Slashdot Mirror
Apple Pay Competitor CurrentC Breached
tranquilidad writes "As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a "more secure" payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."
i think for the pilot program the only thing stored is the email addresses. No credit cards or links to checking accounts. I saw that somewhere..
This is the problem with a new system like this. Especially one designed to make more money for the retailers, and give them more access to consumer data.
They simply haven't been at this long enough to be trustworthy or competent at it.
And, historically, many of the vendors involved in the creation of this system have been fairly inept at implementing security, and fairly moronic about reporting it when it happens. Or understanding the severity of it when it happens.
So, sorry guys, I'll trust my bank -- because I know they're operating under at least some laws, and I'll trust VISA more than I'll trust you (because they've been at this for a while) ... but I will never use this system if I have a choice.
This is a payment system which is designed to make them more money, and give them more information to consumer information at point of sale. Which means they've primarily focused on those things, and have proven themselves to have done a terrible job at security.
So, what's in it for us consumers? I'd say nothing at all which provides value to us, other than the shiny baubles and discounts they're offering in return for them getting higher profits, and a much more detailed look at how and where you spend your money -- which they don't currently have since the CC processors don't let them have it.
The people making this new system are interested in it for entirely different reasons. Which means everything they do is for their benefit, and not ours.
Lost at C:>. Found at C.
And I imagine it'll suffer the same fate.
Sorry about the mess.
We have NFC enabled devices at retailers everywhere here in Canada yet Google Wallet only works in the US. Seems they have given up on the idea entirely.
Just CHIP-IN-PIN and be done with it. Tech is amazing at making a mountain out of shit and calling it a better alternative.
Chip-in-pin works with basically every merchant systems, credit card processor, and Bank (or will sooner or later). The fees are dependent on the credit source.
- If the merchant accepts credit cards at all, the credit card fees are built into the cost of the product NO MATTER WHAT (unless they're defrauding the contract of the CC by offering discounts)
- If you pay with debit cards / cash, you pay for the CC fees and its just more net profit for company
- Liability for CC's are on retailers, and at least recourse, buying limits, and some government insurance on checking accounts
- I'd like my bank / CC provider to send notifications on every purchase made either through email (login to actually view info) or SMS / application
All that's left is the new vacuum of change that is flooding into the credit market to fill their pockets during the current industry volatility caused by the death of magstrip / signature and the rise of internet based buying patterns (significantly increasing). Google/Apple/CurrentC/Amazon/PayPal/etc.. all want their hedge into the market so that they can make money from your purchases. They're not altruistic, and their sole benefit for SOME are convenience (but not for me. I like chip-in-pin).
I see room for existing technologies to evolve (mostly to fix the broken internet buying based security limitations) but I don't see myself using google, apple or anyone else in a retail setting besides a recognized merchant service/(credit card for insullation maybe)/bank because hell, the fees are already there and built in, so I may as well use what I'm being charged for anyways, plus I get the reassurance that I know it works (and has for a very long time).
Bye!
That's ok. They just have to wait until the inevitable account-compromising security flaw is discovered and THEN rightfully ban them from the store for potentially exposing their customer's entire bank accounts to theft...
Bottles.
My chief problem is I'm hopelessly conflicted over which group of assholes I want to win and which group of assholes I want to lose.
Well golly gee! It's not like there's not a choice of "none of the above". Ah, but, *Give me convenience, or give me death* :-)
At first I was going to mod this up, but then I thought a bit more about it. Let me give you a better example of what the grandparent was likely getting at:
RealNetworks, Inc. v. DVD Copy Control Association, Inc.
Let's face it, I sincerely doubt that ANY slashdotter uses Realplayer on a regular basis. Most of us file it under "relics of the 90's" or "squandered tech opportunities" or something similar. Had RealNetworks won that case, I sincerely doubt anyone here would have actually purchased or used this application. However, this court case was one where many of us were hoping that RealNetworks would win - not for the amazing software or for the continued growth of RealNetworks, but for the court precedent. If RealNetworks won, it would be the first piece to fall of the problem of legislatively backed DRM. The war would continue, of course, but it would be a start.
I can't speak for the GP, but I concur with his sentiment. I don't think that Apple, Google, or these retailers have my best interest at heart. Not in the slightest. However, they all want the same thing: money. Apple seems generally better about not directly selling marketing data, but there's also no guarantee that they're not doing it under the table. Even without the tin foil hat, Apple may keep all that data in-house, and if iCloud security is any indication, that database security is questionable. Aunt Google, we all know, sells marketing data - they compete just as much with ClearChannel as they do with Microsoft - arguably more so. Retailers have their own science about how to psychologically manipulate you to buy stuff in their store. Apple may be the 'least offensive' in this lineup since their biggest crime is still a matter of speculation, but they're still no saint, even by corporate standards.
Thus, we have ourselves a bit of a conundrum. Even if you and I continue to use cash, the order invariably goes "opt-in, opt-out, alternatives disincentivized, alternatives socially unacceptable, alternatives impossible/illegal". Thus, the question becomes "who do we want blazing that trail?" That's the true question being asked by the GP, and unfortunately, I agree.
Doesn't everyone hate Walmart? Including their customers, suppliers and employees?
You are quite simply wrong. An attempt at a monopoly is illegal too.
Yes it is. That doesn't make me wrong. I didn't claim to outline every aspect of monopoly law. That bit isn't relevant to the point in question.
No, shutting down the CurrentC app wouldn't be a slam dunk antitrust case, but it would absolutely carry antitrust risk-
It is not illegal.
especially if Apple colluded with Google.
Which as already mentioned is highly unlikely.