CurrentC, the Apple Pay and Google Wallet alternative, has already been hacked

[Shawn Knight]

CurrentC, a contactless payment system backed by more than 50 major retailers, has been hacked. Parent company Merchant Customer Exchange (MCX) has notified customers that hackers managed to obtain the e-mail addresses of some participating in its beta program.

MCX claims that an investigation into the matter revealed that only e-mail addresses were taken; all other personally identifiable data appears to be safe. The company said they are continuing to investigate the situation and will provide updates as necessary. They also ask that customers be vigilant and not open suspicious e-mails with attachments.

In a separate response to Ars Technica, an MCX spokesperson noted that many of the e-mail addresses that were taken were dummy accounts used for testing purposes only. This obviously rules out the possibility of it being a phishing attack.

MXC failed to disclose how many e-mail addresses were taken.

Unlike other contactless payment systems that use NFC technology to complete a transaction, CurrentC relies on QR codes. When a customer wants to purchase something, CurrentC sends a QR code to their mobile phone which is then scanned by the cashier to complete the purchase.

CurrentC gained widespread news coverage this past weekend when pharmacies Rite Aid and CVS blocked access to Apple Pay and Google Wallet.

While the loss of e-mail addresses isn’t a major concern on its own, the fact that CurrentC is having security issues even before a full public rollout is troublesome.

Permalink to story.

https://www.techspot.com/news/58626-currentc-apple-pay-google-wallet-alternative-has-already.html

 

[fimbles]

I will be sticking to my old chip and pin debit card. Stick card in hole, enter pin, done.

No faffing with unlocking phone, opening app, Receiving QR code, give phone to cashier while she scans it.. ect..

 

[Heihachi1337]

Rule one of internet security - if it is connected to the internet, it WILL be hacked. It is only a matter of when and how.
I think I will stick to my chip and pin as well.

 

[Gamesinner]

Rule one of internet security - if it is connected to the internet, it WILL be hacked. It is only a matter of when and how.
I think I will stick to my chip and pin as well.

You know for the life of me I can't understand why so many governments and businesses can't understand such a simple network security policy. If your information is so valuable that you don't want the wrong people to get a hold of it then don't put it on networks that are connected to the internet.

 

[Skidmarksdeluxe]

Contactless payments? Does this mean that the bartering system I'm so familiar with is dying? It seemed so much more secure than this new fangled system . XD

You know for the life of me I can't understand why so many governments and businesses can't understand such a simple network security policy. If your information is so valuable that you don't want the wrong people to get a hold of it then don't put it on networks that are connected to the internet.

One would think so but unfortunately it's not just as simple as that.

 

[Guest]

I'll just stick to using Currency.

 

[Guest]

Yeah, go to a dealership with 5 or more thousands of dollars for making a down payment. Oh, yeah, you could write a cheque which is even more prone to thieves....

What the NFC reading does is remove the magnetic strip in the back, that can be skimmed by cons.

 

[captaincranky]

Yeah, go to a dealership with 5 or more thousands of dollars for making a down payment....[ ].....

Sure, why not? Just take your cash, your gun, and make sure you're not followed.

That's most likely the best way to deal with Craig's List as well.

Oh wait, I forgot, nobody can afford to pay cash for things these days. Never mind....