|
|
CurrentC payment system customer emails stolen
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
Contactless payment platform CurrentC has fallen victim to user information theft. Merchants Consumer Exchange (MCX), The company behind the mobile payment system is informing beta users of the service that "that unauthorized third parties obtained the e-mail addresses of some of you." The company claims no other data has been stolen, but the theft calls into question the data security of the not fully operational payment system.
An email send to customers today said that based on investigations by MCS security personnel, that it believes that only email addresses were stolen. It urges customers to not open links or attachments from unknown third parties, that may be sent as a result of the data theft.
A statement from the company confirming the theft said that "we have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users' information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary."
CurrentC's technology will likely launch next year, and compete with Apple Pay and Google Wallet with the support of a number of major retailers including Target, WalMart, Best Buy, CVS, and Riteaid. The company's purchase method uses a QR code-based scheme as opposed to near-field communication, and will also track users' purchase histories and trends. It will likely require entering bank account and routing numbers, whereas Apple Pay and Google Wallet both simply require credit or debit card numbers.
The company has claimed to be subject to US Health Insurance Portability and Accountability Act (HIPAA) data security and reporting requirements, which require that all data collected by the company that is Internet-facing be encrypted as a result of it collecting data potentially related to healthcare. Electronista has learned that the emails stolen were stored in plain text, giving some question to the security claims by the company. The company did act in accordance with HIPAA data breach reporting rules, however.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status:
Offline
|
|
repeat after me: Ha. Ha. Ha.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status:
Offline
|
|
"Electronista has learned that the emails stolen were stored in plain text, giving some question to the security claims by the company." CurrentC could end up being the best thing that ever happened to Apple Pay and Google Wallet.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Nov 2003
Status:
Offline
|
|
H...oh, you beat me to it. Whatever. Ha!
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status:
Offline
|
|
go ahead, give them your social security number. You can trust them.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Aug 2001
Location: Princeton, NJ
Status:
Offline
|
|
LOL I am betting that there are a couple of people at CVS and RiteAid that are feeling pretty foolish right now for having hitched their wagon to these clowns.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Apr 2007
Status:
Offline
|
|
Originally Posted by climacs
go ahead, give them your social security number. You can trust them.
Good comment. Very tasty.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Mar 2007
Status:
Offline
|
|
I don't think any comment could improve on the story itself.....well maybe the look of the C-level execs from Rite Aid and CVS when they found out.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Jul 2006
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Aug 2001
Location: California
Status:
Offline
|
|
Well that was quick.
Thing is, if my data is stored on my device, I only have the chance of it being compromised if somebody steals my phone. Which is passcode and biometrically protected, GPS trackable, will wipe itself automatically after 10 failed attempts to guess the passcode, and I can also remote-wipe if the thief doesn't turn off the network fast enough.
Honestly, the value to the thief is much more likely to be getting the phone wiped and "clean" to sell it quickly than trying to extract my payment data.
If my data is stored in your cloud, may or may not need to worry about my device getting stolen. But if *your* system, which I have no control at all over, gets breached, there goes *all* my data, and it was expressly what the thieves were looking for. In fact, I might not even find out about it, if the hack goes unnoticed for a while.
So yeah, I think I'll take Apple's secure enclave system to giving CurrentC my bank account access, social security number, and entire shopping history. But hey, it's not like the companies in the consortium--Target, Home Depot, for example--have ever had security problems before...
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Jul 2006
Status:
Offline
|
|
If what I read on Yahoo finance was true, CurrentC is tied to your bank account. It's a debit card system, so funds come directly out of your checking account and who is liable if your account info is hacked and they clean out your savings? That's why it has a lower fee.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status:
Offline
|
|
I like the Mashable headline best.... "Stick a fork in CurrentC. It's Done."
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status:
Offline
|
|
@Makosuke - For sure.... and tells you a lot about the priorities of those companies as well, huh? Customer last?
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Feb 2005
Location: New England
Status:
Offline
|
|
Explosion happening...the first pivotal ignition is occurring, that first chemical reaction where oxygen (aka CurrentC) meets heat (aka the media) meets something else (MCX-bound merchants) with a weak affinity to hold on to its electrons (aka customers). The next milliseconds will see individual customers flying off to non-MCX-bound merchants (some electrons escape to ground), or fighting back by being part of the first complete octet with a higher ionization energy (aka stick with credit card and future cc with chip+PIN). Minutes later, there will be ash...formerly know as MCX-merchants, and more entropy in the world (aka smiling CC companies still making their 2%-5%). It's just chemistry unfolding before our eyes.
|
--
Stuke
|
|
|
|
|
|
|
|
Junior Member
Join Date: Jun 2011
Status:
Offline
|
|
Well, what a shower of seas.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|