving some question to the security claims by the company." CurrentC could end up being the best thing that ever happened to Apple Pay and Google Wallet.
     
pottymouth
Dedicated MacNNer
Join Date: Nov 2003
Status: Offline
Reply With Quote
Oct 29, 2014, 01:31 PM
 
H...oh, you beat me to it. Whatever. Ha!
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Oct 29, 2014, 01:36 PM
 
go ahead, give them your social security number. You can trust them.
     
wireboy
Fresh-Faced Recruit
Join Date: Aug 2001
Location: Princeton, NJ
Status: Offline
Reply With Quote
Oct 29, 2014, 02:31 PM
 
LOL I am betting that there are a couple of people at CVS and RiteAid that are feeling pretty foolish right now for having hitched their wagon to these clowns.
     
chimaera
Dedicated MacNNer
Join Date: Apr 2007
Status: Offline
Reply With Quote
Oct 29, 2014, 02:44 PM
 
Originally Posted by climacs View Post
go ahead, give them your social security number. You can trust them.
Good comment. Very tasty.
     
zehspoon1
Fresh-Faced Recruit
Join Date: Mar 2007
Status: Offline
Reply With Quote
Oct 29, 2014, 02:59 PM
 
I don't think any comment could improve on the story itself.....well maybe the look of the C-level execs from Rite Aid and CVS when they found out.
     
jdonahoe
Forum Regular
Join Date: Jul 2006
Status: Offline
Reply With Quote
Oct 29, 2014, 03:11 PM
 
That didn't take long.
     
Makosuke
Dedicated MacNNer
Join Date: Aug 2001
Location: California
Status: Offline
Reply With Quote
Oct 29, 2014, 04:13 PM
 
Well that was quick.

Thing is, if my data is stored on my device, I only have the chance of it being compromised if somebody steals my phone. Which is passcode and biometrically protected, GPS trackable, will wipe itself automatically after 10 failed attempts to guess the passcode, and I can also remote-wipe if the thief doesn't turn off the network fast enough.

Honestly, the value to the thief is much more likely to be getting the phone wiped and "clean" to sell it quickly than trying to extract my payment data.

If my data is stored in your cloud, may or may not need to worry about my device getting stolen. But if *your* system, which I have no control at all over, gets breached, there goes *all* my data, and it was expressly what the thieves were looking for. In fact, I might not even find out about it, if the hack goes unnoticed for a while.

So yeah, I think I'll take Apple's secure enclave system to giving CurrentC my bank account access, social security number, and entire shopping history. But hey, it's not like the companies in the consortium--Target, Home Depot, for example--have ever had security problems before...
     
jdonahoe
Forum Regular
Join Date: Jul 2006
Status: Offline
Reply With Quote
Oct 29, 2014, 05:05 PM
 
If what I read on Yahoo finance was true, CurrentC is tied to your bank account. It's a debit card system, so funds come directly out of your checking account and who is liable if your account info is hacked and they clean out your savings? That's why it has a lower fee.
     
Steve Wilkinson
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Oct 29, 2014, 06:01 PM
 
I like the Mashable headline best.... "Stick a fork in CurrentC. It's Done."
------
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
     
Steve Wilkinson
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Oct 29, 2014, 06:03 PM
 
@Makosuke - For sure.... and tells you a lot about the priorities of those companies as well, huh? Customer last?
------
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
     
Stuke
Forum Regular
Join Date: Feb 2005
Location: New England
Status: Offline
Reply With Quote
Oct 29, 2014, 09:23 PM
 
Explosion happening...the first pivotal ignition is occurring, that first chemical reaction where oxygen (aka CurrentC) meets heat (aka the media) meets something else (MCX-bound merchants) with a weak affinity to hold on to its electrons (aka customers). The next milliseconds will see individual customers flying off to non-MCX-bound merchants (some electrons escape to ground), or fighting back by being part of the first complete octet with a higher ionization energy (aka stick with credit card and future cc with chip+PIN). Minutes later, there will be ash...formerly know as MCX-merchants, and more entropy in the world (aka smiling CC companies still making their 2%-5%). It's just chemistry unfolding before our eyes.
--
Stuke
     
PJL500
Junior Member
Join Date: Jun 2011
Status: Offline
Reply With Quote
Oct 30, 2014, 12:22 AM
 
Well, what a shower of seas.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 02:50 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,