nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Big Retail's Apple Pay killer CurrentC HACKED, tester info nicked

Listen for the chuckling from Cupertino

By Iain Thomson, 29 Oct 2014

CurrentC, the mobile payments system being pushed by some of the biggest retailers in the US, has been hacked – before the system is even fully up and running.

"Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app," a spokeswoman for the Merchant Customer Exchange (MCX) told El Reg.

"Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected. We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously."

The CurrentC system has been put together by MCX – an alliance of large retail chains such as Walmart, Sears, and Old Navy – as a way for customers to pay with their mobile phones, and for the shops to avoid paying credit card fees.

The pilot program was started on September 3, but the system hit the headlines over the last weekend when two MCX partners, Rite Aid and CVS, announced that they were dropping support for Apple Pay, Cupertino's new mobile payments system.

The move sparked threats of a boycott of CurrentC by outraged Apple fans, who proposed joining forces with Android users, since Google Wallet was also affected by the drugstore chains' blockade. Cupertino said that it was happy to work with any merchants who wanted to use Apple Pay, but Google has yet to comment.

The CurrentC hacking attack may have been carried out by one of these outraged Apple or Android fans – MCX isn’t giving any more details as yet. Alternatively, it could stem from someone eager to find out more about the security systems CurrentC uses.

The CurrentC system uses QR codes scanned by the purchaser for payments, and links directly into the user's bank account or credit card. That's good news for retailers, but would also seem to make the system a prime target for financially motivated hackers.

The payment system is still only in its pilot stage at the moment, with a full rollout expected sometime next year. Based on this hack, however, its engineers have a lot of work ahead of them. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing