CurrentC, the mobile payment format retailers like Rite Aid, CVS, and Walmart are contractually obligated to use in lieu of Apple Pay, hit another stumble today. MacRumors reports that the consortium of businesses behind the payment platform, the Merchant Customer Exchange (MCX), experienced an email breach at some point in the last 36 hours, per a notice sent out to people who have signed up for the pilot program. (CurrentC isn’t set to hit stores until 2015.)
Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.
It’s unclear how many emails were compromised or who is behind the breach, but we’ll update this post as more details become available. Meanwhile, Redditors organizing a boycott of MCX retailers seem to think CurrentC will be dead on arrival. The format, which relies on QR codes, also requires users to provide a social security number and driver’s license number, which are then stored in the cloud. One of the main selling points of Apple Pay, of course, is security, since the platform relies on Touch ID to authenticate users.
In a blog post intended to dispel misinformation about CurrentC, MCX wrote that if a merchant decides to stop working with them, there is “no fine.”