Pipe 2TT2 Apple Pay Rival CurrentC Has Been Hacked

Apple Pay Rival CurrentC Has Been Hacked

by
in security on (#2TT2)
TechCrunch reports:
MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked.
CurrentC is still in its pilot phase. Only emails of the early app testers have been stolen. No payment data or other personal informations. Furthermore since the project is still in the pilot phase, many of those emails belonged to dummy accounts.

Since there might be a war coming between CurrentC, Apple Pay, Google Wallet, and perhaps the established credit card companies, it would be easy to construct a nice conspiracy theory. However: Never ascribe to malice that which is adequately explained by incompetence. And even incompetence does not describe it correctly. The developers of each of those systems on the one side are probably vastly outmatched by the black hats, who try break it, on the other side. And the black hats just need to find one single implementation error, while the developers have to anticipate everything. I cases like this, where real money can be made, the Linus's Law is definitely applicable.

What does it mean for the customers? They should be extra careful. Neither Apple, nor Google, nor MCX have much experience as payment service providers. Their technologies are new and most certainly will have weaknesses, which is bad. But also for the courts these system will be uncharted waters. For a duped user this might even be worse. So before using one of those shiny new and convenient payment options: Read the fine print in the contracts. Check who carries the risk and the burden of proof in case of a misuse.

History


Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /var/pipedot/include/diff.php on line 25

Deprecated: Creation of dynamic property FineDiff::$granularityStack is deprecated in /var/pipedot/lib/finediff/finediff.php on line 217

Deprecated: Creation of dynamic property FineDiff::$edits is deprecated in /var/pipedot/lib/finediff/finediff.php on line 218

Deprecated: Creation of dynamic property FineDiff::$from_text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 219

Deprecated: Creation of dynamic property FineDiff::$last_edit is deprecated in /var/pipedot/lib/finediff/finediff.php on line 372

Deprecated: Creation of dynamic property FineDiff::$stackpointer is deprecated in /var/pipedot/lib/finediff/finediff.php on line 373

Deprecated: Creation of dynamic property FineDiff::$from_offset is deprecated in /var/pipedot/lib/finediff/finediff.php on line 375

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155
2014-10-30 16:32
Apple Pay Rival CurrentC Has Been Hacked
zafiro17@pipedot.org
TechCrunch reports:
MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked.
CurrentC is still in its pilot phase. Only emails of the early app testers have been stolen. No payment data or other personal informations. Furthermore since the project is still in the pilot phase, many of those emails belonged to dummy accounts.

Since there might be a war coming between CurrentC, Apple Pay, Google Wallet, and perhaps the established credit card companies, it would be easy to construct a nice conspiracy theory. However: Never ascribe to malice that which is adequately explained by incompetence. And even incompetence does not describe it correctly. The developers of each of those systems on the one side are probably vastly outmatched by the black hats, who try break it, on the other side. And the black hats just need to find one single implementation error, while the developers have to anticipate everything. I cases like this, where real money can be made, the Linus's Law is definitely applicable.

What does it mean for the customers? They should be extra careful. Neither Apple, nor Google, nor MCX have much experience as payment service providers. Their technologies are new and most certainly will have weaknesses, which is bad. But also for the courts these system will be uncharted waters. For a duped user this might even be worse. So before using one of those shiny new and convenient payment options: Read the fine print in the contracts. Check who carries the risk and the burden of proof in case of a misuse.
Reply 0 comments