You’ve probably heard by now, but a group of retailers, spearheaded by CVS and Riteaid, have started refusing Apple Pay, Google Wallet and Softcard (formerly ISIS Wallet). They are, instead, pushing their own, non-standards based, service called CurrentC.
Some background
Apple Pay, the new kid on the tap and pay mobile payment system block was released around a week ago finally bringing tap and pay to iOS. Starting a few years prior to this to this you had a few options such as Google Wallet or Softcard for Android users. The key to all of these services is that they piggyback on our existing credit card system, trading card swipes for NFC taps. The actual transactions were still handled by your credit card company.
For consumers, this is a good thing; it means the same fraud and liability protection you have with card swipes still apply (read: you have a generous period to dispute fraudulent charges and you’re typically only liable for about $50). Retailers aren’t too thrilled with this, however, as they still need to pay credit card related transaction fees.
Enter MCX and CurrentC
Around the same time a group of retailers including CVS, Kohls, Public, Target, 7-11, Hobby Lobby, Wawa, Gap, K-Mart, Shell, Wendy’s, Best Buy, Old Navy, Bed Bath & Beyond, Walmart and a whole host of others (around 58 in total) banded together to form Merchant Customer Exchange, an organization designed to sidestep credit card fees. How do they plan to do this? With their own mobile payment system CurrentC, of course.
In principle, the service offers a big deal for the consumer. It automatically applies any discount you qualify for and any loyalty card you happen to have, all while making it faster and easier for customers to complete their purchase.
Failed promises and compromises
CurrentC isn’t even available yet, but its app is (Play Store, App Store). Despite being unavailable the service is already failing to deliver on its promises and instead making, arguably dangerous compromises, particularly to your information and its safety.
Unlock, open, unlock, start, wait
That is the steps required for using CurrentC. As per their in-app documentation customers need to unlock their phones, find and open the CurrentC app, unlock the app’s built in security (I’ll give it this step), start the built in QR code scanner (you read that right) and wait for your phone to focus and scan a QR code generated by the payment terminal.
Contrast that with tap and pay systems. Tap phone on payment terminal, unlock payment app, done. On Apple devices with TouchID enabled, this is even easier; customers just tap their phone while holding their thumb over the scanner and all the unlocking happens automatically. Even cash and traditional credit cards are easier to use than QR code scanning.
You need to know what!?
It doesn’t end there. The way that MCX plans to sidestep credit card fees is by cutting the middle man and going straight to you bank. Retailers want direct access to your bank account to issue ACH transfers to get their money directly. This circumvents credit card fees and their end, but also credit card protection on customers’ end. Say good-bye to any fraud protection and liability coverage.
That’s not all they want to know either. CurrentC also can collect your location (for verifying you’re at the location the transaction took place, I’ll give it this one), your browser history, you call log and messages, your contact list and your health information (seriously!? there’s no plausible reason for that one); and can share all this with merchants, carriers, ad networks and government agencies (also a strange inclusion).
But wait! There’s more!
The icing on the privacy disaster cake is that in order to use this app, customers are required to enter their SSN and driver’s license number. Furthermore, you’re entrusting all of this information, not with a verified and trusted financial institution, but with the merchants themselves, the same merchants who have lost this very same data before. You have to give all of this extremely sensitive information to companies with a proven track record for losing it.
So what now?
At this point we really just have to wait and watch it play out. Apple has already fired back at MCX and its denial of Apple Pay. As a long time Google Wallet user and a customer at many of these stores, I must say I’m quite disappointed and a bit angry.
Its worth noting that not all of the companies that are a part of MCX have ever accepted tap and pay NFC payments, so you’re not losing payment methods there, just not gaining. Furthermore, competition is a good thing. If CurrentC was backed by a credible financial institution, didn’t mine more data than needed, and offered tap and pay (the later two could still be done easily), it would be giving Google Wallet and Apple Pay a run for their money and we’d probably all be on board.