You can’t get much more inauspicious

A few days back, I quoted both Bill Quick and @SwiftOnSecurity on the future of CurrentC, billed as a rival to ApplePay. Neither was what you’d call favorably impressed. But CurrentC has now taken the first step towards becoming a Real Payments Company. They’ve been hacked:

CurrentC, which is a mobile payment system backed by the Mercantile Exchange (MCX), sent out an email to its pilot users stating that an unauthorized third party had obtained email addresses of some of its users, the MCX confirmed to CNBC in an email statement.

“Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.”

This does not mean, of course, that no one will ever break into ApplePay; but when you’re trying to sign up clients, this is not the sort of wording you want on your prospectus.

(Via Matthew Green.)


  1. fillyjonk »

    30 October 2014 · 10:24 am

    At this rate, we’ll be going back to using seashells and stones with holes through them before too long.

  2. JT »

    30 October 2014 · 10:35 am

    From the people that brought you TJX and Target!

    Seriously though, at least Apple has a good idea, single-use session keys for transactions is the way to go. Unfortunately, the big vendors and banks still want to track short and long term statistics on spending patterns, usage, etc.

RSS feed for comments on this post