Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

CurrentC Alerts Users of Unauthorized Access to Email Addresses

Mangchi said:
Just an FYI CurrentC and Apple all use third party processing systems (Ingenio/Ogone, etc.) and are engaged through API's and Middleware on closed systems. Just because CurrentC's email was hacked doesn't have any bearing into the security of its payment systems. Having worked for both Apple and a Multi-Global Bank (I am in processing systems) I can tell you, you are only as safe as the service you have invested in. Also, Apple's tokenization methods aren't anything new and are currently being implemented in many banks. The difference with Apple is they have less regulation and overhead allowing them to partner and implement those changes faster.
Click to expand...

But which payment system is more secure in your opinion? One that uses the EMVco standard and transmits only a DAN with a one-time use cryptogram (and stores the DAN in the secure element and no other sensitive information); or a system like CurrentC, where it ties directly into your bank account via ACH and in order to set up a CurrentC account you need to input your SSN and your drivers' license # on your mobile device?

No where in Apple Pay is your SSN# or Drivers' license # involved. Nor is the real credit card data involved (except behind the scenes at the banks, that have that info already anyway).
 
penajmz said:
Lmfao!!!!!! This is too good.

I feel like I'm watching a soup opera unfold.


Dun, dun, dun....what will happen next!? :eek:
Click to expand...

Soup Opera... brilliant. A food fight springs to mind for this whole thing except it's MCX and consumers.
 
chiefsilverback said:
I wonder if Apple will start to pull their in-store presence from Walmart?
Click to expand...

I had suggested that in the past, but am willing to admit that it was probably shortsighted. At the end of the day, Apple probably needs Walmart more than Walmart needs Apple. Going to war with them at this point isn't likely to get them to reverse course on CurrentC.
 
spacemanspifff said:
Why do people in the US seem to use Credit Cards for everything, don't you have Chip&PIN systems?
Click to expand...

They are coming. I have one in my credit union debit card, but I don't think the machines are set up to use the pin in most places. It just works like a normal card.

Americans love their credit cards for the rewards and the security.
 
Straight from Mr. :apple:watch
 

Attachments

  • giphy.gif
    giphy.gif
    731.8 KB · Views: 884
spacemanspifff said:
Why do people in the US seem to use Credit Cards for everything, don't you have Chip&PIN systems? Here in the UK we can already use our ATM cards to pay for stuff at the checkout using Chip&PIN. If you do this, the money is transferred from your checking account to the store directly, so does not involve a Credit Card company. A bit like the CurrentC system, without all the scanning hassles.
Click to expand...

CC companies have enticing benefits: point systems, extended warranties, purchase protection (hassle free returns if the store won't accept a return or restocking fee refunds), fraud protection and international support. My bank offers none of that (except maybe a hassle filled fraud protection). I don't use my CC for the credit part (when I was young and dumb, I learned my lesson) so I pay it in full each month and enjoy the benefits of the CC over debit/bank card.

Some CC companies are also offering chip+pin cards as well now (my wife's AMEX card came with chip+pin last week).
 
Mangchi said:
Just an FYI CurrentC and Apple all use third party processing systems (Ingenio/Ogone, etc.) and are engaged through API's and Middleware on closed systems. Just because CurrentC's email was hacked doesn't have any bearing into the security of its payment systems. Having worked for both Apple and a Multi-Global Bank (I am in processing systems) I can tell you, you are only as safe as the service you have invested in. Also, Apple's tokenization methods aren't anything new and are currently being implemented in many banks. The difference with Apple is they have less regulation and overhead allowing them to partner and implement those changes faster.
Click to expand...

Apple is not asking for my SSN during activation and/or my bank routing number. So, yes, backend migh be the same from processing standpoint. But, information management for the user is handle differently, right?

At the point of payment (application side) things can be quite different.
 
spacemanspifff said:
Why do people in the US seem to use Credit Cards for everything, don't you have Chip&PIN systems? Here in the UK we can already use our ATM cards to pay for stuff at the checkout using Chip&PIN. If you do this, the money is transferred from your checking account to the store directly, so does not involve a Credit Card company. A bit like the CurrentC system, without all the scanning hassles.

However, using this method, you don't have to give your bank or other details to any third party (unlike CurrentC) and this service is run by the banks themselves. I would guess the banks are charging the retailer for the service, as some smaller stores will not let you pay this way unless your purchase is above a certain amount, usually £5.

Clearly MCX can't operate this payment clearing service for free, so they are going to use data mined advertising, which means these stores are basically transferring their banking charges to their customers.

I am also wondering if the CurrentC system could be vulnerable to a Man-in-the-Middle attack. Where someone may be able to scan the QR code shown on your phone screen (perhaps with another phone) and then take money from your account using your code?

Finally, do you have these kinds of ATM cards in the US and if you do, can you store and use them with ApplePay?
Click to expand...

No, we don't have the chip-and-pin yet. Banks are forcing retailers to roll out upgraded payment terminals by October 2015 that accept the chip-and-pin. If a retailer takes magnetic stripe payments, they'll be liable for the fraud protection.

Apple Pay can store debit (ATM) cards and credit cards. Much like the chip-and-pin, you are scanning your phone rather than swiping a card. I'm not terribly knowledgeable about the chip-and-pin process, but I've read Apple Pay is more secure - actually the most secure payment process current available.
 
Mangchi said:
Just because CurrentC's email was hacked doesn't have any bearing into the security of its payment systems.
Click to expand...

Really? So you're willing to roll the dice and provide this startup with your personal information including driver's license, SSN, and banking information?

That's crazy, but good luck to you. :cool:
 
Mangchi said:
Since you understand it so well, how can a hacker, who hacks email, gain access to the middleware, the servers, and the processor servers (which are hosted by multiple sub systems and processor vendors?)

Please explain.

BTW: I get paid to build payment processor systems, which I why I felt the need to join this discussion.
Click to expand...


Remember something, MCX isn't made up of financial institutions or payment processors who are more accustomed (and skilled) at protecting payment data. It's made up of merchants who have shown a level of ineptitude in protecting their networks. 25% of them have had breaches in recent years.

It's not that the systems are the same... It's that they are this careless with the simple stuff, and given their continuing track record shouldn't be trusted with the really important stuff.

For all we know, they are gonna host their back end on a lightly guarded and unpatched MSSQL server with no encryption (no PCI-DSS in play!) and access by lots of hackable, phishable employees. We would HOPE that it's
better... But we have no assurances. They haven't even detailed how CurrentC works from a security perspective for review.
 
szw-mapple fan said:
Let's all blame Apple for this hack attack.

:rolleyes:
Click to expand...

Glad someone hacked in. There is no way I would give this company or any other company all that vital information. So it can be kept all in one location ... Together! They are just asking for trouble!! Go hackers go!
 
I just logged into my Target RedCard account and sent them this message:

I would like to cancel my Target RedCard. Please cancel the card immediately and remove ACH access to my checking account.

I am aware that Target is a member of the Merchant Customer Exchange (MCX) and it appears that you will be piloting the implementation of the CurrentC mobile payment platform and that it will be tied to your RedCard. As Apple has recently introduced their mobile payment solution ApplePay, I have become more informed on the different payment methods available through mobile devices. I am convinced that the security and ease of use of ApplePay far outweigh what CurrentC will be offering. Just this morning I read a story saying that CurrentC users' email addresses have possibly been compromised prompting me to write this e-mail request to cancel though I have been considering it for some time.

I also am disappointed that Target's participation in MCX precludes you from accepting ApplePay in stores. I hope Target of all companies realizes the need for the highest level of security in card transactions. I purchased a new iPhone with ApplePay in mind because I believe it will enhance the security of card transactions. I see that Target takes ApplePay in it's iOS app, so it's clear to me that you recognize that Apple has something to offer in this area. I am disappointed that your membership in MCX will prevent you from offering it as an in store payment method.

I probably would not be asking to cancel my RedCard if you had offered both ApplePay and later introduced CurrentC and allowed the two payment methods to coexist side by side. At least then, as a consumer, I would be able to choose which to use. However knowing that MCX wants to place the retailers' desire for consumer tracking ahead of the consumers' desire for transaction security has led me to make this request.

Please confirm to me by e-mail once you have closed my RedCard account and purged my checking account information from your database.

Regards,

BruiserB (I did put my real name here)
Click to expand...
 
Welp! :confused: I don't even know what to say. I figured it would fail simply for being to cumbersome. It turns out relaxed security will be the issue. I prefer companies with lots of experience to handle this type of thing. If CurrentC had used NFC as a solution rather than QR Codes it might have stood a chance but now.... you'd have to be nuts to trust CurrentC with the highly sensitive information they want to use.
 
BruiserB said:
I just logged into my Target RedCard account and sent them this message:

I would like to cancel my Target RedCard. Please cancel the card immediately and remove ACH access to my checking account.

I am aware that Target is a member of the Merchant Customer Exchange (MCX) and it appears that you will be piloting the implementation of the CurrentC mobile payment platform and that it will be tied to your RedCard. As Apple has recently introduced their mobile payment solution ApplePay, I have become more informed on the different payment methods available through mobile devices. I am convinced that the security and ease of use of ApplePay far outweigh what CurrentC will be offering. Just this morning I read a story saying that CurrentC users' email addresses have possibly been compromised prompting me to write this e-mail request to cancel though I have been considering it for some time.

I also am disappointed that Target's participation in MCX precludes you from accepting ApplePay in stores. I hope Target of all companies realizes the need for the highest level of security in card transactions. I purchased a new iPhone with ApplePay in mind because I believe it will enhance the security of card transactions. I see that Target takes ApplePay in it's iOS app, so it's clear to me that you recognize that Apple has something to offer in this area. I am disappointed that your membership in MCX will prevent you from offering it as an in store payment method.

I probably would not be asking to cancel my RedCard if you had offered both ApplePay and later introduced CurrentC and allowed the two payment methods to coexist side by side. At least then, as a consumer, I would be able to choose which to use. However knowing that MCX wants to place the retailers' desire for consumer tracking ahead of the consumers' desire for transaction security has led me to make this request.

Please confirm to me by e-mail once you have closed my RedCard account and purged my checking account information from your database.

Regards,

BruiserB (I did put my real name here)
Click to expand...


Bravo Bruiser!!!! I am boycotting these store...or I will go in...go up to the register with a bunch of stuff and when they won't accept apple pay, walk away leaving a cart of stuff for them to put back
 
Mangchi said:
Nobody is "getting" that information and storing it, its against the law for processors to hold that info. The info is entered, tokenized, encrypted, and passed to the processing service. A lot of people respsonding here have no clue how transaction systems or the regulations around it work.
Click to expand...

Dude, you must be a CurrentC employee. Everyone's gotta eat, right?
 
Really Bad

And this is the company that wants your SS and Credit Card Info... They can't event protect you data during a pilot program.
 
caesarp said:
But which payment system is more secure in your opinion? One that uses the EMVco standard and transmits only a DAN with a one-time use cryptogram (and stores the DAN in the secure element and no other sensitive information); or a system like CurrentC, where it ties directly into your bank account via ACH and in order to set up a CurrentC account you need to input your SSN and your drivers' license # on your mobile device?

No where in Apple Pay is your SSN# or Drivers' license # involved. Nor is the real credit card data involved (except behind the scenes at the banks, that have that info already anyway).
Click to expand...

Tokenization 2 is the best way to go. Im not saying its not what I am saying is people here are slamming CurrentC and have next to no idea how the technology works and are now saying CurrentC isn't safe because hackers hacked a low level email server. Breaking into an Ogone database is going to take more than a script kiddie.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back