Apple Pay Rival CurrentC Has Been Hacked

by
in security on (#2TT4)
story imageTechCrunch reports:
MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked.
CurrentC is still in its pilot phase. Only emails of the early app testers have been stolen. No payment data or other personal informations. Furthermore since the project is still in the pilot phase, many of those emails belonged to dummy accounts.

Since there might be a war coming between CurrentC, Apple Pay, Google Wallet, and perhaps the established credit card companies, it would be easy to construct a nice conspiracy theory. However: Never ascribe to malice that which is adequately explained by incompetence. And even incompetence does not describe it correctly. The developers of each of those systems on the one side are probably vastly outmatched by the black hats, who try break it, on the other side. And the black hats just need to find one single implementation error, while the developers have to anticipate everything. I cases like this, where real money can be made, the Linus's Law is definitely applicable.

What does it mean for the customers? They should be extra careful. Neither Apple, nor Google, nor MCX have much experience as payment service providers. Their technologies are new and most certainly will have weaknesses, which is bad. But also for the courts these system will be uncharted waters. For a duped user this might even be worse. So before using one of those shiny new and convenient payment options: Read the fine print in the contracts. Check who carries the risk and the burden of proof in case of a misuse.

Re: Neither Apple, nor Google, nor MCX have much experience as payment service providers. (Score: 1)

by tanuki64@pipedot.org on 2014-10-30 20:57 (#2TTA)

Maybe. But I really think this is not the same. In their own shops they have at least on one site total control. As payment service provider they are only middleman between unreliable customer and unreliable vendors. Maybe I overestimate the problems, this certainly is not my area of expertise. Nevertheless, before I would use one of those services, I'd wait a year or two and watch the news. I trust neither Apple, nor Google. For different reasons. MCX? Never heard of them before... so they are somewhat of a blank slate to me.
Post Comment
Subject
Comment
Captcha
Seventeen - two equals ?