With Apple Pay now taking off, the service’s biggest competitor CurrentC has just been hacked.
Announced back in September alongside the iPhone 6 and 6 Plus, Apple Pay is the payment service that hopes to replace your wallet. Set to bring all of our payment options together, the benefits of Apple’s new payment project are great.
Except, that is, for Apple Pay’s biggest competitor. Called CurrentC, the Apple Pay rival is run by the retail group MCX (which includes Walmart, Rite Aid and CVS Health) and is connected to people’s checking accounts rather than their credit cards.
CurrentC’s plans to thwart Apple Pay became visible earlier this week when several MCX retailers refused to put Apple Pay systems in their stores, causing severe backlash from critics and consumers. It seems that the service has now hit another snag though, as CurrentC has just been breached by a hack.
Taking place just yesterday, the CurrentC breach enabled hackers to steal user email address. Luckily, as CurrentC is still in testing, those figures aren’t terribly large but as the email address appear to have been stolen via a hack of the service’s backend rather than with email phishing (which tricks users into providing their info) there appears to be plenty to worry about.
In an email to users, MCX said the following,
“In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.”
And, while they also added that they are “continuing to investigate this situation” this will be little solace to those already concerned about the service.
People are already doubting CurrentC because of the large amounts of data it gathers from customers and their purchases, feeding that data back to the retailers and allowing them to use it for profit gains (e.g by changing pricing, marketing and possibly even sharing it with partners). Apple Pay on the other hand is completely anonymous with its data, which some would agree is a much safer option.
So this hack will only validate those concerns then because if they struggle to keep a hold of email addresses now, how will this pan out when payment data and other more precious customer info is in the system? CurrentC is still in testing mode but security will absolutely need to fixed before the service launches.
We’ll keep you posted once we know more.