CurrentC Alerts Users of Unauthorized Access to Email Addresses

[mdlooker]

My point is none of the info is stored the way most of you think. The payment processing world isn't just a few servers talking to each other. Most of the servers are hosted elsewhere and are talked to through Middleware/API. With my bank we don't see 95% of the info you key in it goes directly to our MW server and on to the processor in a Token, very similar to Apple but its the older generation. Also, when you get a bank account you hand over all the info, when you apply for a CC online you give all that info. Applying for a CC online with a SS is more dangerous than this by a long shot, especially because FICO's system is crazy complex.

----------



There are STRICT regulations in this industry regulators know everything because we are only allowed to do a few things.

If I'm not mistaken, the hackers of Target and others didn't get their information and successful hack in a fast manner. I believe they gathered customers information bit by bit, little by little, and it accumulated over time.

So though information may not be given to them in one big bow, it is given to them in bits and pieces... none of which is hardly safe.

Better methods are obviously out there so why not accept them?

 

[John.B]

Tokenization 2 is the best way to go. Im not saying its not what I am saying is people here are slamming CurrentC and have next to no idea how the technology works and are now saying CurrentC isn't safe because hackers hacked a low level email server.

I know that the Target hack cost me literally dozens of hours of my life I'll never get back, trying to straighten out my checking account.

Your assumption that customer financial information is secure with retailers shows that, at best, you're drinking the Kool-aid.

 

[michikade]

I just don't understand how CurrentC is supposed to beat NFC at this point. With Android and Apple devices having the capability, the demand is there for it by consumers across the board - and who is more vocal than a bunch of pissed off Apple fans? (Hehehehe )

I won't give a weird third party my SSN, drivers license number, bank information, etc ANYWAY, even without this breach (that I admit I laughed heartily at). The retailers themselves have had personal information leaked in the past, but getting a new debit/credit card number is FAR less hassle than dealing with identity theft - which is exactly what all the information they're asking for will cause if they're hacked more than just the email list.

I haven't used a card at target in ages, mostly because of their security breach in the last year - I exclusively use gift cards that can be scanned from a barcode in Safari, so I wouldn't necessarily boycott Target but I sure won't use CurrentC there.

I don't see how CVS could want MORE information on my shopping habits - I have an Extra Care Card, they know everything I buy, every time I buy it.

Walmart is... well, Walmart. I'm not really shocked that they went with the off brand payment type.

 

[CFreymarc]

I bet good money that Apple reviewed this over a year ago and decided to go their own path. The security and encryption guys in The Loop are some of the best in the business.

 

[sp33drcr23]

hahaha this is too funny! CVS, Rite Aid...what do you have to say about that now?

via Imgflip Meme Maker

 

[giantfan1224]

I had suggested that in the past, but am willing to admit that it was probably shortsighted. At the end of the day, Apple probably needs Walmart more than Walmart needs Apple. Going to war with them at this point isn't likely to get them to reverse course on CurrentC.

If you mean that Apple needs Walmart more than vice versa because Apple probably makes more having their products in Walmart than Walmart makes selling them, then I agree. However, Apple hardly needs Walmart to be successful. In fact, as someone else stated, if Apple pulled all their products from Walmart tomorrow, someone would quickly fill that void. I doubt it would even result in the slightest blip on an earnings statement. You do realize Apple's valuation is more than twice that of Walmart's, don't you?

 

[BMcCoy]

The US needs to do something.. whether it's a move to chip/pin, or adoption of a secure NFC system like ApplePay... the fraud costs to US banks are staggering.

Half of global credit card fraud is in the US!

"U.S. banks and merchants have tolerated the weak security in part because they are able absorb the costs, said David Robertson, publisher of the Nilson Report, a California trade journal that tracks the payments industry.

In its August issue, Nilson said global card fraud rose to a record $11.3 billion in 2012, from just under $10 billion the year before. Nearly half the losses occurred in the United States, helped by the lack of the more advanced card readers."

 

[jpmd70]

Tokenization 2 is the best way to go. Im not saying its not what I am saying is people here are slamming CurrentC and have next to no idea how the technology works and are now saying CurrentC isn't safe because hackers hacked a low level email server. Breaking into an Ogone database is going to take more than a script kiddie.

And they have hacked into NASA, FBI, DOD... etc.

 

[Mystic386]

MCX were in trouble long before this hacking;


July 18 2013 - Dekkers Davidson hired by MCX
http://www.businesswire.com/news/ho...Davidson-Chief-Executive-Officer#.VFEPYb4dKbI

“Davidson joins MCX... the organization is rapidly progressing toward bringing its customer-focused and securely-delivered mobile payments solution to market.”


4th September 2014 - The MCX Product Unveiling
Davidson announces what MCX is and why it’s better then a product by an unnamed competitior to be released in days (Apple) but provides only broad product outlines. It appears MCX do not have a working product.

http://www.pymnts.com/in-depth/2014/the-411-on-mcx-and-mobile-payments/#.VFEOeb4dKbI

So rapidly progressing in July 2013 wasn't really rapid.


22 October Dekkers in his blog states

http://www.mcx.com/blog/getting-mobile-payments-right/
MCX offers;
“Broad payment options: No-one likes to have their choices limited. ”
and
“A recent report from BI Intelligence stated that mobile in-store payments will grow from $1.8 billion in 2013 to $189 billion in 2018”

MCX then go on to limit consumer choices and show they are going to miss the first 2 years of this all important curve.


It seems like MCX have missed the boat and now are having to redesign the product to counter more of the unnamed competitor. So will miss more of the curve. And then they get hacked. Priceless.

 

[ViktorEvil]

very funny

 

[oddnendz]

Why do people in the US seem to use Credit Cards for everything, don't you have Chip&PIN systems?

Cheap-ass retailers who don't want to pay for new terminals. They had to be forced by Congress to have Chip & Pin (or Chip & Sign, due to large number of ATMs that will have to replaced.)

Here in the UK we can already use our ATM cards to pay for stuff at the checkout using Chip&PIN. If you do this, the money is transferred from your checking account to the store directly, so does not involve a Credit Card company. A bit like the CurrentC system, without all the scanning hassles. However, using this method, you don't have to give your bank or other details to any third party (unlike CurrentC) and this service is run by the banks themselves. I would guess the banks are charging the retailer for the service, as some smaller stores will not let you pay this way unless your purchase is above a certain amount, usually £5.

You are little confused. We use debit cards and checks to pay for items out of our banking acounts. Credit cards is basically a line of credit. CurrentC takes money from banking accounts. Apple Pay works with Debit and Credit accounts.

So, your ATM card is like my Debit card.

To me, CurrentC is like checks. Checks have your banking account number and routing numbers. Retailers always ask for your Driver License number. I was really good at gaming the timing issue until electronic checks (timing = the time the retailer deposits the check to when it cleared my account).

Clearly MCX can't operate this payment clearing service for free, so they are going to use data mined advertising, which means these stores are basically transferring their banking charges to their customers.

I am also wondering if the CurrentC system could be vulnerable to a Man-in-the-Middle attack. Where someone may be able to scan the QR code shown on your phone screen (perhaps with another phone) and then take money from your account using your code?

Probably.

Finally, do you have these kinds of ATM cards in the US and if you do, can you store and use them with ApplePay?

yes

 

[xristy]

Tokenization 2 is the best way to go. Im not saying its not what I am saying is people here are slamming CurrentC and have next to no idea how the technology works and are now saying CurrentC isn't safe because hackers hacked a low level email server. Breaking into an Ogone database is going to take more than a script kiddie.

The fact that APPLE Pay is an end-user implementation of Tokenization-2 access is in fact a selling point. Apple is leveraging existing, accepted and vetted solution to provide the user and businesses with improved security. If a scheme such as this becomes the norm it should radically mitigate credit card harvesting.

CurrentC by design is a debit card scheme and that's not how I manage my monthly spending. CurrentC uses a largely untested security design by comparison with the vetting of Tokenization-2. These reasons are not why I'm slamming CurrentC.

I'm slamming CurrentC for limiting choice at the checkout counter. It's a foolish marketing move and anti-competitive. CurrentC using businesses can offer small discounts to attract users who choose to use CurrentC rather than Apple Pay / Google Wallet.

 

[izzle22]

Huh?

When you swipe your REDCard, the 16 digit account number on your card has zero correlation to your actual checking account information. It's essentially a token.

When you pay with Apple Pay, the account number your iPhone uses has zero correlation to your actual credit/debit account information. It's essentially a token.

Seems like Target has implemented exactly what you're chastising them for.

Huh???

Didn't you hear just this past holiday season where Target was hacked and compromised thousands of customer's information?? This had nothing to do with their hardly used redcard, This was with regular credit and debit cards. Apple Pay would have eliminated this.

 

[cjmillsnun]

I hope Apple did this. Ha!

I hope they did not.

 

[jrswizzle]

If you mean that Apple needs Walmart more than vice versa because Apple probably makes more having their products in Walmart than Walmart makes selling them, then I agree. However, Apple hardly needs Walmart to be successful. In fact, as someone else stated, if Apple pulled all their products from Walmart tomorrow, someone would quickly fill that void. I doubt it would even result in the slightest blip on an earnings statement. You do realize Apple's valuation is more than twice that of Wal-Mart's, don't you?

Fixed for you.

 

[WickedMessenger]

Why do people in the US seem to use Credit Cards for everything, don't you have Chip&PIN systems? Here in the UK we can already use our ATM cards to pay for stuff at the checkout using Chip&PIN. If you do this, the money is transferred from your checking account to the store directly, so does not involve a Credit Card company.

I live in the UK and it's better for me (financially) to pay with my Santander 123 Credit Card as it gives me cashback on my purchases.

 

[Mangchi]

If I'm not mistaken, the hackers of Target and others didn't get their information and successful hack in a fast manner. I believe they gathered customers information bit by bit, little by little, and it accumulated over time.

So though information may not be given to them in one big bow, it is given to them in bits and pieces... none of which is hardly safe.

Better methods are obviously out there so why not accept them?

The issue is Target took the hit, but the hack was to there processing system.

----------

And they have hacked into NASA, FBI, DOD... etc.

Different systems.

Thats like saying I can fly a plane because I can drive a car because they are both forms of transportation. Just because you hack into a system doesn't mean you have access to everything.

 

[machtv]

if you do not like a slamming currentC then go to a Another thread. nobody is going to care about your expertise in the industry or whatever it's not relevant. CurrentC is a enemy to Apple that's all that matters.

why all the hate on CC just because they are doing things different. if someone wants to use CC then let. no need to have hatred towards them

 

[satcomer]

CurrentC hacked

That didn't take long. I guess they didn't learn from the China bans online payments ... blocking QRCodes because they are to easily hacked.

 

[BruiserB]

Huh?

When you swipe your REDCard, the 16 digit account number on your card has zero correlation to your actual checking account information. It's essentially a token.

When you pay with Apple Pay, the account number your iPhone uses has zero correlation to your actual credit/debit account information. It's essentially a token.

Seems like Target has implemented exactly what you're chastising them for.

The RedCard, like any other credit card is a STATIC token. All of my Credit Card numbers are tokens to the real account. The credit card companies are able to change the token by issuing new cards at great expense to them (and inconvenience to me). In addition, Target's systems are storing my ACH account info regardless as to whether the card number itself is a token.

ApplePay uses DYNAMIC tokens. The device account number may stay static (but I think I read that it may occasionally change as well...not totally sure on that point), but the system dynamically creates the information that is sent to the POS terminal. If that info is compromised, it is useless to the next person who tries to use it.

So no, the RedCard does not provide the same level of security as ApplePay.

 

[cruisencode]

This is funny because Apple has never been hacked.

 

[cjmillsnun]

Why do people in the US seem to use Credit Cards for everything, don't you have Chip&PIN systems? Here in the UK we can already use our ATM cards to pay for stuff at the checkout using Chip&PIN. If you do this, the money is transferred from your checking account to the store directly, so does not involve a Credit Card company. A bit like the CurrentC system, without all the scanning hassles.

However, using this method, you don't have to give your bank or other details to any third party (unlike CurrentC) and this service is run by the banks themselves. I would guess the banks are charging the retailer for the service, as some smaller stores will not let you pay this way unless your purchase is above a certain amount, usually £5.

Clearly MCX can't operate this payment clearing service for free, so they are going to use data mined advertising, which means these stores are basically transferring their banking charges to their customers.

I am also wondering if the CurrentC system could be vulnerable to a Man-in-the-Middle attack. Where someone may be able to scan the QR code shown on your phone screen (perhaps with another phone) and then take money from your account using your code?

Finally, do you have these kinds of ATM cards in the US and if you do, can you store and use them with ApplePay?

They don't have Chip and PIN yet in the US (They actually aren't going to have. They'll have chip and signature). They are the last country except Antartica who will be going to chipped cards.

 

[Mangchi]

This is funny because Apple has never been hacked.

Exactly my point. Wasn't Apple just in an iCloud hacking scandal?

 

[Peace]

This is funny because Apple has never been hacked.

Exactly my point. Wasn't Apple just in an iCloud hacking scandal?

Apple Pay doesn't use the cloud.

 

[giantfan1224]

Fixed for you.

Ah, thank you. Sometimes you can proofread a thousand times and one will still slip by.