Email Addresses Purloined In CurrentC Breach

iStock_000029097234Small-300x199Security lapses at the retail point of sale continue to make news. The latest involves CurrentC, one of Apple’s competitors in the hotly contested mobile payment space.
In a business news website CNBC.com post on the recent breach, technology reporter Cadie Thompson writes that CurrentC, a mobile payment system backed by the Merchant Customer Exchange (MCX), “sent out an email to its pilot users stating that an unauthorized third party had obtained email addresses of some of its users, the MCX confirmed to CNBC in an email statement.”
Here are the highlights of Thompson’s post, “Apple Pay Competitor CurrentC Says Customer Email Addresses Were Hacked”:
• CNBC.com says that MCX had confirmed that CurrentC had sent out an email to its pilot users on October 29, 2014, stating that an unauthorized third party had obtained email addresses of some of its users, the MCX confirmed to CNBC in an email statement.
• The CurrentC statement read, in part, “Yes. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.”
• “We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary,” a spokesperson for MCX said in a statement, quoted in the post.
• Several of the large retailers aligned with MCX, including CVS and Rite Aid, made news by disabling CurrentC’s rival Apple Pay technology, thus preventing it from being used in those stores.
• CNBC.com notes that the group of retailers that make up MCX are developing CurrentC because they hope to gain access to more customer data and cut down on the high fees they are required to pay credit card companies for customer transactions.
• CurrentC currently does not allow users to buy things with their credit cards. It only allows users to upload their bank account information to make mobile purchases. Apple Pay, however, enables consumers the ability to make purchases using whatever credit or debit card they wish.
• Apple Pay is NFC enabled, so people can just tap their phone at checkout and go. CurrentC is not NFC enabled. Instead, users are required to use an app to scan a barcode to make the payment.
• Because CurrentC does not require NFC, more smartphones will be compatible with it. Apple Pay only works with the iPhone 6 and iPhone 6 Plus.
• CurrentC also tracks information about a user’s purchase history, a valuable capability for merchants. MCX says that CurrentC users can select what information they want to share with retailers and can opt out of marketing communications.
• In contrast to CurrentC, Apple Pay does not track the buying or spending habits of its users.
Read Thompson’s full CNBC.com post here.
For more insights into point of sale security, check out our related posts, Points of Fail — And How To Avoid Them, EMV Technology Chips Away at Credit Card Fraud, Secure Your Payments Or Pay The Piper, Near Field Communications And Tokenization Behind Apple’s Point of Sale Play, and Best Practices For Securing The Point Of Sale.
Just as Sintel shares our vast point of sale experience and expertise with startup owners in order to help them make the best decisions from the very beginning, we are happy to share articles, advice and commentary about retail point of sale and security.
Whether you’re a first-time franchise hopeful, a small business owner or an established chain, it’s always smart to stay on top of the latest point of sale best security practices to achieve financial success.
If you are interested in learning more about Sintel’s point of sale systems and how our knowledge and support can impact your future success, call us for a complimentary phone consultation.
Sintel Systems is the only direct to end user full-service provider of tailored Point of Sale systems across retail, restaurant and service industries, including frozen yogurt shopspizzeriassushi restaurantscafés and retail stores.
As a single source for business solutions, our experienced, knowledgeable team negotiates the complex POS landscape for you to enable you to find the right POS system for your business and budget. Hardware – Software – Support
Questions or Comments: Contact us 855-POS-SALES www.SintelSystems.com