Apple Pay rival CurrentC just got hacked

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Apple Pay rival CurrentC has been hacked.

The mobile payments app — which isn’t even officially out yet — was created for the sole purpose of getting stores away from credit card fees they pay every time you swipe your card.

CurrentC partners CVS and Rite Aid made news earlier in the week for boycotting tap-to-pay technologies like Apple Pay and Google Wallet in favor of their own flavor of mobile payments.

On Wednesday, those taking part in the CurrentC pilot program received a warning from the consortium of anti-credit-card retailers called MCX, or Merchant Consumer Exchange: The program was hacked in the last 36 hours, and criminals managed to grab the email addresses of anyone who signed up for the program.

MCX confirmed the hack, adding what’s become a go-to line for any company that loses your data: “We take the security of our users’ information extremely seriously.”

It’s a rough start for an app that aims to be a competitor to Apple Pay and Google Wallet.

CurrentC has also come under recent scrutiny because of the data it collects on customers. A close look at the app’s privacy policy reveals that signing up will require your “driver’s license number, Social Security number, date of birth” and more “to authenticate your identity.” The CurrentC app promises it doesn’t use such information “for marketing purposes.”

But MCX is free to share with marketers and other companies the rest of the data it collects: your name, home address, email, phone number and actual location at all times. Aside from payments, the app will also deliver coupons and help stores better track shoppers to target them for advertisements.

Apple doesn’t ask for your Social Security number. Google does. But that information is not passed on to retailers. MCX is itself a consortium of retailers.

This latest episode will give CurrentC critics — who cite Apple Pay as better, safer technology — even more ammunition. In an FAQ page, MCX claims “consumers’ privacy and data security are our top priorities.” This hack disproves that notion.

Cherian Abraham, a mobile payments expert, said this CurrentC hack is unfortunate but isn’t reflective of the security of the actual app itself. But it still doesn’t stack up to Apple Pay.

“Nothing comes close to the security apparatus Apple has created,” Abraham said.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.