Slashdot Mirror
Apple Pay Competitor CurrentC Breached
tranquilidad writes "As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a "more secure" payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."
Wait until the cops decide that "credit limit" equals "cash on hand".
"How much credit do you have on that there credit card, sir?"
"Um, $28,839.54"
"I have reasonable suspicion that you used your credit to purchase cocaine, online child pornography and uninspected beef steaks. Please hand it over."
The world's burning. Moped Jesus spotted on I50. Details at 11.
I was thinking along those same lines - they compared CurrentC to ApplePay. But, there is another player in field which meets the needs of Android users much as ApplePay for iOS does.
Both ApplePay and Google Wallet protect the consumer and keep them in mind such as by using the protections afforded in the use of a credit card. CurrentC is focused on the mercantile experience and puts all liability for fraudulent transactions squarely on the consumer. Using CurrentC, with its direct access to your checking and bank accounts as well as to your health information, you entire identity could be stolen along with your life savings. This breach highlights why they should not be trusted with your information even if no financial data was compromised this time around (they aren't live yet, right?).
Of course, Apple and Google can shut CurrentC down before they even get out of the starting gate - simply ban them from the app stores. This would prevent the software from being installed on anything iOS other than a jailbroken device. And, if Google choose not to allow it in the store, the only means to install it would be a side-install. Without an ability to have the consumer to install it, it will die pretty quick. Merchants would be forced to reconsider their strategy or face more competition from those merchants who demonstrate a willingness to protect the consumer and use one of the more anonymous systems such as ApplePay or Google Wallet.
As for merchants who say they won't accept credit cards - they do so at their own risk. To me, the smarter move would have been to work with Apple and Google and develop a system that meets merchant needs while protecting the consumer AND get it installed on the widest range of machines. Or, maybe, just rethink their business model.
We should demand similar protection against ALL electronic charges, whether or not credit was involved. Telephone slamming should be included too. Our bank accounts need protection too. The burden of proof should be on those who are responsible for the installing and maintaining the system. Not the little guys who are users of the system.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I don't believe those two things can be reconciled.
The merchants want all of your data, and want to be able to operate with zero liability.
The consumers want security and privacy.
The people developing CurrenC are pretty much at odds with what consumers actually need. Which means this system can never be fixed or trusted, because it's not designed for that.
It's designed to make them more money, and get them more analytics. They don't give a rats ass about the consumer.
They want to be like PayPal ... act like a bank, with none of the liabilities of being a bank, and none of the responsibilities.
This is sort of like trusting the mob to be your financial advisors ... there's pretty much no win for the consumers here.
Lost at C:>. Found at C.
I'll trust Visa more not because they've been at it a while, but because the law gives me a good deal of protection against fraud. CurrentC does not use credit cards, it requires direct access to your checking account. That means none of the legal protections against fraud that apply to credit cards. It also means that if their servers get breached, and that bank account information is stolen, the thieves aren't stealing money from the bank, and the bank responsible for getting it back, but rather, they're stealing my money from my bank account, and it's up to me to get it back. And my bank isn't responsible, and the merchant probably isn't either, according to their terms of service, and the people behind CurrentC are likely a shell corporation with nothing to sue them for.
CurrentC looks, to me, like the biggest bucket of bad ideas in the history of electronic payment.
And, don't forget the part where (in addition to everything you said), the system is also designed to give merchants access to more information about your purchases and buying history.
So, it's a badly written system, designed to tap directly into your account, with no liability on their behalf, coupled with an added amount of access to your information to violate your privacy.
There's really not a damned single thing about this which is in any way good for the consumer ... I'm sure they'll try very hard to get people to use it (and in some cases might actually try to make it mandatory).
I agree, the entire premise of this system makes one go "WTF are you clowns thinking?" This is an insane amount of terrible ideas which have no net benefit to the consumer -- unless they create artificial benefits like their rewards program.
But losing the security of your bank account to people who are too greedy and incompetent to implement security is a terrible idea.
Lost at C:>. Found at C.
That'd probably raise some anti-trust issues, though.
Given CurrentC's complete tone-deafness about what consumers actually want in a mobile payment system (easy, secure, private, pick none?), the best strategy Apple and Google could choose is to keep pushing their respective solutions and ignore CurrentC entirely.
Log in or piss off.