Apple Pay Competitor CurrentC Breached 265
tranquilidad writes "As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a "more secure" payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."
back in the day (Score:5, Funny)
Re: (Score:3)
Deepends on if they thing they got more where this came from or not. CurrentC looks pretty hackney so my guess is there will be more breaches more vulns in the future.
Think about the Snowden disclosures. Would it have been more damaging have published it all at once, or was it more entertaining to drop something watch them react and then force them to backpedal and temporize in the face a subsequent releases?
the other half (Score:2)
Yeah, good luck ... (Score:5, Interesting)
This is the problem with a new system like this. Especially one designed to make more money for the retailers, and give them more access to consumer data.
They simply haven't been at this long enough to be trustworthy or competent at it.
And, historically, many of the vendors involved in the creation of this system have been fairly inept at implementing security, and fairly moronic about reporting it when it happens. Or understanding the severity of it when it happens.
So, sorry guys, I'll trust my bank -- because I know they're operating under at least some laws, and I'll trust VISA more than I'll trust you (because they've been at this for a while) ... but I will never use this system if I have a choice.
This is a payment system which is designed to make them more money, and give them more information to consumer information at point of sale. Which means they've primarily focused on those things, and have proven themselves to have done a terrible job at security.
So, what's in it for us consumers? I'd say nothing at all which provides value to us, other than the shiny baubles and discounts they're offering in return for them getting higher profits, and a much more detailed look at how and where you spend your money -- which they don't currently have since the CC processors don't let them have it.
The people making this new system are interested in it for entirely different reasons. Which means everything they do is for their benefit, and not ours.
Re:Yeah, good luck ... (Score:5, Insightful)
I'll trust Visa more not because they've been at it a while, but because the law gives me a good deal of protection against fraud. CurrentC does not use credit cards, it requires direct access to your checking account. That means none of the legal protections against fraud that apply to credit cards. It also means that if their servers get breached, and that bank account information is stolen, the thieves aren't stealing money from the bank, and the bank responsible for getting it back, but rather, they're stealing my money from my bank account, and it's up to me to get it back. And my bank isn't responsible, and the merchant probably isn't either, according to their terms of service, and the people behind CurrentC are likely a shell corporation with nothing to sue them for.
CurrentC looks, to me, like the biggest bucket of bad ideas in the history of electronic payment.
Re:Yeah, good luck ... (Score:5, Insightful)
And, don't forget the part where (in addition to everything you said), the system is also designed to give merchants access to more information about your purchases and buying history.
So, it's a badly written system, designed to tap directly into your account, with no liability on their behalf, coupled with an added amount of access to your information to violate your privacy.
There's really not a damned single thing about this which is in any way good for the consumer ... I'm sure they'll try very hard to get people to use it (and in some cases might actually try to make it mandatory).
I agree, the entire premise of this system makes one go "WTF are you clowns thinking?" This is an insane amount of terrible ideas which have no net benefit to the consumer -- unless they create artificial benefits like their rewards program.
But losing the security of your bank account to people who are too greedy and incompetent to implement security is a terrible idea.
Use outside USA? No chance (Score:4, Insightful)
The other thing CurrentC seems to have goofed on is that there is no way in hell this system will ever see the light of day outside the USA.
The USA may still live in the backwater side of banking where people still commonly pay for groceries by cheque, but in the rest of the world the idea of giving a third party your bank account information is quite foreign nowadays. There is absolutely no way in hell I would ever use this system, and if someone at Walmart asked me for my chequeing account information I would laugh in their face.
Minor correction (Score:2)
Especially one designed to make more money for the retailers, and give them more access to consumer data.
Retailers are not making money from this service. In fairness, a retailer does not make more money from a credit card company either. The people making money from these services are in essence middlemen acting as the proverbial money changer and money lender.
That's not to claim retailers get nothing from the arrangement. They don't have to carry cash every day to deposit in the bank, and "skimming" is much less of an issue. For a retailer, it's probably worth the few percent on every transaction to be p
This whole CurrentC thing is reminding me of DivX (Score:5, Interesting)
Re: (Score:2)
In this case, I am waiting for CurrentC ;-)
Re: (Score:2)
Hmmm, if DivX is to Xvid, then CurrentC is CtnerruC? Doesn't have the same ring.
Re: (Score:2)
Re: (Score:2)
the 1990's DiVX pushed by circuit city with the play once DVD's you can rent
Re: (Score:2)
Random observation, on Google vs. Apple payments (Score:5, Insightful)
For years, these MCX folks allowed NFC payments, meaning potentially Google Wallet payments. Apple Pay comes out with an EMV based solution, and instantly block all NFC, taking Apple Pay and Wallet down together. So, Google was never seen as a threat, or at least never passing the threshold of needing-to-ban, even after years of use, but Apple is seen as a potential threat from literally Day One.
I wonder why Apple is seen as a threat more? Their network of friends? Number of potential users can't be it - many more Android phones than iPhone 6s. Number of cards already in iTunes? Ease of use (i never even tried Google Wallet)? Did Google leak some of the info back to the retailers where Apple is balking at that info leak?
Just wondering.
Re:Random observation, on Google vs. Apple payment (Score:5, Insightful)
My understanding is that even on NFC-equipped Android phones, Google never had a proper deployment strategy; they only partnered with a few card issuers, they didn't really work with any merchants to get them on board, Verizon blocked their app on their phones, it was only limited to the US, etc.
Over that first weekend, we know now that ApplePay adoption was in the millions, and in those first few days CVS probably saw this deluge of NFC transactions and were like, the jig is up, the train is leaving the station, and if we continue to allow NFC transactions through the 2014 Christmas season the Payments War will be over and CurrenC won't have even been a contender.
Re:Random observation, on Google vs. Apple payment (Score:5, Informative)
Because Google Wallet and Apple Pay work in opposite ways.
For a retailer to support Google Wallet, they need to work with Google and their merchant processor to support Google Wallet. Because what really happens is the transaction details are forwarded to Google who then charges your payment method (credit card, debit, Paypal, bank account, etc). This is why Google knows everything about your transaction whenever you use Google Wallet. (Basically Google gets to know everything about what you're buying).
Apple Pay is nothing more than EMV so it's just an electronic credit card. Once you register your card through Apple Pay, Apple is no longer in the transaction. As long as the retailer takes credit cards, and has an NFC reader, Apple Pay will work. Most of the retailers listed by Tim Cook? They did diddly squat to support it. They just had working readers and probably someone came over and tried it and was successful.
Because to support Apple Pay means you need an EMV compatible terminal (swipe, chip+pin, NFC) and processor, and because of October 2015 legislation, people are supporting it by default since practically all new terminals have it. So all a retailer needs to do to get Apple Pay support is make sure their hardware (terminals) is upgraded (which they're doing anyways over the next year) and their processor supports EMV (which if they're doing chip+pin, they're going to have support for).
However, for Apple Pay to work, Apple needs to work with banks to ensure when a user scans a credit card,, they can get a token assigned in its place (the token is private between the user and the bank, and is basically just an index so the bank can determine who to bill).
So Google Wallet requires no effort by banks, etc., and effort by retailers to support. Apple Pay only requires hardware updates they're doing anyways which is minor, but effort by the banks to support EMV.
That's why Google Wallet's penetration has been low - there are probably more retailers that support Bitcoin than Google Wallet just because. (Though if your processor is adding support for Bitcoin, they probably have Google Wallet support as well).
For Apple Pay, because for retailers it "comes for free", which means its market penetration is far higher than what Tim Cook had in his presentation. Because retailers who already have NFC terminals practically already support EMV and that makes them Apple Pay compatible with zero effort.
So retailers may be inadvertently supporting Apple Pay when they don't want to because Apple Pay just shows up as a credit card.
He's dead Jim (Score:3)
The vast majority of coverage on CurrentC is negative – now this. It will be interesting to see how long they keep this thing on life support before pulling the plug. Anything after this would seem like good money after bad.
Everybody in the tech community was already worried about direct access to bank accounts and no fraud protection. How will the consortium behind CurrentC answer the already swirling security concerns when this happens so quickly after members give Apple Pay (and it's biometric locks) the boot?
Electronic credit charge has federal protection. (Score:5, Insightful)
We should demand similar protection against ALL electronic charges, whether or not credit was involved. Telephone slamming should be included too. Our bank accounts need protection too. The burden of proof should be on those who are responsible for the installing and maintaining the system. Not the little guys who are users of the system.
why do you lie right in the 1st sentence??? (Score:2)
CurrentC is NOT aiming to create a "more secure" payment system. That is obvious!
CurrentC, Now way (Score:2)
CurrentC wants a link right into your checking account. Sounds real safe. What happens when there is an issue? How long does it take to fixed botched transactions? What liability is there? How happy are the banks going to be working with them?
I'll stick to Apple and Google's model.
WTF? (Score:3, Informative)
Re:WTF? (Score:4, Insightful)
It hasn't been breached... they just got a hold of their email mailing list! This is the crappiest bad summary of all crappy bad summaries.
Yes, and their ability to manage a mailing list is in no way related to their ability to manage more sensitive information, in their system that isn't even live yet.
Re: (Score:3)
Does TFA say how they got the emails? I just read yesterday that someone had discovered that you could enter arbitrary email addresses into CurrenC registration wizard, and if you were snooping the wire, the MCX server would return a completely filled-out user record for each entered email address. [imore.com]
It is a breach thanks to CurrentC web service (Score:3)
they just got a hold of their email mailing list
From registered email addresses, you can get things like home address/phone number [imore.com], and lots more data that may be of interest.
Basically the breach got a bunch of primary keys they can use to get something more juicy later.
And I be they used all the latest... (Score:4, Informative)
cool frameworks and Languages too!
When are programmers going to wake up and smell the coffee!
You are screwing around with peoples money. You cannot just slap the latest cool frameworks together, write 50 lines of connection code and call it a system.
I would be willing to bet that there is a single database credential that has rights to insert/update/delete/select on all the tables in the system and its is stored in some xml file that the web application has access to and if the web application has access to it so do all the people trying to break in.
I cannot begin to count just how many times I have seen the following:
select * from users where id=? and password=?
and that returns everything about the user. Every modern database supports either functions or procedures to do something like:
validate_user(uname,upass);
and it simply returns true or false, 1 or 0 nothing more, nothing less.
Far far to often I hear, lets use [ fill in the blank ] framework because that is what everyone else uses and besides look how much more productive we are! And so it is taken upon nothing more than faith and 90% of the time the people saying vehemently that that is the way to go, understand perhaps 10% of the framework code and don't investigate any further. When you are considering a framework that is 100's of thousands of lines of code that more then likely wouldn't pass the particular languages version of Lint or Bounds or any other validation tool you have already lost the security war.
The people who are actively trying to break into large systems do their homework! They spend weeks or months looking at your generated web code looking for patterns that reveal the underlying frameworks and then comb through that code looking for even the most subtle vulnerabilities and then they make a plan and execute it.
When you are building systems like this if you don't start with security as priority #1, for the entire stack you will lose, it is just a matter of time.
Crap in/crap out (Score:2, Interesting)
Just CHIP-IN-PIN and be done with it. Tech is amazing at making a mountain out of shit and calling it a better alternative.
Chip-in-pin works with basically every merchant systems, credit card processor, and Bank (or will sooner or later). The fees are dependent on the credit source.
- If the merchant accepts credit cards at all, the credit card fees are built into the cost of the product NO MATTER WHAT (unless they're defrauding the contract of the CC by offering discounts)
Re: (Score:2)
I wrote my PIN on the back of the chip-n-pin card. Chip-n-Sign forever!
Remember when retailers wanted people to run debit, and nobody would do it? That was because retailers get charged for credit transactions, and don't want to pay that; while individuals have to enter their PIN for debit, and are too lazy for that. As we can't be strong-armed into using debit over credit, we'd just say, "Credit!" and swipe and sign.
That was, uh, EVERYONE.
Re:Crap in/crap out (Score:4, Informative)
Particularly when using CAPSLOCK, please be sure to use the correct term. Chip and Pin [wikipedia.org]. Most English speakers are lazy enough in their pronunciation that it comes out as a homophone. But even if you couldn't hear the difference between "in" and "and", you ought to be able to work it out from context: you've got a chip, and you've got a pin; the chip does not reside in the pin.
How I hear things in my head when I read this (Score:3)
CurrentC Spokesman: Hello everyone, We're CurrentC. Screw Apple Pay and it's 1 million users! We're gonna go head-to-head with a major technology company using our tried and true 40 year old technology. Sure, all of our members have had huge data breaches in the past year but we're serious about it now and we're doing it right, for you, our customer. Trust us!
Spectator: Umm, you dropped something there -points at ground-
CurrentC Spokesman: Awww, Mother Pussbucket #*@^% #$)!( , @*!))(!
As Vizzini said in The Princess Bride... (Score:2)
Inconceivable!
Re: (Score:3)
Re: (Score:3)
> Secure? I have no problems keeping on me credit cards with $30k spending limits. Would you keep that amount in cash on you all the time with no fear of getting robbed?
Cash equivalents are readily available in those amounts and they can be secured if stolen.
Although it's dubious that you actually require the ability to make a $30K payment. You probably wouldn't get authorization for such a thing even if you attempted it.
Of course what you are describing there is not your actual spending power but your t
Re: (Score:2)
Cash equivalents are readily available in those amounts and they can be secured if stolen.
You mean like traveler's checks? Not very convenient.
Re: (Score:2)
I'm not OP but I've bought a secondhand car at £14500 on a Chip & PIN card here in the UK. Wasn't even called to confirm.
Re:It's Ironic... (Score:4, Informative)
The proper term is not 'robbed', it's "civil forfeitured". By confusing the two terms, you sully the reputation of thieves who ply their craft without the aid of crooked DA's and the DEA.
Re: It's Ironic... (Score:5, Insightful)
Wait until the cops decide that "credit limit" equals "cash on hand".
"How much credit do you have on that there credit card, sir?"
"Um, $28,839.54"
"I have reasonable suspicion that you used your credit to purchase cocaine, online child pornography and uninspected beef steaks. Please hand it over."
Re: (Score:3, Insightful)
Why was this modded down? You don't think this might happen, if it hasn't already, considering what we see the cops do these days? While it may be speculative at this point, it most certainly is plausible. I hope the moderation will be corrected.
Re: (Score:3)
A credit card isn't cash, credit cards emit a very long paper trail. Imagine how easy the police's job would be if criminals actually used credit cards in the manner you describe.
Re: (Score:2)
A credit card isn't cash, credit cards emit a very long paper trail. Imagine how easy the police's job would be if criminals actually used credit cards in the manner you describe.
1) Set up legitimate business storefront -- a health spa.
2) Sell drugs out of business.
3) Charge customers for $1500 "luxury massages" at your health spa.
4) Profit.
Re: (Score:2)
5) Police get warrant for health spa's credit records.
6) Police now have a list of hundreds of suspects. And the spa doesn't even know it's happened.
These people don't use credit cards, boss, it's like sticking a big flag on your head saying "arrest me."
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I thought the idea was to confiscate the money under the suspicion you would use it for something illegal if you were carrying so much. So they would take you card since it has that kind of purchasing power.
Obviously it does no good for the cops to confiscate CASH if they're trying to track your history/data.
Re: (Score:2)
Ironic that as we move towards a cashless society, cash remains the most secure form of payment.
Because no-one's ever been able to steal cash before right?
Re: (Score:2)
Ironic that as we move towards a cashless society, cash remains the most secure form of payment. Because no-one's ever been able to steal cash before right?
I believe what he meant to say, don't hold me to this though, is "The more we move towards a cashless society, the more we should be using cash."
Re: (Score:3)
You sir (or madam) seem not too familiar with Wall Street... Please allow me to introduce myself and the wonderful security offerings I just happen to have! You're guaranteed to make money!*
* ahem, make money for me....
Re: (Score:2)
not limited to cash
Re:Competition (Score:5, Insightful)
I was thinking along those same lines - they compared CurrentC to ApplePay. But, there is another player in field which meets the needs of Android users much as ApplePay for iOS does.
Both ApplePay and Google Wallet protect the consumer and keep them in mind such as by using the protections afforded in the use of a credit card. CurrentC is focused on the mercantile experience and puts all liability for fraudulent transactions squarely on the consumer. Using CurrentC, with its direct access to your checking and bank accounts as well as to your health information, you entire identity could be stolen along with your life savings. This breach highlights why they should not be trusted with your information even if no financial data was compromised this time around (they aren't live yet, right?).
Of course, Apple and Google can shut CurrentC down before they even get out of the starting gate - simply ban them from the app stores. This would prevent the software from being installed on anything iOS other than a jailbroken device. And, if Google choose not to allow it in the store, the only means to install it would be a side-install. Without an ability to have the consumer to install it, it will die pretty quick. Merchants would be forced to reconsider their strategy or face more competition from those merchants who demonstrate a willingness to protect the consumer and use one of the more anonymous systems such as ApplePay or Google Wallet.
As for merchants who say they won't accept credit cards - they do so at their own risk. To me, the smarter move would have been to work with Apple and Google and develop a system that meets merchant needs while protecting the consumer AND get it installed on the widest range of machines. Or, maybe, just rethink their business model.
Re:Competition (Score:5, Insightful)
I don't believe those two things can be reconciled.
The merchants want all of your data, and want to be able to operate with zero liability.
The consumers want security and privacy.
The people developing CurrenC are pretty much at odds with what consumers actually need. Which means this system can never be fixed or trusted, because it's not designed for that.
It's designed to make them more money, and get them more analytics. They don't give a rats ass about the consumer.
They want to be like PayPal ... act like a bank, with none of the liabilities of being a bank, and none of the responsibilities.
This is sort of like trusting the mob to be your financial advisors ... there's pretty much no win for the consumers here.
Re:Competition (Score:4, Insightful)
Re: (Score:2)
This is sort of like trusting the mob to be your financial advisors ...
You gotta problem with that?
Re:Competition (Score:5, Insightful)
No, see, that's where you're wrong.
The entire CurrenC system is designed to give merchants more access to your data. This is from TFA:
And if you really trust a merchant created system to respect your wishes and not track you, you're hopelessly naive.
Wait, what?
So which is it? They don't want my data? Or they want my data so they can sell it and make even more money?
Re: (Score:3)
I think that would be a risky move. This is one of those areas the 'regulators' are likely to wade into sooner or latter. Apple and Google don't want to be seen as bad actors. Right now there is a fair amount of goodwill for both Apple Pay and Google Wallet.
Its "Old/Big retail" that is out there trying to suppress competition to push product that various consumer advocates might not see as being good for the consumer. My guess is Apple and Google will seek their victories in the court room and on K stre
Re:Competition (Score:4, Interesting)
Re: (Score:2)
If a merchant won't accept my debit card, I'll shop elsewhere, plain and simple. I'm not about to buy a smartphone and pay monthly connection fees just so they can earn profit.
Re: (Score:2)
Re:Competition (Score:5, Insightful)
That'd probably raise some anti-trust issues, though.
Given CurrentC's complete tone-deafness about what consumers actually want in a mobile payment system (easy, secure, private, pick none?), the best strategy Apple and Google could choose is to keep pushing their respective solutions and ignore CurrentC entirely.
Re:Competition (Score:5, Insightful)
That'd probably raise some anti-trust issues, though.
Whats good for the goose is good for the gander. CurrentC stores in the CurrentC consortium (thats what it is, regardless of what they call it) are actively blocking NFC cards, one of which allowed it to occur for a period of time and then when a competitor hit the market before them, they actively worked to disable the ability to use the service.
Any sort of anti-trust issue that arises from Google and Apple banning their apps is the same as CurrentC users banning the use of NFC. They lost this battle when they took active steps to stop a working system. They might have had an argument about 'not upgrading to equipment with NFC' for various reasons, but thats not what they did. CVS has NFC capable equipment and WAS accepting it, then turned it off.
They (CurrentC) loses
Re:Competition (Score:4, Informative)
There is another bit player in the field. Don't pretend like it's any more than that.
Apple Pay has been out for a week. It's done more business than Google Wallet did in, what, 3 years? How many banks signed on to Google Wallet vs Apple Pay?
Re: (Score:3)
How many banks signed on to Google Wallet vs Apple Pay?
Zero. That's not how Google Wallet works [google.com].
Re: (Score:3)
How many banks signed on to Google Wallet vs Apple Pay?
Umm, effectively all of them, since you can use Google Wallet with any credit or debit card, which is far more than Apple Pay supports, at present.
Re: (Score:2)
That would likely be seen as a violation of anti-trust law and rightfully so. Given that Apple is engaging in the payments market as a for profit service they are selling to credit cards, using their monopoly position on the App store for iOS applications to extend restrain trade in another domain... And of course Amex/Visa/MC is backing ApplePay and they are also arguab
Re:Competition (Score:5, Insightful)
The sooner we figure out a way to cut out credit card processors from the purchase experience the better.
I really like the fraud protection my credit card offers me. Totally worth the effective 2% tax on the price of goods. Debit cards aren't the same. I haven't been impressed with PayPal, and have no reason to try the Apple/Google/MS/Startup offerings - CCs work fine.
Re: (Score:3)
And any technology that reduces the incidence of credit card fraud leads to reduced swipe fees in the long run, so long as there continues to be competition among card issuers.
Re: (Score:3)
Nonsense. Apple doesn't have a monopoly of mobile App Stores.
You may think that they have a monopoly of App Stores for iOS. But monopolies doesn't work like that. Having control of your own product isn't a monopoly. A product isn't a market.
Likewise no problem with Gillette only allowing Gillette blades, or HP printers only allowing HP ink.
If Apple could be subject to monopoly rules forcing them to stock apps, it would have been an issue already many times over the years. It hasn't been because there's no l
Re:Competition (Score:4, Interesting)
You are quite simply wrong. An attempt at a monopoly is illegal too.
Yes it is. That doesn't make me wrong. I didn't claim to outline every aspect of monopoly law. That bit isn't relevant to the point in question.
No, shutting down the CurrentC app wouldn't be a slam dunk antitrust case, but it would absolutely carry antitrust risk-
It is not illegal.
especially if Apple colluded with Google.
Which as already mentioned is highly unlikely.
Re: (Score:3)
Viewed from one perspective, so do all businesses. But look at it from another perspective, no company is successful if they don't meet needs of their customers.
Re:Competition (Score:4, Interesting)
We have NFC enabled devices at retailers everywhere here in Canada yet Google Wallet only works in the US. Seems they have given up on the idea entirely.
Re:Competition (Score:5, Informative)
Re:Competition (Score:5, Insightful)
With the compromised emails floating around, who knows who REALLY sent out the notice. ;)
Re:Competition (Score:5, Informative)
"CurrentC Allegedly Breached" would have been a more appropriate headline, that also doesn't necessarily expose anyone to a lawsuit if it turns out to be bullshit.
Did you read the fine article? MCX confirmed that "unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app." They also sent emails notifying their users, No "allegedly" needed; it's not bullshit.
Re:Competition (Score:5, Informative)
CurrentC is Walmart. It is not Google nor Apple.
Re: (Score:3, Interesting)
Doesn't everyone hate Walmart? Including their customers, suppliers and employees?
Re:Competition (Score:4, Informative)
Walmart organized MCX and leads it. http://www.forbes.com/sites/la... [forbes.com] I don't know where you are getting the "evil" part but it most certainly is WalMart's design.
Re: (Score:3)
Re: (Score:2)
Why not? It works on the campaign trail... Made up numbers win elections and gain more customers all the time. We reward the vivid imagination, the more flamboyant and extravagant the better. That's how you make the sale. Yes, it sets a bad example, but there's little to no negative feedback, quite the opposite, so expect more of it.
Re: (Score:2)
Re: (Score:2)
ApplePay does not cost the merchant any more than a standard credit card fee
That's the problem. Merchants (actually customers) are getting robbed by the credit card companies; now Apple is trying to get piece of that action rather than trying to reduce the fee that we pay.
Re: (Score:2)
Payments in App Store apps have 30% commission. ApplePay does not cost the merchant any more than a standard credit card fee (which apple splits with the banks).
If by "split" you mean the banks take 99.985% and Apple takes 0.015%. While the term is probably technically accurate, its use here is misleading, especially after mentioning the 30% figure. It's more like Apple takes their very small cut, and even that makes it sound a lot bigger than it is.
Re:Only emails (Score:4, Funny)
Phew. That's OK then!
Re:Only emails (Score:4, Interesting)
Re:Only emails (Score:5, Insightful)
This is a company that requires your social security number and full bank info for an account. Any bit of nerves about that is bad. Even just emails, it's bad. That and spear-phishing (shudder, I hate that term) emails are gonna cause more chaos. Also, maybe the emails is all we know about? If i hacked a payment processor, with the potential of getting payment info, SS numbers, and bank account numbers, Id keep that under my hat as I slowly drain things, no need to call the press on that. This is bad bad bad.
ApplePay allows you to give a credit card, which already has fraud protection on it. A couple orders of magnitude of peace of mind. Which would you pick?
Only lookup key you mean (Score:3)
Would you consider home address, and phone number also to be a bit of a breach?
Because you can get those and a lot more [imore.com] with just the email address and a call to the CurrentC web service.
Re: (Score:3)
They're assholes who are about to get completely fucked and lose whatever kind of war they think they can win against Google and Apple.
My chief problem is I'm hopelessly conflicted over which group of assholes I want to win and which group of assholes I want to lose.
Re: (Score:2)
They're assholes who are about to get completely fucked and lose whatever kind of war they think they can win against Google and Apple.
Or they could just be using this alliance/app as leverage to try to get better rates than the standard Visa, or MasterCard rates. Not to mention, better access to the data of its own paying customers. After all, you can bet Google and Apple will try to resell ads and intelligence to the highest bidders, whoever those bidders might be, based purely on the data of the purchase history inside those stores.
Re:CurrentC doesn't have competitors (Score:5, Informative)
After all, you can bet Google and Apple will try to resell ads and intelligence to the highest bidders, whoever those bidders might be, based purely on the data of the purchase history inside those stores.
No, you can bet Google will, and Apple will not.
Re:CurrentC doesn't have competitors (Score:5, Insightful)
why is parent not modded funny?
Because people who actually pay attention have noticed that Apple has been making privacy protection an important, heavily promoted, feature to help distinguish their products in the market. People who actually pay attention have noticed Apple's description of the lengths to which Apple Pay goes to be secure, and to provide NO tracking information. But go ahead and bash away if it somehow makes your day a little more tolerable ;-)
Re:CurrentC doesn't have competitors (Score:4, Interesting)
My chief problem is I'm hopelessly conflicted over which group of assholes I want to win and which group of assholes I want to lose.
Well golly gee! It's not like there's not a choice of "none of the above". Ah, but, *Give me convenience, or give me death* :-)
At first I was going to mod this up, but then I thought a bit more about it. Let me give you a better example of what the grandparent was likely getting at:
RealNetworks, Inc. v. DVD Copy Control Association, Inc [wikipedia.org].
Let's face it, I sincerely doubt that ANY slashdotter uses Realplayer on a regular basis. Most of us file it under "relics of the 90's" or "squandered tech opportunities" or something similar. Had RealNetworks won that case, I sincerely doubt anyone here would have actually purchased or used this application. However, this court case was one where many of us were hoping that RealNetworks would win - not for the amazing software or for the continued growth of RealNetworks, but for the court precedent. If RealNetworks won, it would be the first piece to fall of the problem of legislatively backed DRM. The war would continue, of course, but it would be a start.
I can't speak for the GP, but I concur with his sentiment. I don't think that Apple, Google, or these retailers have my best interest at heart. Not in the slightest. However, they all want the same thing: money. Apple seems generally better about not directly selling marketing data, but there's also no guarantee that they're not doing it under the table. Even without the tin foil hat, Apple may keep all that data in-house, and if iCloud security is any indication, that database security is questionable. Aunt Google, we all know, sells marketing data - they compete just as much with ClearChannel as they do with Microsoft - arguably more so. Retailers have their own science about how to psychologically manipulate you to buy stuff in their store. Apple may be the 'least offensive' in this lineup since their biggest crime is still a matter of speculation, but they're still no saint, even by corporate standards.
Thus, we have ourselves a bit of a conundrum. Even if you and I continue to use cash, the order invariably goes "opt-in, opt-out, alternatives disincentivized, alternatives socially unacceptable, alternatives impossible/illegal". Thus, the question becomes "who do we want blazing that trail?" That's the true question being asked by the GP, and unfortunately, I agree.
Re: (Score:2)
They're blocking Apply Pay and Google Wallet.
Good point. It sounds like this could almost fall under anticompeition/antitrust laws.
Re: (Score:2)
The credit card companies don't allow stores to charge more for a cc transaction. Perhaps this practice should be stopped as well. So something that costs $100 with cash, you might get a 2% discount for using CurrentC (and surrendering your data) or a 3%-5% surcharge for using a credit card.
I call BS (Score:3)
The credit card companies don't allow stores to charge more for a cc transaction.
At least here in North Carolina, as well as in Virgina, and in Kansas, I've seen chains of gas stations that have a "cash price" (also the price that you get if you use the chain's own brand credit card) and a higher price (usually about 8 to 10 cents higher per gallon) if you use a major Credit Card. I don't see Visa doing anything to prevent this. In fact, the law was changed recently at the federal level to explicitly
Re: (Score:2)
They're blocking Apply Pay and Google Wallet.
Good point. It sounds like this could almost fall under anticompeition/antitrust laws.
Visa and Mastercard already have a near-monopoly on payment systems, to the detriment of most retailers
Making their own payment system is not anti-competitive. It should provide more competition, and more freedom of choice to the retailers who don't want to give away most of their valuable customer purchase history to two advertising giants.
Re: (Score:3)
A payment system needs some thought put into it. As a fallback, if a credit card is abused, the money is reimbursed, charges are reversed. This is a tried and true system for over 40+ years.
Other systems don't have this protection. Debit cards, once the money is out, it is gone. Third party providers? I have read stories of some various payment providers permanently banning people from using them if fraud happens and a charge is reversed, so at best one winds up going through their "fraud" measures, wh
Re: (Score:2)
> The credit card companies and issuing banks can see every transaction, thus, they have the capability to create a very sophisticated anti-fraud system. They could easily identify a pattern indicating fraud
You mean like American Express.
The strange (don't even know what to call them) shills like to whine about AMEX fees but they are actually rather diligent when it comes to trying to detect fraudulent spending patterns.
Merchant accounts are "such a burden" that even single person operations can manage t
Re: (Score:2)
"Security through angry projection"? It ain't workin'.
Re: (Score:3)
Dunno about pissing people off, but massive Streisand effect for Apple Pay. The payment so good it's been BANNED. I don't think anyone now thinks about how it wasn't ready when 8.0 shipped, all that lag and slowness is now lost to "they banned it, the punks".
The odd thing is, Apple is actually pushing a standard here, the EMV standard. (though I guess you can say MCX is a standard too). It's just they have the best hardware for it, with decent (but not unhackable) security with TouchID. TouchID hit a swee
Re: (Score:3)
NFC is not EMV. They are using technology that's compatible with Mastercard's Paypass, Visa's payWave, and so on. EMV is chip and pin.
Re: (Score:2)
Apparently they pissed off the wrong people When these retailers started turning off NFC.
Never attribute to malice what can easily be explained by greed. I think the publicity made a lot of people who hadn't previously known about MerchantC, some of which are crooks, say "Hey, there's a new payment system? Let's see if it can be hacked." Seems that during round one they only got non-financial data, but let's wait for rounds two through 100,000.
Re: (Score:2)
A guy running a one man shop selling foam hassled me when I wouldn't give him my name, address, and phone number for a $10 piece of foam. He actually said, "what are you worried about the FBI or something?", and this was in Canada. I started to walk away, leaving him with the unsellable piece of foam he already cut for me, and he wised up and suddenly figured out how to process the payment in whatever shit POS system he was using. In short, merchants are complete idiots when it comes to stuff like this.