Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Pay vs Current C

Does it really matter?

Apple Pay / Google Wallet / All the other NFC Gizmos - okay.
CurrentC and other systems - okay.
Plastic - okay.
EMV - okay.

They are all payment systems. Good, bad, marginal, goofy......

Your average shopper, as long as they can pay cash or swipe plastic are happy. They don't care about any of this stuff unless forced too. Your average Walmart shopper doesn't own an iPhone 6/6+. They don't use Google Wallet. CVS/RiteAid shoppers have their prescriptions in that store and aren't going to move them because NFC was turned off. (Let's not forget MCX retailers are obligated under contract not to use AP/GW and have a few years invested in the development.)

Most merchants/retailers don't have an obvious ROI to use NFC. Banks like AP as it can increase CC use. Apple likes AP as a new revenue stream.

For me, the shopper; as long as I can pay via cash/CC/DC, I'm generally a happy camper.

Yes, I have AP (6+), I have GW (G3), and will occasionally use them. Day to Day, plastic is king. Requires no thought and my habits are well ingrained over time. :cool:
 
Brian Y said:
I look forward to a future where:

"The supermarket had a data breach, change your password"

Turns into

"The supermarket had a data breach, change your bank account number, phone all your utility companies to tell them about your new bank account, call the government and ask for a new SSN, call the driving license authority to ask them for a new licence number, and catch the first flight to Australia to escape the bailiffs who are tracking you down since you are responsible for fraudulent payments taken the way CurrentC does."
Click to expand...
I get what you're saying, but if CurrentC uses tokens (like Target does for their REDCards that pull directly from your checking account), then it doesn't matter if every register at your supermarket gets hacked ... all the hackers would get would be your token, which they can't do anything with.

I'm also wondering how easy it really is to "drain a bank account" with just a checking account number. With ACH, don't you essentially do a transfer from one bank account to another? Sounds a hell of a lot easier to track fraudulent ACH transactions (because there is a trail of where the money went).
 
Ntombi said:
I suggest you do a tiny bit of reading before commenting on how Apple Pay works, because you clearly misunderstood (or simply made an assumption). Apple DOES NOT store the credit card numbers. Anywhere. Period. The phone itself does not store the credit card numbers. That's one of the things that differentiates Apple Pay from Google Wallet and makes Apple Pay the most secure system to date.
Click to expand...

Actually he's correct. The card number is secured in token vaults held by other companies. The token vaults are held by the issuing bank.
 
Haha Current C was already hacked.


http://recode.net/2014/10/29/maker-of-retailer-apple-pay-competitor-has-already-been-hacked/

Wonder if this will change any retailers mind?
 
Bengalhawks said:
Haha Current C was already hacked.

Wonder if this will change any retailers mind?
Click to expand...

Ironically here is the MCX/CurrentC blog post from yesterday.

CurrentC/MCX said:
...What Are the Facts About Data Security?

On the data security side, the technology choices we’ve made take consumers’ security into account at every aspect of their core functionality. We want to assure you, MCX does not store sensitive customer information in the app. Users’ payment information is instead stored in our secure cloud-hosted network...."
Click to expand...

What a difference a day makes.

CurrentC/MCX said:
...Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app....
Click to expand...

Only a few testers and not even live yet. This is not going to end, I mean start well.
 
Armen said:
Dear CurrentC customer,

the MCX database was hacked. You may want to :

1. Contact the IRS because it is most likely your SSN will be used for identify theft.

2. Change your entire bank account number if there is any money left in there to begin with. (don't bother asking for the money back the bank can't help you it's gone)

we apologize for the inconvenience to your LIFE but hey, you saved us 2% on transaction fees.

P.S. Everyone knows you have diabetes now so we apologize for targeted ads you may receive now because of that.

Sincerely,

MCX
Click to expand...
Armen, you're quite prophetic. Powerball's at about $125M tonight - please, pick the 6 numbers for me!
 
caesarp said:
When the final product for CurrentC is released it will probably include NFC. They apparently left in some wiggle room to maybe add that in the future if necessary.

But, with or without NFC, it doesn't appeal to me.
Click to expand...

I read they are looking at Bluetooth low energy instead of NFC, but that of course could change.
 
I'm just going to start using my Amex at CVS and RiteAide to make them pay 7% instead of Visa / MC's 2%. They'll be out of business in no time. You're welcome :)
 
Ntombi said:
If you don't see the issue with some of the biggest retail victims of data hacking in recent times having all of your major personal information in their servers, I don't know what to tell you.
Click to expand...

I didn't say that. What I'm saying is the concern about sharing information such as demographics, purchase history, etc. People already do that all the time. At the end of the day this is turning into a tempest in a teapot.

If you don't want to use CurrentC then don't but regardless if how you feel about it my opinion is not going to change.
 
aristobrat said:
This is from earlier this month:

Chase Bank Hacked, Info Stolen for 83 Million Accounts

My guess is that the card issuers (like Chase, above) are the the ones that hold the token vaults for Apple Pay (which is why Apple Pay didn't work with every VISA card from the get-go).

If that's the case, above is an example of a major card issuer being hacked.


Not to excuse them, but to me, it's sounds a little easier to protect a dedicated set of servers in a data center setup to process CurrentC transactions than it does to protected 50,000 different cash registers that are spread across 2,000 locations in all fifty states.
Click to expand...

The problem with CurrentC is the lack of fraud protection and insurance. That's the biggest gapping hole.
 
aristobrat said:
Fair enough. :)


I really doubt that with CurrentC, the individual MCX retailers are all going to have your checking account number on-site.
Click to expand...

No, but apparently MCX is as successful at securing data as its members are. Trust has certainly not yet been earned here.



aristobrat said:
Apple Pay has your real credit card account number stored in secure servers (token vaults) operated by other companies (at least one of whom was recently hacked, not unlike the retailers), who replace the token that your iPhone sends with your actual credit card number during the last legs any Apple Pay transaction.
Click to expand...

You absolutely do not understand how Apple Pay works.

When you add your credit card to Apple Pay, your issuing bank and your phone agree upon a random Device Account Number (fake card number/token) that is the only number stored on the phone. Neither Apple nor any "other companies" have your credit card number or the DAN.


aristobrat said:
I'd be extremely surprised if CurrentC works any differently. I'd imagine they'd identify customers with a token (like how Apple Pay does), and the token vault (containing the real checking account number)/payment authorization would be handled by MCX.
Click to expand...

It remains to be seen, but I doubt that tokenization is involved. It's probably more like an account number. The real question is how they will defend against replay attacks (someone takes a pic of the QR code, decodes it, regenerates it, and presents it for payment). What a lot of people don't realize is that the Starbucks bar code you flash on your phone never changes, and is never authenticated. If I can see it and decode it, I can use it. Will CurrentC have better protections? Time will tell.

aristobrat said:
After being hacked, I don't think there's any way that Target and Home Depot would bring in a new payment type like MCX that didn't do tokenization like how Apple Pay does it. I can't imagine any retailer that is going to want liability for holding any customers financial information.
Click to expand...

Well, that's the rub - they really DON'T have any liability other than bad press. However, if your bank info gets compromised and money is taken from your account, you are 100% responsible to (try to) get it back - if you can. A lot depends on how quickly you notice and report it. Of course, there are no ramifications for leaking your SSN... Except bad press. But hey, they already have that..

I suppose the only good thing is that they are taking their time and not rushing it out the door. Hopefully it is time well spent. As for me, I'm using Apple Pay.

----------
aristobrat said:
I'm also wondering how easy it really is to "drain a bank account" with just a checking account number. With ACH, don't you essentially do a transfer from one bank account to another? Sounds a hell of a lot easier to track fraudulent ACH transactions (because there is a trail of where the money went).
Click to expand...

The destination account need not be in the US. It also doesn't have to be a legit account. Set it up with a stolen identity, transfer funds, withdraw, vanish.
 
JoeTomasone said:
Neither Apple nor any "other companies" have your credit card number or the DAN.
Click to expand...
See post 54.

----------
JoeTomasone said:
Well, that's the rub - they really DON'T have any liability other than bad press.
Click to expand...
In Target's case, the "bad press" lead to a loss of significant loss of customers (and revenue). So in that sense, there is a financial penalty imposed upon these merchants.
 
Interesting how CurrentC is already taking a defensive posture. Now they are not rulling out NFC or other tech and the are pushing the fact that affinity cards can be linked to your payment.
 
I think in the long run, from the consumer side there are significant advantages to Apple Pay. The backend system seems to be the most secure, and the TouchID security also provides both a visible security measure and ease of use.

The main reason for the existence of CurrentC is for stores to bypass credit card fees (which I can understand them wanting to do.) There is also the benefit of shopper and transaction information, although that can already be collected currently with the frequent shopper cards (they can actually still do this when you pay with Apple Pay.)

From what I read, on the consumer side CurrentC seems like a pain to actually use in a store. If they can't get their act together on this, I think CurrentC is ultimately doomed.

Rhonindk said:
Apple Pay / Google Wallet / All the other NFC Gizmos - okay.
CurrentC and other systems - okay.
Plastic - okay.
EMV - okay.

They are all payment systems. Good, bad, marginal, goofy......

Your average shopper, as long as they can pay cash or swipe plastic are happy. They don't care about any of this stuff unless forced too. Your average Walmart shopper doesn't own an iPhone 6/6+. They don't use Google Wallet. CVS/RiteAid shoppers have their prescriptions in that store and aren't going to move them because NFC was turned off. (Let's not forget MCX retailers are obligated under contract not to use AP/GW and have a few years invested in the development.)

Most merchants/retailers don't have an obvious ROI to use NFC. Banks like AP as it can increase CC use. Apple likes AP as a new revenue stream.

For me, the shopper; as long as I can pay via cash/CC/DC, I'm generally a happy camper.

Yes, I have AP (6+), I have GW (G3), and will occasionally use them. Day to Day, plastic is king. Requires no thought and my habits are well ingrained over time. :cool:
Click to expand...
 
With CurrentC, the question is not if my bank account number, social security number and drivers license number will be hacked.

It isn't even when.

The question is: how often?
 
JoeTomasone said:
The assertion in that post does not match up with Apple's assertions here:

https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
Click to expand...
There's nothing in that document that speaks to the process that happens on the payment networks end, when they receive an authorization request that contains an Apple Pay transaction.

The issuers maintain a “token vault” that maps back tokens to their respective PANs, and there can be multiple tokens for a single PAN.
Click to expand...
http://www.kirklennon.com/a/applepay.html

PAN = primary account number (i.e. the "real" credit/debit card number)

It seems like some folks think that with Apple Pay, their real credit/debit card number isn't used at all, which isn't true.

All I'm saying is that Apple Pay transactions still require the real credit/debit card number, and that number is stored on the servers of other companies.
 
aristobrat said:
...All I'm saying is that Apple Pay transactions still require the real credit/debit card number, and that number is stored on the servers of other companies.
Click to expand...

No it's not. It is only known and stored by your CC issuer. All passing of info from your iPhone is by tokens. There is no CC number on your iPhone that can be passed to anyone from your iPhone. There is NO way anyone or any company can acquire or determine your CC number from the tokens they receive. The token can only deciphered by the CC issuer.

No "other companies" know or store your CC info.

EDIT: Maybe YOU should read the article you linked since it does a good job of explaining and CLEARLY states your CC (or PAN) number is NOT stored or used in any transaction.

...add your credit card...This is the only step in the process where your PAN (CC number) is ever used....
Click to expand...
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back