Could This Be A Back-Door For WP Mobile Payment?

[fatclue_98]

The CurrentC issue that I have, besides hoping your smartphone's camera can quickly and correctly read the QR code presented to you, is the fact that 1) they want direct access to your bank info and 2) in order to add or change info you must enter your driver's license and Social Security #!

So what happens the next time there is a HUGE breach? Normally, when your info is stolen, you'd deal with your bank or CC. Never the merchant. I cannot picture walmart customer service really trying to help you out after someone drained your bank account buying video games, toys and more.

How would this scenario be any different? You wouldn't be calling the vendor, you'd be on the phone with your bank asking who the f**k took liberties with your bank account. I'm just playing devil's advocate because there's no way I'd be using this so I don't have any dogs in this hunt.

 

[phelme]

The CurrentC issue that I have, besides hoping your smartphone's camera can quickly and correctly read the QR code presented to you, is the fact that 1) they want direct access to your bank info and 2) in order to add or change info you must enter your driver's license and Social Security #!

Apparently the Paydiant system was already in use as a pilot in the U.S. with the Barclay bPay app. Users seemed to love it given the comments on the Apple App and Google Play stores (yes, including getting promotions). Not sure exactly how it correlates with what CurrentC will be, the apps looks similar, but bPay had credit cards too.

In the case of bPay, Barclay is a bank, they had all their user's info anyway. rly:

The big piece missing is the fraud protection, I agree. They'll have to address it and I'm curious to see what they'll say. Though speaking from personal experience with identity theft, retailers do tend to bend over backwards to help you these days. Which wasn't so true a decade ago.

 

[iamtim]

The system is still being developed but you're already calling it garbage?

I don't know if it's garbage or not, but it is surely a back door... a back door to your personal information: In-depth look at CurrentC and the personal data they want to collect | iMore

 

[phelme]

I don't know if it's garbage or not, but it is surely a back door... a back door to your personal information: In-depth look at CurrentC and the personal data they want to collect | iMore

Interesting read, thanks for the link. Hopefully Paydiant is working to improve their backend.

And of course it's all about collecting data. :smile:

 

[fatclue_98]

I don't know if it's garbage or not, but it is surely a back door... a back door to your personal information: In-depth look at CurrentC and the personal data they want to collect | iMore

Since I won't be using this or any other form of mobile payment system, I'm still curious as to all the personal information that's going to be culled. I didn't see any mention of it in the iMore article you linked, I keep reading about driver's licenses, social security numbers and your wife's bra size. Where is it? Who's asking for it? I saw no mention of any of it on CurrentC's website or Paydiant's. Where are the terms and conditions that stipulate what information will be gathered? Typical WP thread with a gazillion suppositions and innuendos but not one shred of cold, hard fact. At least you provided a link, but it was just more of the same but from another source.

People, I don't know if any of this is true. Therein lies the problem, none of us do. We don't know what these companies are going to do or how they're going to do it. What I do know is that there are a lot of people upset that their preferred MoP on their mobile devices is being either phased out or eliminated already.

 

[fatclue_98]

I simply could not contain myself and I contacted CurrentC. This was their reply.

A MESSAGE TO OUR CUSTOMERS



Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.





If you have any inquiries, know of an error, or if your mobile device is lost or stolen, please contact us immediately by calling 855-772-8773, via email at CustomerCare@CurrentC.com, or via mail at CurrentC Customer Care, PO Box 30575, Tampa FL 33631-3575.

? 2014 Merchant Customer Exchange LLC. All rights reserved. CurrentC, CurrentC & Logo, MCX, MCX Merchant Customer Exchange & Design and all associated proprietary marks are trademarks of Merchant Customer Exchange LLC and its related entities. Other third-party trademarks are the property of their respective owners.

 

[phelme]

Since I won't be using this or any other form of mobile payment system, I'm still curious as to all the personal information that's going to be culled. I didn't see any mention of it in the iMore article you linked, I keep reading about driver's licenses, social security numbers and your wife's bra size. Where is it? Who's asking for it? I saw no mention of any of it on CurrentC's website or Paydiant's. Where are the terms and conditions that stipulate what information will be gathered? Typical WP thread with a gazillion suppositions and innuendos but not one shred of cold, hard fact. At least you provided a link, but it was just more of the same but from another source.

I assumed the personal IDs' request was mentioned in the TechCrunch article on CurrentC. It's not so I did some digging. The first reference I found was on Macrumors, they found it here, on the CurrentC site itself laying out the sign-up process.

We've all given out SS and driver's license numbers etc. before, but usually it's either government or (an unfortunate trend) health related. Maybe for insurance, mortgages, cars and rental autos. Ironically, don't cell phone companies in the U.S. ask for a SS # too? (I assume for a credit check).

I'm sure Paydiant thinks it's to protect you as much as confirm you are who you say you are. I believe they'd try to give a reasonable explanation if given the chance, but the Apple-set who can't use their new feature gets all knee-jerk about it.

 

[psiu_glen]

What I do know is that there are a lot of people upset that their preferred MoP on their mobile devices is being either phased out or eliminated already.

MoP that has been working on CC's for YEARS? Standards based and secure? In exchange for?

Yeah, could be an annoyance.

Went to Walgreens yesterday

 

[Laura Knotek]

It sure didn't take long for Current C to get hacked, and it isn't even beyond trial stage at this point.
Sent from my Nokia Lumia 920 via Tapatalk

 

[phelme]

It sure didn't take long for Current C to get hacked, and it isn't even beyond trial stage at this point.

Sigh. CurrentC/MCX's system was not hacked, the third-party email provider they were using was.

I feel the need to repeat this, because if it isn't, the FUD, which I feel most press spreads, just continues.

 

[wuiyang]

Not sure how it works, but this is a more secure way to do it:
First, let customer scan the retail store's QR code.
Second, customer insert amount of the payment. (eg: $200)
Third, press confirm, phone will show retailer's name, amount of the payment.
Forth, wait for server's respond and get unique payment's QR code for the cashier to scan. (QR code valid for 1 minutes)
Fifth, the cashier scan the unique QR code.
Sixth, the cash register's screen will show the retail's name, amount of the payment, customer's name.
Seventh, wait for server's respond and get unique confirmation QR code. (QR code valid for 1 minutes, too)
Eighth, customer scan the confirmation QR code to confirm the payment.
Ninth, phone send the request, once get the respond, the cash register's screen and phone both show "PAYMENT COMPLETED".
Retailer's server will get a copy of encrypted file, if retailer wanted to view it, it need to do the same thing (except customer become manager)
Done, although it take a more than 2 steps, but have extra secure for the payment.

 

[Cleavitt76]

...
Tenth, everyone in line lynches you and the cashier for holding up the line for so long scanning each others QR codes.

This whole thread makes me want to go back to using only cash, or maybe even trading cows, ears of corn, bushels of wheat, etc. All of these third parties are fighting way too hard to get into our bank accounts, track us all, and/or collect fees for being an otherwise useless middle man. None of them are actually making any attempt to create a system that simply makes payments easy and secure. This is one of those times that it would be nice to have a government agency (like the Federal Trade Commission or the Consumer Protection Agency) step in to create and enforce some minimum standards. Of course that is just a pipe dream because too many people would scream "big government" and our government is owned by these same greedy corporations anyway. /end rant.

 

[anon(50597)]

Not sure how it works, but this is a more secure way to do it:
First, let customer scan the retail store's QR code.
Second, customer insert amount of the payment. (eg: $200)
Third, press confirm, phone will show retailer's name, amount of the payment.
Forth, wait for server's respond and get unique payment's QR code for the cashier to scan. (QR code valid for 1 minutes)
Fifth, the cashier scan the unique QR code.
Sixth, the cash register's screen will show the retail's name, amount of the payment, customer's name.
Seventh, wait for server's respond and get unique confirmation QR code. (QR code valid for 1 minutes, too)
Eighth, customer scan the confirmation QR code to confirm the payment.
Ninth, phone send the request, once get the respond, the cash register's screen and phone both show "PAYMENT COMPLETED".
Retailer's server will get a copy of encrypted file, if retailer wanted to view it, it need to do the same thing (except customer become manager)
Done, although it take a more than 2 steps, but have extra secure for the payment.

No way people will do this, too many steps. People want convenience.