Just eight weeks after it announced a private pilot mode launch of its customer-centric and secure mobile payment solution, CurrentC, the Merchant Customer Exchange announced its email database has been hacked.
So what does this mean for CurrentC, which was built by leading merchants to simplify, enhance and secure their customers’ shopping experience, and has MCX’s retail members turning its back to Apple Pay?
If this is just the tip of the iceberg, it could spell real trouble for CurrentC, said Tim Erlin, director of IT risk and security strategy for cyber security firm Tripwire.
“One has to wonder if any provisions around security were built into contracts with retailers,” Erlin said. “It was a smart move for CurrentC to build in restrictions on accepting competing payment systems, but incidents like this will make it hard to maintain that stance moving forward.”
However, CurrentC said on its company blog that many of these compromised email addresses are “dummy accounts” used for testing purposes only. CurrentC added that the CurrentC app itself was not affected.
“We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved,” MCX wrote on its blog Oct. 28. “We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.”
The breach happened sometime after Oct. 27, and was discovered within 36 hours.
CurrentC plans regional and national rollouts of its mobile wallet in 2015.
Ken Westin, a security analyst with Tripwire, said the CurrentC system benefits the retailer by allowing them to keep their existing hardware, whereas Apple Pay requires them to upgrade their systems. CurrentC also sidesteps the need for credit cards thereby avoiding the fees, whereas Apple Pay is backed by the credit card issuers and banks.
“The Apple Pay model has been a bit more focused on privacy and security with their technology to help gain traction and trust in the market place,” Westin said. “The CurrentC system is tied to loyalty programs with the retailer and that raises a whole host of privacy and security concerns.”