CurrentC and Data Breaches

[JoeTomasone]

So in the wake of CVS' disabling of NFC/Apple Pay/Google Wallet in favor of CurrentC, I decided to take a quick peek into how many of the MCX members (the retailers behind CurrentC) have reported data breaches. After all, if they want me to provide my bank account number to them so CurrentC can do ACH debits from my account to pay for my purchases, I'd expect them to be pretty good stewards of data, right?

Well, of the 57 members I could identify, nearly a quarter have reported breaches. Remember, ACH debits have limited consumer protections compared to credit cards, with a wholy unfriendly procedure to recover stolen funds. And, unlike a bogus credit card charge that you don't have to pay while it is in dispute, with your bank account, YOU LOSE THE MONEY and have to fight to get it back.

Use CurrentC? I think not.

Since it seems likely that all MCX members will either disable or never adopt Apple Pay or Google Wallet in favor of CurrentC, you might also elect to use this list as a handy reference of places to avoid patronizing.

76			
7-Eleven		[URL="http://www.cspnet.com/category-news/services/articles/five-indicted-over-major-data-breach-hit-7-eleven-others"]http://www.cspnet.com/category-news/services/articles/five-indicted-over-major-data-breach-hit-7-eleven-others[/URL]
Acme Fresh Market			
Alon			
Bahama Breeze			
Banana Republic			
Baskin-Robbins			
Bed Bath & Beyond			
Best Buy		[URL="http://www.databreaches.net/update-on-best-buy-breach-4000-customers-possibly-affected/"]http://www.databreaches.net/update-on-best-buy-breach-4000-customers-possibly-affected/[/URL]
Buy Buy Baby			
Capital Grille		[URL="http://www.databreaches.net/hacker-sentenced-to-10-years-in-prison/"]http://www.databreaches.net/hacker-sentenced-to-10-years-in-prison/[/URL]
Chili’s			
Christmas Tree Shops			
Circle K			
Conoco			
CVS			
Dick’s Sporting Goods			
Dillard’s			
Dunkin Donuts			
Eddie V's			
Exxon Mobil		[URL="http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html"]http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html[/URL]
Face Values			
GAP			
GetGo			
Giant Eagle			
HMS Host			
Hobby Lobby			
Hy-Vee			
Kmart			[URL="http://www.forbes.com/sites/katevinton/2014/10/10/credit-cards-were-compromised-in-kmart-data-breach/"]http://www.forbes.com/sites/katevinton/2014/10/10/credit-cards-were-compromised-in-kmart-data-breach/[/URL]
Kohl’s			
Kum & Go			
Longhorn Steakhouse			
Lowe’s			
Maggiano's			
Meijer			
Michaels		[URL="http://www.washingtonpost.com/business/economy/michaels-says-nearly-3-million-customers-hit-by-data-breach/2014/04/18/3074e432-c6fc-11e3-8b9a-8e0977a24aeb_story.html"]http://www.washingtonpost.com/business/economy/michaels-says-nearly-3-million-customers-hit-by-data-breach/2014/04/18/3074e432-c6fc-11e3-8b9a-8e0977a24aeb_story.html[/URL]
My Goods Market			
Old Navy			
Olive Garden			
Philipps 66			
Price Rite			
Publix			
Quik Trip			
RaceTrac		[URL="http://www.cspnet.com/industry-news-analysis/corporate-news/articles/racetrac-dealing-data-breach"]http://www.cspnet.com/industry-news-analysis/corporate-news/articles/racetrac-dealing-data-breach[/URL]
Rite Aid			
Sams Club		[URL="http://www.computerworld.com/article/2560683/security0/update--security-breach-at-sam-s-club-exposes-credit-card-data.html"]http://www.computerworld.com/article/2560683/security0/update--security-breach-at-sam-s-club-exposes-credit-card-data.html[/URL]
Sears			[URL="http://www.forbes.com/sites/katevinton/2014/10/10/credit-cards-were-compromised-in-kmart-data-breach/"]http://www.forbes.com/sites/katevinton/2014/10/10/credit-cards-were-compromised-in-kmart-data-breach/[/URL]
Seasons 32			
Sheetz			
Shell			[URL="http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html"]http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html[/URL]
Shop Rite			
Southwest Airlines			
Sunoco			
Target			[URL="http://techcrunch.com/2014/01/10/targets-data-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-and-phones/"]http://techcrunch.com/2014/01/10/targets-data-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-and-phones/[/URL]
Walmart			[URL="http://www.computerworld.com/article/2560683/security0/update--security-breach-at-sam-s-club-exposes-credit-card-data.html"]http://www.computerworld.com/article/2560683/security0/update--security-breach-at-sam-s-club-exposes-credit-card-data.html[/URL]
Wawa			
Wendys			[URL="http://www.scmagazine.com/malware-used-to-compromise-payment-cards-at-wendys-restaurant-in-michigan/article/363208/"]http://www.scmagazine.com/malware-used-to-compromise-payment-cards-at-wendys-restaurant-in-michigan/article/363208/[/URL]
Yard House

Conversely, here's a link to a list of known merchants that DO accept Apple Pay: https://forums.macrumors.com/threads/1806254/

 

[CaptMarvel]

paying with cash still prevails, but I'm sure one day even it won't be accepted somewhere.

 

[dontwalkhand]

paying with cash still prevails, but I'm sure one day even it won't be accepted somewhere.

When I worked at Walmart, and my shift started at 7AM, and I was running register, I wouldn't see my first cash transaction until noon time. Most people pay with card.

 

[Bacong]

CurrentC hasn't even launched yet.

 

[CoilTap]

paying with cash still prevails, but I'm sure one day even it won't be accepted somewhere.

How does paying with cash prevail? Cash doesn't give me rewards or cash back or fraud/theft prevention. I never use cash unless I have absolutely no choice. Cash is for hobos.

 

[ttmrn]

How does paying with cash prevail? Cash doesn't give me rewards or cash back or fraud/theft prevention. I never use cash unless I have absolutely no choice. Cash is for hobos.

totally agree. same here.

 

[Oppressed]

I hate this service so much and it isn't even out! The company behind it wants to completely disable their competitors services from their stores even though their own service isn't out yet! How can these stores stand behind CurrentC? How did CurrentC suddenly have such a powerful say in such big name brand companies that they can dictate their POS systems and customer experience? What is really going on here because this sounds crazy?

 

[T5BRICK]

How can these stores stand behind CurrentC?

The group of retailers created MCX which created CurrentC.

 

[terraphantm]

I hate this service so much and it isn't even out! The company behind it wants to completely disable their competitors services from their stores even though their own service isn't out yet! How can these stores stand behind CurrentC? How did CurrentC suddenly have such a powerful say in such big name brand companies that they can dictate their POS systems and customer experience? What is really going on here because this sounds crazy?

The big brand name companies all came together and formed MCX - Merchant Customer Exchange. They essentially created CurrentC together. Their goal is to eliminate the CC processing fees and gain more information about their customers (including things like health data)

 

[wxman2003]

My question is what are YOU going to do about it? Stop shopping at all those stores and only shop at stores with NFC? Good luck with that. In the meantime, you will swipe your card at other stores, hand over your card to servers at restaurants, and you will still get hacked.

 

[JoeTomasone]

My question is what are YOU going to do about it? Stop shopping at all those stores and only shop at stores with NFC? Good luck with that. In the meantime, you will swipe your card at other stores, hand over your card to servers at restaurants, and you will still get hacked.

Quoting myself from another thread:

"No, that's obviously not feasible, certainly at this early date. However, I absolutely will choose a retailer that supports Apple Pay over one who does not, all things being otherwise equal. I've moved my prescriptions from CVS to Walgreens, I will shop Home Depot instead of Lowe's, will eat at McD's instead of Wendy's, and will buy electronics at Radio Shack instead of Best Buy."

Obviously Apple Pay is in its infancy, but it's a promising one. As more and more retailers support it, I will have more and more choices of places to use it, and perhaps one day I won't have to make those choices since it will become ubiquitous. It's a long way off, but at least *someone* is trying to make it happen.

 

[Ceviche Lover]

I hate this service so much and it isn't even out! The company behind it wants to completely disable their competitors services from their stores even though their own service isn't out yet! How can these stores stand behind CurrentC? How did CurrentC suddenly have such a powerful say in such big name brand companies that they can dictate their POS systems and customer experience? What is really going on here because this sounds crazy?

Calm down

 

[Oppressed]

Calm down

Well it is a bit ridiculous. After reading the details it shows how money hungry those companies are. Yes I know companies are suppose to make profit, but at such a huge cost to the consumer it feels wrong. I just hope Apple and Google ban their app. Which should fix the problem.

 

[TraceyS/FL]

I handle A lot of cash a day as a cashier. A lot. A big chunk from people expressing they are fed up with breeches and going back to cash.

The next chunk of guests are so loyal to their rewards/mile card it borders on comical.

As a cashier, I feel the management and executives are totally out of touch with the actual thoughts and feelings of their average guests. It is an amusing thing to watch at time - I have to laugh or I might cry.

The next year will be interesting to see play out in regards to payments and such....

 

[JoeTomasone]

Well it is a bit ridiculous. After reading the details it shows how money hungry those companies are. Yes I know companies are suppose to make profit, but at such a huge cost to the consumer it feels wrong. I just hope Apple and Google ban their app. Which should fix the problem.

What would be more amusing would be for MC/Visa/Amex to cancel their card charging agreements right around Black Friday.

CurrentC is really an attack on them and the banks.

 

[yg17]

I was at Target yesterday. The cashier started asking me to sign up for a red card and I interrupted her halfway through her spiel and told her I wasn't interested. I have no problem using my credit cards there because I know I'm not liable for a dime if they get hacked again. But it will be a cold day in hell before I give Target or CurrentC or anyone a direct line to my checking account.

The next chunk of guests are so loyal to their rewards/mile card it borders on comical.

How is that comical? If I can get rewarded for using my card, why shouldn't I use it every chance I get?

 

[mcdj]

One thing's for sure, that list of chains makes me very embarrassed to be American. Half of them are basically Chinese offloading docks; the other half are waiting rooms for diabetes clinics.

 

[Romy90210]

I do not know about you PPL but I will NOT trust any retailer with direct access to my checking account. We have seen how that has played out with PayPal where resolving issues is a pain but we also know that retailers do not keep their systems clean from malware.

 

[Tzerlag]

CurrentC hasn't even launched yet.

It's on trial run in Minnesota or someplace.

The group of retailers created MCX which created CurrentC.

Lead by Walmart.

I do not know about you PPL but I will NOT trust any retailer with direct access to my checking account. We have seen how that has played out with PayPal where resolving issues is a pain but we also know that retailers do not keep their systems clean from malware.

Damn right. I wouldn't link ANYBODY directly to my bank. Not PayPal, not my utility, not my gym.

I set up my bill payment as Push, not Pull.
I push the payment at the company, I never give permission for them to reach into my account to get my money. Never give out your account info. It leaves you liable.