Light Dark
October 31, 2014 By Shane Schick 2 min read

Early users of a mobile payment app called CurrentC may discover their contact information and other information has already been lost to third parties, casting doubt on whether retailers can provide a secure alternative to Apple Pay.

Supported by the Merchants Customer Exchange (MCX), CurrentC was championed by Wal-Mart and other major retailers as a way to bypass the need to use credit cards and let consumers pay with their smartphones. However, Business Insider confirmed that some participants in the beta program have already been informed that their email addresses have been affected by a data breach, though the exact number of those affected was not reported.

As a detailed profile of CurrentC on Re/code noted, the app isn’t expected to be widely available until sometime next year, and it’s uncertain at this point whether the early loss of user data may push things even further. MCX consortium members hope the app proves more popular than Apple Pay because it would mean they wouldn’t incur the same credit card fees.

Though the CurrentC app itself was not hacked, the loss of email addresses may prompt people who are reluctant to adopt Apple Pay to consider other alternatives such as Google Wallet.

A comparative analysis of the two mobile payment systems on Tech Times pointed out that although Google Wallet uses a certain level of token-based security not unlike Apple Pay, it stores it in the cloud, which may make some consumers nervous after the recent high-profile incidents of cloud-based system hacking involving A-list celebrities.

Meanwhile, an editorial on Bloomberg View argued that Apple Pay, CurrentC and any other mobile payment apps could learn from PayPal, which thrived in the early days of e-commerce by helping retailers reduce fraud. That reputation for security may help PayPal in its quest to stay competitive with Apple Pay.

Then there’s Square, the firm co-founded by Twitter’s Jack Dorsey, which has recently opened up a marketplace for developers to create apps that integrate with its own service, according to The Next Web. If security becomes a differentiator for some of those apps, it may help Square look more compelling than Apple Pay, Google Wallet or CurrentC.

Ultimately, any data breach is bad news for all mobile payment providers, experts told Bank Systems & Technology. What it may mean is that consumers become so nervous about hackers that they avoid any new services altogether. The ultimate rival to Apple Pay and the rest could be an old-fashioned wallet full of credit cards.

 |  |  |  | 
Shane Schick
Writer & Editor

More from

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature