Following the fallout and negative consumer reaction after being revealed this past weekend, the CurrentC mobile payment platform has suffered its first security breach, with user and pilot program email addresses being harvested by hackers. The company released the following statement in an email to pilot program users this morning and subsequently confirmed the statement to the media:
Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.
We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.
Prior to the above situation, the CEO of CurrentC attempted to ease concerns regarding the security and privacy of the platform following multiple reports in the wake of this weekend’s NFC shutdown at CVS and Rite Aid locations:
Consumers’ privacy and data security are our top priorities. CurrentC will empower consumers and merchants to make informed decisions regarding how information can be shared through our privacy dashboard. Because we have a number of merchants that have pharmacies, MCX may end up interacting with limited information in the course of processing payments such as location and transaction amount. As a result, MCX is bound by law to adhere to strict rules regarding the privacy of consumers’ information. Our compliance with this law is required by HIPAA. CurrentC does not collect any information from any other apps, or health information stored in the mobile device. The CurrentC privacy policy provides extensive details about the application’s information collection, use, sharing and retention practices and we will continue to be transparent about it.
The latest report on CurrentC filed by the New York Times goes even further, detailing severe financial penalties for merchants affiliated with the MCX working group that continue to accept NFC payments or even attempt to leave the group, which the group has also attempted to deny in an attempt to save face for the platform and the working group. The working group also continues to defend the platform’s cloud-based security for the litany of sensitive customer information required to use the CurrentC service.
These payment systems need to win over the geeks first!
I will never use ISIS / Softcard because carriers blocked Google Wallet in order for their payment system to have a chance.
I think it is funny how everyone is so scared of the first payment system that gains critical mass.