CurrentC gets user email addresses pickpocketed

CurrentC gets user email addresses pickpocketed

CurrentCThieves may have nicked email addresses out of CurrentC, according to Merchant Customer Exchange (MCX), the group of merchants behind the mobile payment system that’s promising to put up stiff competition against Apple Pay and Google Wallet.

MCX on Wednesday night sent out an email about the breach, which it said happened sometime in the preceding 36 hours, affecting participants in the CurrentC pilot program and individuals who’d expressed interest in the app:

MCX message

Here’s the message in its entirety:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.

CurrentC was already in headlines when retailers involved with the initiative, including CVS and Rite Aid, shut down Near Field Communication (NFC) in their stores over the weekend, locking out NFC-reliant competitors Google Wallet and Apple Pay.

Other MCX members, like Walmart and Best Buy, had already announced that they wouldn’t accept the new mobile payment method.

Customers who had used Apple Pay just fine up until that point suddenly found their e-wallets shut out of the major retailers.

It later emerged that those retail chains, as part of MCX, did so in anticipation of the arrival of CurrentC. CurrentC is built around QR code technology – the bar codes that retailers scan to ring up an order – as opposed to NFC.

The problem, according to the New York Times, was that the terms of the retailers’ MCX contract locked participating companies out of accepting competing mobile payment products like Apple Pay.

It’s just one early skirmish in a war between tech companies, credit card businesses, and retailers over how consumers will pay for things and who’ll get to benefit from the valuable data that credit card companies have been monopolizing: namely, the data regarding where we shop and what we buy.

Forrester sees mobile payments set to explode, pegging it at a potential $90 billion market by 2017.

It’s easy to see why merchants want to elbow Apple and Google out of the way: if they wrestle the ability to track shopping data away from credit card companies, they themselves could deliver to consumers targeted deals and loyalty points, which could in turn boost revenues.

One thing retailers particularly like about CurrentC: the system relies on users’ bank account data, rather than credit cards. Cutting out credit cards could save retailers money, given that they have to pay profit-nibbling transaction fees.

So should we worry about CurrentC getting its fingers into our bank accounts, given the recent data breach?

It isn’t a particularly big data breach – no payment data or other personal information, such as home addresses or phone numbers, were taken. But it’s a sign that our data perhaps isn’t being kept as securely as it should be.

If you’re a CurrentC customer, keep an eye on your emails and watch out for phishers.