After all, the retailers — more than 50 in all — are part of a group called the Merchants Customer Exchange (MCX), which is working on its own competing mobile payment system CurrentC. That seemed reasonable.
At least until today.
On Wednesday, it was revealed that the CurrentC pilot program — the thing hasn’t even officially launched yet — had suffered a bit a of a breach, and now email addresses belonging to early-adopter customers had possibly fallen into the hands of bad guys.
SEE ALSO: Blocking Apple Pay Is a Stupid Move for Retailers
No huge cause for alarm, said CurrentC. It was simply contacting all the pilot program participants “out of an abundance of caution.”
Oh. Okay. CurrentC wants to be the secure mobile payment platform for dozens of retailers, thousands of stores and, of course, millions of consumers. But even before officially launching in 2015, they’ve lost important customer information.
Seriously?
CurrentC just proved itself the Keystone Cops of mobile commerce.
To be clear, I get it. CurrentC was dreamed up by the nation’s top retailers before Apple Pay existed, and it was the more attractive solution for them because, perhaps, they could get around paying credit card fees. Of course, to bypass the credit card companies, consumers would have to tie their bank accounts directly to CurrentC.
Right. Let’s digest that for a minute. A company that clearly cannot be trusted with a simple email address now wants access to your actual bank account, where you store your hopes, dreams and money. Not bloody likely.
But wait, there’s more.
Guess who one of the MCX members and CurrentC backers is: Target. You remember them, the bullseye company with the alternately kitschy and creative TV ads. And, in case you forgot, they’re the one that suffered one of the biggest credit card data breaches of all time.
I spoke to Target about Apple Pay and asked them why they allow payments through Apple Pay in their mobile app but not in their stores. A Target spokesperson managed to mention Apple Pay and MCX in the same sentence, but characterized them, more or less, as separate but equal.
That is no longer the case.
Apple Pay is a system that relies on fingerprint scanning, secure element hardware, NFC, unique credit card numbers for every device, and unique identifiers for every purchase made. CurrentC has QR codes and pin numbers. It doesn’t sound like a better solution, but then what do I know? While some merchants do not have NFC-enabled touchless pay systems and others haven’t enabled them, there are merchants like the gallant CVS that went ahead and shut down NFC at all its registers to block Apple Pay.
That seems like a brilliant idea now. Amiright?
Big trouble
As far as I’m concerned, CurrentC has a disaster on its hands, and no one needs this nonsense less than Target. If Target is smart, it is currently gathering up its MCX partners and pressuring them to 1) open the doors to Apple Pay now and 2) kill CurrentC.
Obviously, retailers accepting Apple Pay does not make it the de facto standard. Heck, the NFC-supporting Google Wallet has been around for three years and failed to make a dent. It’s been so unsuccessful that the Google guy who launched it, Osama Bedier, left in 2013 to start his own company.
When asked by CNBC on Wednesday what Google Wallet lacked that Apple Pay has, he essentially said that NFC has matured and Apple has simply timed this launch right. He added, “We were a little early for Google Wallet but for Apple Pay, the timing is much better.”
There’s a lot that goes into a successful product launch: technology, design, marketing, certainly timing. But when it comes to financial apps and services, nothing is more important than trust. CurrentC’s launch package just had all the trust sucked out of it. It had barely lifted off the launch pad when, like that ill-fated Antares rocket, it exploded in air and is in the process of crashing to the ground.
Not so bad, right?
In a last-ditch attempt to save face, MCX hastily pulled together a conference call with reporters. But when it came time for the event on Wednesday afternoon, MCX hadn’t even provided the dial-in phone number. Finally, almost 15 minutes late, we all got the dial-in info.
Once the press conference got off the ground, MCX CEO Dekkers Davidson said they’ve built CurrentC to withstand attacks. “One of the reasons we have launched the way we’ve launched is to test our systems in a safe environment. … We expected attacks. There have been many attacks. And we will deal with them.”
He also clarified that MCX’s email provider had been hacked, not MCX itself. “It did not occur in the CurrenctC app, but we take it very, very seriously,” he added. As I see it, though, how a company chooses its partners can also been seen as a measure of judgment.
“The hack reminds us that there are people that are motivated to steal information,” Davidson said. “Any kind of attack, you have to learn from and get stronger and we will get stronger.”
If Target, Walmart, Rite Aid, CVS and others want to continue to stonewall Apple Pay and let MCX “learn,” that’s fine. It’s their businesses, after all.
Of course, MCX’s resolve is already waning. During the somewhat tense press conference, Davidson said he could envision a world in which Apple Pay and CurrentC worked side-by-side in a retailer. He’s also now leaving the door wide open for the introduction of NFC technology into the CurrentC fold.
Is all that enough?
For consumers the words “data breach” — even if they only refer to email — are akin to “radioactive.” From this point on CurrentC might as well have its offices based in Fukushima, Japan. We’ll look at pictures and read stories about what’s going on there, but no one is going to visit. As of now, I’d be surprised if anyone trusts CurrentC and MCX with their money.
Davidson insisted that this breach “will not slow us down.” But it will, Dekkers, it most surely will.
