People interested in checking out CurrentC, the mobile payment app from a retailers group that includes Walmart, Best Buy, and other major brands, signed up for the app’s email list to get advance news about the launch. But that email list was hacked on Tuesday, leaking the addresses of a slew of early CurrentC testers. The news couldn’t come at a worse time for the app, which has incurred the wrath of Apple Pay fans before its public debut.
Merchant Customer Exchange, the retail group behind CurrentC, sent emails to the affected users and disclosed the hack in a Wednesday blog post. On a conference call with reporters, MCX CEO Dekkers Davidson said the attack was perpetrated on its email provider, which he declined to name, and said MCX’s systems have fended off a slew of more serious hacking attempts in the last week.
“It does not impact the rollout of CurrentC at all,” Davidson said of the hack. “One of the reasons we’ve launched the way we’ve launched is to test our systems in a safe environment with our employees. We expected attacks. There have been many attacks. We will deal with them.”
Why this matters: When it launches next year, you’ll have to authorize CurrentC to access your checking or savings accounts to make mobile transactions at participating stores. MCX says your financial data will be stored in the cloud, not on your phone, and said Wednesday that the leaked email addresses weren’t stored in the cloud. But the stakes for mobile payment security are incredibly high, especially when CurrentC requires your driver’s license number and Social Security number to verify your identity. So far, MCX isn’t reassuring the app’s potential users that it has the tools in place to protect their financial information.
CurrentC’s plans revealed
MCX CEO Davidson’s call with reporters was vague, but the exec did have some new information to share about CurrentC’s development.
The merchant group isn’t tied to the QR code technology it will use at launch. Davidson said CurrentC has the ability to “pivot to NFC over time,” and “started with a cloud-based QR code technology because it allows us to go to market broadly across almost all devices.” No support for BlackBerry or Windows devices is planned. The merchant members of MCX are also itching to adopt low-energy Bluetooth solutions, similar to what Apple is working on with iBeacons.
MCX is hammering out agreements with credit card companies and financial institutions (sound familiar?) so CurrentC users can pay with their debit and credit cards. The app was designed to help MCX members like Walmart, Gap, and Target bypass the merchant swipe fees that credit card companies charge per card swipe by hooking into users’ bank accounts, but Davidson said CurrentC is actually about deepening the relationship between shoppers and their favorite stores. He added that you can hide your information from stores at any time, or use prepaid cards so retailers don’t know who you are.
Contrary to a Wednesday New York Times report, “there are no fines to MCX merchants” who choose to partner with Apple Pay and leave the merchant group, Davidson said. Retailers paid to join MCX and financially backed the app’s development, so it’s possible that they don’t get their money back if they leave the group. Davidson declined to say if any merchants have left. Rite Aid and CVS are sticking with CurrentC—at least for now.
Davidson said mobile payments won’t succeed if only one company is pushing them. “We believe it will require two or three strong players in this space” to see mobile payments catch on with consumers, he said. He also said MCX has a “great deal of respect for Apple and Apple Pay.”