Chase and MasterCard Jump Into Mobile Payments

itwbennett writes: JP Morgan Chase said Monday that it plans to launch its own smartphone payment platform in mid-2016. 'Chase Pay will be based on CurrentC, a retailer-led mobile payment system that has largely been written off by Silicon Valley techies for its reliance on barcodes rather than the more sophisticated NFC (near-field communications) technology adopted by its competitors,' writes Martyn Williams. CurrentC, and therefore Chase Pay, is compatible with a much larger number of smartphones than the rival services from Apple, Google and Samsung. Meanwhile, MasterCard announced a program that aims to turn any type of gadget into a payment device, from car keys to fitness trackers.

I don't get this

Why would anyone want to pay with a phone? How is it any more convenient than paying by card or cash?
Not to mention the enormous invasion of privacy which gives them all the info about your finances.

Re:I don't get this

Probably the same folks that want their phone to also be their camera, scrap book, navigator, ankle monitor, baby sitter, entertainment system, game console, life coach, personal trainer, best friend, movie critic, personal secretary, auto mechanic, valet, restaurant guide, and status symbol.

Personally, I want to be able to pay with my penis. It's probably the only thing I have that I will notice if it is lost or stolen.

Re:I don't get this

[JackieBrown]

Why would anyone want to pay with a phone? How is it any more convenient than paying by card or cash?
Not to mention the enormous invasion of privacy which gives them all the info about your finances.

Well, if you are using the app directly from the credit card company / bank, I imagine the privacy factor is about the same whether using a card or a phone. I'd much rather carry my phone around and leave my credit cards at home. It's easier for me to keep track of my phone and I notice if it is missing much faster than if a card (or wallet) is missing.

Hopefully the apps from the bank work with rooted phones. I haven't had a chance to use this tech yet (even though I have a Note 5) since I rooted my phone - which stops Samsung and Android Pay from working.

Re:I don't get this

[JonahsDad]

Hopefully the apps from the bank work with rooted phones. I haven't had a chance to use this tech yet (even though I have a Note 5) since I rooted my phone - which stops Samsung and Android Pay from working.

This is not entirely true. To add a credit card to Android Pay it was necessary to unroot my phone. Once the card was added, I re-rooted my phone. Android Pay still works.

Re:I don't get this

[Calydor]

It will be so nice standing in a busy supermarket about to pay only to realize you forgot to charge your phone, won't it?

Re:I don't get this

Personally, I want to be able to pay with my penis.

Ah. So not looking to make any big purchases, then?

Re:I don't get this

[JackieBrown]

It will be so nice standing in a busy supermarket about to pay only to realize you forgot to charge your phone, won't it?

Or forgot your wallet? That happens to me more often than not having a charged phone. Granted, everyone's mileage will vary with this as with anything else.

Re:I don't get this

[Applehu+Akbar]

"Why would anyone want to pay with a phone?"

Whenever you hand your credit card to a clerk, there is a possibility that it could be scammed. Your card information could go into the retailer's database, which can eventually be hacked, compromising millions of people at once.

Phone payment systems, on the other hand, can be set up so that only a one-time code gets transmitted to the retailer. It can't be used for anything after the one transaction, and there is nothing to store in a vulnerable database.

Re:I don't get this

[AmiMoJo]

Most banking apps seem to work on rooted devices, but Lloyds bank's does not. It tells you to use their web site via your mobile browser instead. That's why I left Lloyds bank.

Re:I don't get this

Phone payment systems, on the other hand, can be set up so that only a one-time code gets transmitted to the retailer. It can't be used for anything after the one transaction, and there is nothing to store in a vulnerable database.

EMV provides a similar one-time code. No phone required.

Re:I don't get this

Personally, I want to be able to pay with my penis.

Ah. So not looking to make any big purchases, then?

Your mom accepted it, and she's enormous.

Re:I don't get this

[ancientt]

While this is true, the problem is that it's still often normal to hand your card to a clerk rather than inserting it for a chip transaction. Even where that's not the case, it wouldn't take much for someone to use cameras to gather the information necessary to use EMV cards fraudulently online.

Re:I don't get this

Ah yes, the "I'm going to set up a camera to photograph your credit card because that's quicker and easier than hitting you in the head stealing your phone/purse/wallet" gambit. Oldest trick in the book.

Re:I don't get this

[ancientt]

Good points. I'd add these:

• Phones have PINs or passwords or fingerprint access protections
• A phone may have several, even dozens, of financial institutions as sources to pay from (I have a half dozen cards, most of which I'm not usually carrying)
• Phone based payment systems can add multiple layers of authentication cards can't
• A picture of both sides of your card are sufficient for internet fraud, but not with phones

Re:I don't get this

We don't hand our cards to anyone any more, ever since we started having to enter a pin.

Re:I don't get this

[Calydor]

In my case, and probably the case of a lot of other people, my driver's license is IN my wallet. I never leave home without it.

Re:I don't get this

[Anubis+IV]

When I looked into it, the advantages to something like Apple Pay (but not any of these CurrentC-based initiatives) seemed pretty evident:
1) It's significantly more secure than carrying a card in the US. For instance, Apple Pay generates single-use tokens that take the place of credit card numbers. Had consumers been using it when the Home Depot and Target hacks happened last year against the point of sale systems, the hackers would have just gotten a list of consumed tokens that were utterly useless. Likewise, were my phone/card stolen, I'm less likely to notice a missing card than a missing phone, but both of them can be deactivated remotely. On the plus side for the iPhone*, even if I don't deactivate it, it'll fully lock itself and require my lengthy password after 48 hours, meaning that any would-be thieves would have a very narrow window during which to use Apple Pay, and it would be complicated by the fact that they'd have to first reproduce my fingerprints. That alone negates a lot of common thievery. And if we're getting into the sort of state-sponsored thievery that would be good enough to crack into the hardware encrypted Secure Enclave in an iPhone where the credit card info is stored, then Apple Pay is, frankly, the least of my worries.

2) It's more convenient. No more pulling cards out of my wallet, then having to put them back in the right place. No having to navigate to and through apps. No having to manually generate QR code sand the like. No having to count out cash. Less things to carry. I'd love to eliminate the cards I carry from my EDC. I already have my health and car insurance "cards" on my phone. Some US states are permitting digital driver's licenses. And I stopped carrying cash on a regular basis years ago for a variety of reasons. My credit cards are one of the bulkiest things I still carry.

3) It's more private than credit cards. Again, speaking of Apple Pay and the like as opposed to CurrentC-based programs, they're specifically designed to protect your privacy against intrusion by the retailers. Credit card numbers can be captured by retailers and are routinely compiled into large databases that track you and your purchases across all of their chains and subsidiaries, both in-store and online. In contrast, the one-use tokens that Apple Pay uses aren't linked back to your identity or any of your identifying information in any way (though I think I heard that they were about to allow users to opt-in to providing info to specific retailers in exchange for discounts/rewards/customer loyalty type stuff), and because they're single-use, they can't be tracked from one purchase to the next. It strips retailers of their ability to track you via your payment method, though, obviously, cash shares that same advantage.

In contrast, CurrentC-based systems like Chase's are designed by retailers (headed by Wal-Mart) for retailers, since it tracks your location both inside and outside of the stores, requests access to as much information as it can get on your phone (including any health information you store on the phone), and provides identifying information in its QR codes so retailers can easily recognize you.

All of which is to say, paying by phone has some major advantages, but, as with many topics we discuss here on /., the devil is in the details.

* Hypothetically speaking, since I don't actually have an iPhone with Apple Pay.

Re:I don't get this

[ArmoredDragon]

So far everywhere I've used the chip in my new EMV card, I first handed it to the cashier and they tried to swipe, and it denied it saying I had to use the chip, which every single time has been facing downward and towards me, somewhat out of view of anybody (or anything) besides myself.

Everywhere I've done this, this has been the case at any rate, which includes every walmart, every restaurant, etc. I don't know if that's the standard, but it wouldn't surprise me if the terms of the merchant agreement required it.

Besides, I really *really* doubt somebody would bother with using a camera. The odds of you getting all of the relevant info (which includes the CVV number on the back) is unlikely, and would probably take more time and money to set up than it's worth. Especially when you consider that the only cases where they do an actual investigation on credit card fraud, they look for a bunch of customers that have happened to shop at the same place, and then begin investigating that establishment.

Even if they did get your credit card information, what will it cost you? Oh that's right, the inconvenience of being without your credit card for a week while they send you a new one, because your bank (like most banks) offers zero fraud liability (unless you have truly shitty credit.)

Re:I don't get this

[JackieBrown]

In my case....my driver's license is IN my wallet.

Mine too. I'm just amazingly unorganized.... I don't know why I don't just leave it in my car.

Re:I don't get this

Forgot to mention that CurrenC does ACH transactions (free for the retailer) to access your money directly. This means that like your debit card, if the CurrenC phone or payment processor (terminal or backend) is compromised, any money lost is unrecoverable.

Re:I don't get this

[tompaulco]

It will be so nice standing in a busy supermarket about to pay only to realize you forgot to charge your phone, won't it?

Or forgot your wallet? That happens to me more often than not having a charged phone. Granted, everyone's mileage will vary with this as with anything else.

Forgot your wallet? How did you get wherever you were going without your wallet? Hopefully you didn't drive, because that would be illegal. I have literally NEVER forgotten my wallet. I used to forget my phone maybe once a year back when carrying a phone first became a thing. Now I never forget my phone. I have had my phone go dead on me though. Either the battery ran out or there was no service. I have never had that happen with my wallet or my credit cards.

Re:I don't get this

[tompaulco]

Phone payment systems, on the other hand, can be set up so that only a one-time code gets transmitted to the retailer. It can't be used for anything after the one transaction, and there is nothing to store in a vulnerable database.

That seems like it would only be possible if your phone is able to communicate with the card carrier, which it is not always able to do.

Re:I don't get this

[Anubis+IV]

Yup, I forgot about that one, since it's been awhile since I last looked into CurrentC. That's definitely one of the worse things about it, but the whole thing is really just a bad system from the consumer side of things. It places complete trust in retailers (who have shown they're not trustworthy), gives them more access to your data (e.g. health, birthdate, photos), enables them to track you more easily (e.g. location tracking, tracking purchases across multiple cards you have in the app, tracking you between all MCX partner stores), opens you up to new forms of attack (e.g. draining your account, as you mentioned), and, frankly, when I've seen the process demonstrated, it strikes me as being on par with or less convenient than a credit card at checkout.

Given the substantial security and privacy concerns, the lack of additional convenience, and the massive, unwarranted escalation of privileges, I see absolutely no reason to ever consider CurrentC for personal use. If anything, I'm more inclined to view it as a form of adware (given that it can creepily deliver ads to you as you walk around the store based on where you are in the store and your past purchase history) than a viable tool.

Re:I don't get this

[meadow]

So far Android and Samsung Pay are big flops. Android Pay supports almost no cards at all. Samsung Pay works on only a few of their most recent and expensive devices. Hopefully some company like Intuit will come along and kick their butts. I also don't understand something about this technology: How can it be that any cards do not work with it? If the technology were designed right, than all cards would simply have to work with it in lieu of their being actual cards. What's this BS with Chase not working with them because now they want to have their own pay app? This is what would have happened if the early pioneers who laid the foundations of the Internet which we use today had been greedy losers like all the people in the tech industry today. There would be no universal standard or protocal which everyone would use. Instead a bunch of different greedy losers all trying to capitalize off their niche and no standard. We would not have had e-mail, for example, but rather Apple e-mail, Chase e-mail, Samsung e-mail.

Re:I don't get this

It almost like you are two different people

Re:I don't get this

[FatdogHaiku]

I just can not believe you forgot vibrator...

Re:I don't get this

You had sex with a fatty.

Re:I don't get this

Depends how old you are. As an ancient, my wallet is practically an appendage, when it's missing I can still feel it.

It's much more common for me to forget my phone. If it's a non-work day then if I walk out of the house without it I usually just keep walking. It's a feeling of relief to be quite honest.

Re:I don't get this

Who cares. One call and American Express deletes the entire charge then subsequently screws the merchant. No skin off my nose except paying an extra penny for candy bars when the merchant raises prices to compensate.

Re:I don't get this

[h4ck7h3p14n37]

1. 1. Security of credit cards is a non-issue for consumers. You are insured against losses over $50 and most banks will cover the entire loss.
2. 2. Pulling a credit card out of my wallet is much easier than getting my phone, typing in the unlock password and then launching the app. If I drop the credit card, no big deal. If I drop my phone it's a problem. Also, it's easier to give someone else (friend/family) your credit card to use for a purchase than your phone.
3. 3. Why do I care about retailers tracking my purchases from them?

Mobile payment is a solution in search of a problem.

Re:I don't get this

I do see this happening with a camera. It happened to me just last year.

My card was stolen. By the retailer using a camera. At Denver International Airport. Not at a kiosk, but at a retail establishment. I got lucky. They tested it with netflix, and since I don't use netflix, my CC company emailed me. But, damn inconvenient when your credit card issuer cancels your card on the first day of your vacation.

I had the receipt. It was the ONLY receipt with that credit card, only use of that credit card for a week, and it had the retailer phone number. I called the retailer. Did they care? No. Did the Airport care? No. Absolutely nothing happened except me losing the ability to use my card on my vacation.

Re:I don't get this

[Applehu+Akbar]

No it doesn't need a live connection with the card carrier, except when tou set up each card in the phone's payment app. It snaps a picture of the front-side number and expiration, and encodes that in its onboad tokenization chip. At transaction time, the tokenization chip computes the one-time code that gets sent to the retailer's NFC reader.

Re:I don't get this

[Anubis+IV]

1. Security of credit cards is a non-issue for consumers. You are insured against losses over $50 and most banks will cover the entire loss.

Nonsense. That argument only addresses a single one of the issues people deal with when a card is lost or stolen.

For instance, I lost my credit card last year (misplaced it, called it in as lost, later found it), and I was finding all sorts of new headaches for at least two months afterwards, even though it wasn't even stolen (e.g. I discovered that my ISP's autopay locks in its payment method a week before the bill goes out, so even though I had updated my autopay settings to reflect the new card, my old card got charged, resulting in a returned payment fee and a late payment fee from my ISP). My parents had someone skim their card, and they ended up dealing with weird items showing up on their credit reports for years afterwards that were apparently all linked back to the original theft.

Protecting your money is certainly the most important aspect of security, but it's by no means the only thing that you have to protect. Speaking from experience, you'll likely lose a lot of hours that could have been put to better use otherwise.

2. Pulling a credit card out of my wallet is much easier than getting my phone, typing in the unlock password and then launching the app.

Yes and no. CurrentC works as you describe, and that's why I said that it's no more convenient than a card in my last comment. Apple Pay, on the other hand, does not work the way you describe, since it doesn't require a password and doesn't require you to launch an appThat's it.

If I drop the credit card, no big deal. If I drop my phone it's a problem.

That's already the case since our phones are increasingly important to our daily lives. This doesn't change any of that. If you're prone to dropping your phone, then you're quite right that ditching your cards may not be a good idea.

Also, it's easier to give someone else (friend/family) your credit card to use for a purchase than your phone.

None of these phone-based payment systems preclude you from loaning a family member your card, since it's not like it disappears when you add it to your phone. You can still loan it to them just fine, and if you're in the habit of regularly loaning out your credit card, it definitely would make sense for you to keep it around for that purpose.

Just because there are a handful of unusual use cases that credit cards handle better does not mean that they're more convenient in general. It just makes them more convenient for those edge cases. If you're someone who regularly deals with those edge cases, then a phone-based payment method is likely not for you, and that's fine. For someone like me or most other people though? I'm looking forward to using them whenever I get around to upgrading to a phone that supports them.

3. Why do I care about retailers tracking my purchases from them?

As I mentioned in another reply, MCX is the industry group behind CurrentC, which is what Chase Pay is built on. MCX partner companies have the ability to share data between each other. Maybe I'm old fashioned, but I don't want Best Buy and Walmart sharing data with CVS, my pharmacy, but because all three of them are MCX partners, that possibility exists.

But even within a single retailer, I'm opposed to them tracking me at all, simply because it represents an invasion of my privacy. They can sell my purchase history to third parties without my consent, can be bought out by mega-corporations that leverage that information across dozens of other subsidiaries, or can simply use it in unsavory ways. Whether it's condoms, hemorrhoid medication, or a dozen pints of ice cream, we all make purchases that we'd rather not have out there for the world to see.

You may have no problem with the current state of things, but many of us do. Don't drag the rest of us down just because you don't care.

Re: I don't get this

Yes you can, but they'll need to chop it off and keep it as proof of payment.

CueCat, Anyone?

Reliance on barcodes? Paging CueCat.

Because if there's anything that any retailer or service person wants, it's ANOTHER fucking hardware interface to learn and train people in. (Sure, the money would be great, but at least I'm in a sector that doesn't-quite-yet have to worry about customers using the store next door because they have the armpit reader and we don't.)

Re:CueCat, Anyone?

[Dog-Cow]

You must not have shopped in a retail store lately, or you would have noticed that every cashier is quite familiar with barcode readers, and in busy stores, they are used thousands of times a day.

Re: CueCat, Anyone?

[ememisya]

It's the switch from the you-can't-both-get-in-the-middle-of-the-signals,-and-guess-a-number dept. to the trust-me-I'm-a-doctor dept.

Don't bank on your cellphone.

[rmdingler]

As if we needed any additional evidence that market share is more important to payment processors than security...

Yes, the phone in your pocket is also a computer. No, it is not as secure as your desktop or laptop.

Never trade security for convenience.

Re:Don't bank on your cellphone.

[Dog-Cow]

Severe paranoia and delusional thinking are signs of neural impairment. You should see a doctor.

A modern smartphone tends to be much more secure than the average PC. Unless you side-load Android apps from shady suppliers, you're rather unlikely to be running any software in a position to capture transaction details. This is not at all true on a PC.

Re:Don't bank on your cellphone.

[AmiMoJo]

A phone is probably at least as secure as the average person's desktop. All three major phone operating systems offer a walled garden and by default run apps in a heavily restricted sandbox. Most users never break out of that. We don't see vast phone based botnets, suggesting that those operating systems compare quite well to the most common desktop OS, Windows.

Re: Don't bank on your cellphone.

[ememisya]

Wow, you sound like an expert on the subject. Do you suppose it comes down to the specifics of the platforms?

Re:Don't bank on your cellphone.

[swillden]

No, it is not as secure as your desktop or laptop.

That statement could not be more wrong. The typical mobile device is significantly more secure than the typical desktop or laptop. Desktops (and laptops; I'm going to stop distinguishing) aren't quite as bad in 2015 as they were a few years ago, but they're still hugely more likely to be infected with various sorts of malware, to be part of a botnet, etc.

Fundamentally, this is because desktop OSes were designed before security really became a significant concern, and mobile OSes were designed after. Mobile OSes provide much stronger sandboxing of apps, and the sandboxes restrict apps from using sensitive system services or interacting with any other apps by default, and allow apps to obtain more permissions only in controlled ways. By default all app data is restricted from access by all other apps; unless app A goes out of its way to place data where app B can get it, app B can't, regardless of the permissions B requests. In addition, nearly all mobile apps are installed from curated repositories.

In contrast, on a desktop (even Linux!) app separation is only by user account. Any app installed by you has access to any data managed by any other app installed by you. And apps com from many sources, including random collections of online repositories of malware-ridden games.

The only remotely justifiable counterargument is that desktop OSes tend to get security updates more regularly than typical Android devices. That means that it's likely to be more possible on a given Android device (and the typical mobile device is Android, not iOS or Windows) to violate the security restrictions imposed by the OS. However, as described above, most desktop OSes don't actually impose many security restrictions on apps and content owned by a given user, so I think this point is largely moot. Which is easier to exploit, an OS with a restrictive security model but known vulnerabilities, or an OS with a totally permissive security model? The latter is easier by far, because there's no need to even bother with exploits.

I think we're also going to see over the next couple of years that the Android update problem gets fixed, at least by the major vendors, so even that counterargument is going away.

Re:Don't bank on your cellphone.

[rmdingler]

I took your advice and contacted my physician.

She said to cut back on the internet-sourced advice, and advised keeping the healthy skepticism that everything is safe... especially in the face of contrarian evidence.

Thank you caring, though.

Re:Don't bank on your cellphone.

[rmdingler]

A phone is probably at least as secure as the average person's desktop. All three major phone operating systems offer a walled garden and by default run apps in a heavily restricted sandbox. Most users never break out of that. We don't see vast phone based botnets, suggesting that those operating systems compare quite well to the most common desktop OS, Windows.

I've read the arguments for and against. I think the phone is still uniquely a security issue because of the ability it provides interested parties to track your location.

Also: We are probably not too many years away from widespread use of Stingray-like devices outside of law enforcement.

Re:Don't bank on your cellphone.

You're using a general "less secure" instead of "less secure against". There's more risk for your location being tracked if you are compromised, but the walled garden is more secure against the device being compromised in the first place. If you're doing mobile banking, you're less worried about being tracked than you are of losing your money.

Re:Don't bank on your cellphone.

[Dragonslicer]

Yes, the phone in your pocket is also a computer. No, it is not as secure as your desktop or laptop.

My desktop and laptop are still running Windows XP, you insensitive clod!

Thanks, But No thanks

Please stop tracking me.
Will pay cash.

What advantage does NFC have?

Remind me again why NFC is "better" than bar codes? You can't remotely intercept a bar code very well or easily (assuming its not an error correcting QR). You can verify what you present to the register. You're phone can't be tricked, remotely, into thinking its paying for something while you sit on the bus next to the guy with the laptop.

Even data storage and transfer rates are comparable. Certainly when you get into higher QR ranges with no error correction. The imaging device needed to read them are cheaper than NFC transceivers. I can't think of a single advantage NFC has for this application.

Re:What advantage does NFC have?

[Dog-Cow]

With NFC, you can approve the transaction without removing your phone from wherever it's currently stored (pocket, purse, etc.). That's the advantage.

Re:What advantage does NFC have?

Why is NFC better?

It was successfully brought to market first. It has less operational headaches for consumers.

That's about it.

Re:What advantage does NFC have?

[Pi1grim]

"Remind me again why NFC is "better" than bar codes?"
Because it's shorter working range, ability to transfer more information and quicker, also eliminates differences introduced by different brightness/display sizes of phones.

"You can't remotely intercept a bar code very well or easily"
Interception device is called a camera.

"You can verify what you present to the register."
Majority of people doesn't decode barcodes quickly enough.

"You're phone can't be tricked, remotely, into thinking its paying for something while you sit on the bus next to the guy with the laptop."
It can't be tricked in either way. a) Android phones only enable NFC chips when screen is active b) Asking for a simple confirmation on-screen with details of transactions is just as simple.

"The imaging device needed to read them are cheaper than NFC transceivers."]
Sure, optical scanner is way cheaper than a 3-dollar chip.

Re:What advantage does NFC have?

Sure, optical scanner is way cheaper than a 3-dollar chip.

This. Right here. Sarcasm included.

An NFC chip has many advantages over an equivalently- or lower-priced barcode mechanism.
1) NFC is usually baked-in to the rest of the radio package in a cell phone. It doesn't cost any extra because the cell phone needs the radio package to even be a cell phone.
2) Barcodes can be read in 3 different ways: a laser, an imager, or a camera with a software decoder.
- A laser is the fastest method, but it's not cheap. On top of that, it requires extra regulatory bovine effluent because it's a laser. And unless you add moving parts, it's limited to a 1-dimensional barcode. You can't read any of the high-data-density 2D symbologies like QR, Aztec, or Maxicode, or even "stacked 1D" barcodes like PDF417.
- To get 2D symbologies to work, you can get a device with an imager. They're fast enough, and they handle 2D codes, but they're expensive as hell. Go price out a commercial mobile scanning device with and then without an imager. That imager will probably tack $200+ on to the price of that device, above the price with a 1D laser barcode reader.
- So that leaves us with the slow, laggy, inaccurate, battery-chewing camera+software option. Which is garbage and should only be used as a toy, and certainly not for anything related to financial transactions.
3) Barcodes aren't always perfectly reliable. A "fuzzy" barcode either won't scan, or will scan but will be missing data (or worse yet, have altered data due to a misread). Even a good imager can't always read a barcode, and that goes double for a barcode on a computer screen. All of the stars (and more importantly, refresh rates of displays and sample intervals of imagers) have to align to get it to work.
4) Barcodes aren't private or encrypted. Anyone with a reader can read everything in a barcode. It's basically just like a magstripe on a credit card. So unless your payment scheme uses throw-away barcodes, it's a terrible idea. And since we have chips in our cards and chips in our phones that can both hand out one-time-use, throw-away crypto tokens to sign a transaction with, why would we bother with barcodes?

NFC is far superior to barcoding.

If you trust JPMC

I have a radio tower in Paris to sell for 1 billion dollars. Anyone that trusts JPMC and Jaime Dimon deserves to get robbed.

Exportable

You can export purchase history for expense reporting, budget tracking, etc.

Only if they upgrade their website

[hackertourist]

The Mastercard CC 'online banking' website where you can check your withdrawals etc. is a pile of shit:
- lousy security (password A-Za-z0-9 only and with a maximum of 10 characters)
- the information reported on each purchase is often useless, with an entirely different company listed than the place you actually purchased from, with limited-length fields chopping off half the name etc.
- unnecessary jumping-through-hoops to download monthly statements (and no, you shouldn't name them all "download.pdf")
- no way to download a list of transactions in a format importable in a finance app or spreadsheet
- no way to get an alert for withdrawals

More purchases via CC = more need for monitoring, but as it stands it's a website I avoid as much as possible.

CurrentC needs to die in a fire.

[SvnLyrBrto]

The main problem with CurrentC is not the QR-codes, though that is kind of ridiculous and old-timey. The main problem is the direct line into your banking account with no credit card intermediary; which strips you of much fraud protections you enjoy with ApplePay, or even just by swiping plastic. That means instead of being on the hook for no more than $50 in the event of fraud (And many cards waive this these days.), your bank account can simply be emptied. Good luck getting that money back. And even if you succeed, it's still gone for the duration, when you may have needed it for other purchases and bills.

CurrentC needs to die. And the retailers trying to push it need to be made to suffer.