Apple Pay Rival CurrentC Has Been Hacked

by
in security on (#2TT4)
story imageTechCrunch reports:
MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked.
CurrentC is still in its pilot phase. Only emails of the early app testers have been stolen. No payment data or other personal informations. Furthermore since the project is still in the pilot phase, many of those emails belonged to dummy accounts.

Since there might be a war coming between CurrentC, Apple Pay, Google Wallet, and perhaps the established credit card companies, it would be easy to construct a nice conspiracy theory. However: Never ascribe to malice that which is adequately explained by incompetence. And even incompetence does not describe it correctly. The developers of each of those systems on the one side are probably vastly outmatched by the black hats, who try break it, on the other side. And the black hats just need to find one single implementation error, while the developers have to anticipate everything. I cases like this, where real money can be made, the Linus's Law is definitely applicable.

What does it mean for the customers? They should be extra careful. Neither Apple, nor Google, nor MCX have much experience as payment service providers. Their technologies are new and most certainly will have weaknesses, which is bad. But also for the courts these system will be uncharted waters. For a duped user this might even be worse. So before using one of those shiny new and convenient payment options: Read the fine print in the contracts. Check who carries the risk and the burden of proof in case of a misuse.
Reply 8 comments

Consipracy not so crazy (Score: 0)

by Anonymous Coward on 2014-10-30 18:05 (#2TT6)

Sure, they weren't attached by one of the main competitors, but since the announcement there have been a lot of angry users that don't like this concept. It's at least somewhat likely that one of them is trying to take it down. CurrentC's incompetence only made it easy.

Re: Consipracy not so crazy (Score: 1)

by billshooterofbul@pipedot.org on 2014-10-30 18:22 (#2TT7)

Can a conspiracy really consist of a single act performed by a single individual?

I think you need more than a single actor to commit conspiracy. Even if Apple did it, its not a conspiracy, unless they involved other persons or companies not part of Apple.

Re: Consipracy not so crazy (Score: 0)

by Anonymous Coward on 2014-10-30 19:09 (#2TT8)

A single person, no not really. But all they would need is a partner. As for Apple, whether two employees qualify or the entire company is an entity is a matter of semantics.

What I originally meant was that there may be more motive to this than just trying to steal some information. Is there a better name for that?

Neither Apple, nor Google, nor MCX have much experience as payment service providers. (Score: 1)

by kwerle@pipedot.org on 2014-10-30 20:47 (#2TT9)

... I dunno about that. Certainly Apple and Google have a lot of experience transacting with customers, taking their money and getting them something in return. Hardware, software, media (songs, movies, etc).

OK - that's not exactly the same thing, but it's a lot of closely related stuff.

In addition to that, Apple has let you buy stuff in their stores by just scanning it with your iphone. So they are acting as their own payment service provider.

Re: Neither Apple, nor Google, nor MCX have much experience as payment service providers. (Score: 1)

by tanuki64@pipedot.org on 2014-10-30 20:57 (#2TTA)

Maybe. But I really think this is not the same. In their own shops they have at least on one site total control. As payment service provider they are only middleman between unreliable customer and unreliable vendors. Maybe I overestimate the problems, this certainly is not my area of expertise. Nevertheless, before I would use one of those services, I'd wait a year or two and watch the news. I trust neither Apple, nor Google. For different reasons. MCX? Never heard of them before... so they are somewhat of a blank slate to me.

Bad headline (Score: 1)

by axsdenied@pipedot.org on 2014-10-31 07:28 (#2TTC)

Why the Apple-specific headline?As the summary mentions there are other players in the game. Why not mention them?Or even better have a headline without trying to catch people's attention by playing on Apple fanboyism or Apple hate.

Re: Bad headline (Score: 1)

by tanuki64@pipedot.org on 2014-10-31 07:49 (#2TTD)

Look at the original TechCrunch article. I just shortened their headline. Furthermore the 'war' between the new payment service providers is currently hottest between Apple and MCX with MCX members shutting out Apple's tech.

"Never ascribe to malice..." (Score: 0)

by Anonymous Coward on 2014-11-06 22:56 (#2TY5)

I hate this phrase. It has a folksy, common-sense ring of truth, so it is popular, but it is dangerous. It is exactly the wrong kind of "cynical," designed to keep people in line and to short-circuit thinking.

Who on this site is a fan of that?

The phrase suitable for no one except the intellectually lacking or lazy, full stop. Fuck that.

Let us hear out these wacky theories and dismantle them properly, with evidence and reason.