14 DAY TRIAL // Touted as the Apple Pay killer, the CurrentC mobile payment app is in trial phase at the moment and has already tasted its first security breach, with testing account emails being exposed to unauthorized third-parties.
The app is the result of a joint effort from several large retailers in the US wanting to avoid fees associated with standard payment solutions. The development of the software is the responsibility of MCX (Merchant Customer Exchange), a company unifying the retailers into a single payment processing network created for this specific purpose.
Only email addresses have been exposed
With a new payment solution for mobile devices, the retailers, Walmart, Kmart, Sears, Wendy's, Target, 7-Eleven and BestBuy among them, declined implementation of the similar service from Apple.
Recently, CurrentC started to notify early adopters of the app involved in the testing program of an intrusion on its system, which ended with the compromise of their email addresses.
The developer says that the app itself has not been affected in any way and only the emails have been exposed, although its ability to secure customer information has already been dented.
On the other hand, the project is at the beginning, with a nation-wide launch scheduled in the US for the next year; this would give maintainers a bit more time to solve the snags.
Details about the identity of the intruder remain unknown at the moment. However, the investigation is ongoing and additional details may surface at a later time, at least about the way the attack was carried out and the security measures imposed to prevent future events that could compromise user information.
In a press conference on Wednesday, MCX CEO Dekkers Davidson said that at fault was their email provider and not the company, according to eWeek.
Payment information is not stored in the app
CurrentC was not designed to store payment information in the app, but in a protected network in the cloud.
“Removing this sensitive information from the mobile device significantly lowers the risk of it being inappropriately disclosed in a case that the mobile device is hacked, stolen or otherwise compromised,” says Davidson in a blog post.
CurrentC is intended to work on any type of phone regardless of the underlying platform and to integrate discount coupons and loyalty rewards in a single transaction.
The ambition is to exceed the industry-standard consumer fraud protection and to give clients the possibility to limit the information shared through the privacy dashboard; this includes disabling location-based services and marketing communication.