Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH
Apple Inc

Apple Pay competitor confirms email breach

Brett Molina, and Jefferson Graham
USAToday

Big retail got some bad news Wednesday: Its would-be competitor to mobile payment services from Apple and Google — which hasn't even launched nationally — was hacked.

Some of the nation's biggest retailers including Wal-Mart, CVS and Best Buy created the Merchant Customer Exchange consortium and its CurrentC app, to launch in early 2015. MCX, which is testing CurrentC in several undisclosed locations, said it was targeted in a breach involving email addresses.

"We own this, and are taking it seriously," said Dekkers Davidson, CEO of Boston-based MCX, in a Wednesday press conference.

Apple CEO Tim Cook discusses the new Apple Pay product during an event at Apple headquarters on Thursday, Oct. 16, 2014 in Cupertino, Calif.

MCX said "unauthorized third parties" grabbed the e-mail addresses of some members of the pilot program. The exchange says most addresses were "dummy accounts" and that the app itself was not affected.

The press conference was notable for Davidson declining most questions posed to him about the controversial MCX program.

Apple Pay, which only works with the newest iPhones, has won mostly raves reviews since its launch last week. It works with a phone's internal near field communication chip and pinpad units near cash registers at retailers.

CVS and Rite-Aid, part of the MCX consortium, were not launch partners for Apple Pay, but their customers used the NFC-enabled pinpads in stores anyway. The retailers responded by disabling the pinpads — and shining a light on MCX.

In the press conference, Davidson defended CurrentC, saying it is more than just a payment system.

It also brings together customer loyalty cards and will have offers, promotions and rewards which aren't currently a part of Apple Pay.

The app doesn't read credit card information, like Apple Pay and Google Wallet, but instead taps into your checking account and secures the transaction via a QR code. And you need to sign up with a social security number.

Beyond the e-mail attack, the ConnectC app — which is available on Google Play and iTunes for the pilot projects — has garnered some 5,000 mostly 1 star reviews.

Retailers who choose to use CurrentC must do so exclusively, dropping access to rival services, according to a Davidson blog post.

Following a New York Times report claiming MCX retailers faced harsh fines for offering competing payment services, Davidson insisted retailers "make their own decisions" on selecting CurrentC, and any retailers who choose to back out from the service will not be fined.

"When merchants choose to work with MCX, they choose to do so exclusively," said Davidson.

Meanwhile, MCX's early hack issues won't endear the new system to consumers, argues Geoff Webb, a senior director with NetIQ.

"This kind of hack isn't likely to instill a lot of confidence among skittish customers looking for reassurance that they can safely buy at retailers."

Follow Jefferson Graham and Brett Molina on Twitter:

Featured Weekly Ad