CurrentC security breached pre release

For MCX's CurrentC, this week is going from bad to worse. The project's aim is to provide a safe mobile payments system that benefits both retailers and customers. CurrentC was announced back in 2012 with a long list of powerful US retailers backing it but has now been shoved back into the limelight on account of the release of Apple Pay. CurrentC security breached pre release

Unfortunately for MCX, it seems to be suffering a bit of stage fright. First came news that MCX retailers, despite the capacity to do so, are not accepting Apple Pay. And now yesterday, a security breach. The news broke that the e-mail addresses of participants in the pilot programs were compromised and  had been accessed by unauthorized third parties. CurrentC beta participants received the following message:

"You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information"

MCX CEO, Dekkers Davidson, held an impromptu press conference later on Wednesday to try and clear up the negative press surrounding CurrentC in the past week. Davidson claims that the CurrentC app itself was not compromised, and placed the blame squarely on the company's email provider(which he refused to name). MCX also published a blog this week which said:

"On the data security side, the technology choices we've made take consumers' security into account at every aspect of their core functionality." 

In the press conference, Davidson also claimed that the breach "does not impact the rollout of CurrentC at all."

He said: "One of the reasons we have launched the way we've launched is to test our systems in a safe environment. We expected attacks. There have been many attacks. And we will deal with them."

Which is fair enough, CurrentC is not live yet, and if it has vulnerabilities it is better for all involved if they are discovered now, rather than in 6 months time. That's why it's important to be vigilant in testing your security with regular white hat testing, something Ensygnia takes very seriously.

"MCX created a problem where there was none. Yes, Apple Pay has created a lot of buzz - but that should be seen as an opportunity for the companies in the mobile payments space, not a threat"

It's not been a good week for CurrentC then, but the other negative PR they garnered this week could have easily been avoided. CVS and Rite Aid's pulling of support for Apple Pay created a story where there was no real need. In the long run MCX retailers will accept the payments their customers want to use. Davidson himself admitted so at the press conference:

"I think that in the future that could be entirely possible, there will need to be two to three strong players in the ecosystem. One won’t simply build the market."

MCX created a problem where there was none. Yes, Apple Pay has created a lot of buzz - but that should be seen as an opportunity for the companies in the mobile payments space, not a threat. Apple Pay has done well to get one million debit or credit cards activated, but that is still only a small fraction of the number of devices that support Apple Pay and barely scratches the surface of the total market. What consumers will want from mobile payments is security and choice - and those are at the heart of what we do at Ensygnia.

By Matthew Taylor

30th October 2014

Related stories around the web

A major Apple Pay rival just had a security breach - Mashable

Answers to your questions - MCX

Here's why CurrentC may defeat Apple Pay - Trustev

MCX says QR payments App will pivot to NFC if necessary, won't fine retailers who break exclusivity - Tech Crunch