Advertisement

Another black eye for MCX -- email list for CurrentC breached

Big whoops from MCX about CurrentC email breach


Would you trust a contactless payment solution that can't securely store the email addresses of people who have signed up to be included in the service's rollout?

MCX, the company pushing the CurrentC touchless payment alternative to Apple Pay and Google Wallet, sent out the security alert above earlier this morning (10/29/14). It went out to those who signed up for announcements about the service, which is currently in a pilot phase and anticipated to launch fully next year.

"Within the last 36 hours," the email says, "we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information." Oops.

This may tarnish the reputation of CurrenC and MCX, which obviously will depend on consumer trust when it launches. MCX is already getting some bad publicity thanks to the shutdown of Apple Pay, Google Wallet and Softcard-capable NFC payment terminals at Rite Aid, CVS, Best Buy and other MCX member retailers. While Apple Pay worked on launch day at some of these retailers, they moved to disable it presumably because of contractual requirements of the MCX consortium.

Ironically, the MCX website has a current blog post addressing some of the criticisms of the platform and talking up the solution's security model.

12:30pm ET 10/29: Updated with further details.