Will Apple Pay Benefit From Rival’s Hacking Incident?
Chalk one up for Apple Pay. In what appears to be a major publicity coup for the iPhone maker’s native mobile payments system, a rival mobile payments system called CurrentC was compromised by hackers before it was even officially launched.
CurrentC is the mobile payments system backed by the Merchant Customer Exchange (MCX), a “merchant-owned mobile commerce network built to streamline the customer shopping experience across all major retail verticals.” Although CurrentC has yet to be launched, the mobile payments system recently made headlines when it emerged that drugstore chains CVS and Rite Aid would no longer accept payments through Apple Pay due to the requirement that MCX merchants exclusively offer CurrentC as the only mobile payments option.
“Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app,” asid MCX in a post on its official blog. “Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.”
As a merchant-backed mobile payments system, CurrentC is designed to “leverage valuable data” collected about customers’ purchases. CurrentC relies on readable QR (Quick Response) codes and other technologies that allow users’ purchases to be tracked for loyalty rewards programs and other marketing purposes. According to MCX, CurrentC will store “users’ sensitive financial information in our cloud vault rather than locally on the mobile device.”
In contrast, Apple Pay uses a contact-less Near Field Communications (NFC) technology in lieu of QR codes and makes a point of not saving transaction information in order to keep consumers’ purchase histories private. Apple’s system also stores users’ financial information on an encrypted Secure Element chip instead of online.
On the other hand, both systems appear to use a security feature known as “tokenization” that prevents users’ account data from being transmitted with each transaction. According to Apple, each purchase made with Apple Pay uses a “transaction-specific dynamic security code,” while MCX noted that the CurrentC app will use “a token placeholder to facilitate transactions instead of constantly passing the data between the user, merchant and financial institution.”
While it’s unclear if CurrentC’s recent hacking incident is related to the overall concerns that many have been raised with a system that relies heavily on collecting consumers’ data, at the very least, this data breach gives the app some terrible publicity just as MCX is trying to present CurrentC as a viable option to Apple Pay. But that’s not to say that the debut of Apple Pay has been completely free of problems.
Soon after Apple Pay launched, it emerged that Bank of America was double charging its customers who made purchases through the mobile payments system, CNET reported. Ironically, Apple’s strict policies against collecting users’ transaction records made it impossible for the iPhone maker to rectify any billing errors reported by its own customers, who had to be referred to their respective financial institutions, as reported by CRM Buyer.
However, many Apple Pay users may view this minor customer service hiccup as a tolerable price for the peace of mind that comes with using a mobile payments system that emphasizes users’ privacy. While MCX claims that it takes the security of its users’ information “extremely seriously,” the recent data breach will only heighten many consumers’ concerns about this yet-to-be-released mobile payments alternative to Apple Pay.
Follow Nathanael on Twitter @ArnoldEtan_WSCS