Share:

A Closer Look at CurrentC Reveals How It Collects User Personal Data

Share:

CurrentC, an upcoming mobile payments platform developed by a company called Merchant Customer Exchange (MCX), recently started to inform partners such as Rite Aid and CVS to disable NFC terminals in an attempt to block use of Apple Pay. A closer look by iMore at how CurrentC works has revealed the app wants to collect far more personal data then one would expect it to.

Connectc 03

In contrast to Apple Pay which uses NFC to process payments wirelessly, the CurrentC system uses a dedicated app and relies on QR code scanning to process a consumer’s payment. According to the source, on launch, the app immediately starts sending pings to https://my.currentc.com/mobile/pinggateway every two seconds or so. “No interesting data is sent in the requests and blocking them seems to have no impact on the app”. Next, a deviceState request goes out with your device type and a unique device identifier. The third and last request seen on launch is a call to Localytics, a mobile analytics company.

“After you’ve launched CurrentC you’re given two options: I Have An Invitation or I Need An Invitation. If you tap I Have An Invitation you’ll be asked for your email address and ZIP code. Entering an email that hasn’t been invited yet will kick you back to the first screen and give you a message saying they’ll let you know when CurrentC is available in your area. A concerning behavior I saw here is that regardless of what email you enter, CurrentC’s service will respond with a large dictionary of user data.

Now, I have to stress here, I never got CurrentC to return me a real user’s data. However, the fact that these fields exist is a good indicator that CurrentC plans to collect this data, and also why on Earth would you ever return these fields without any sort of authentication first? I never hit on an email that appeared to be a valid account, but I was honestly too nervous to keep trying given the data it seemed eager to send back”.

The source concludes its analysis of the app by saying that CurrentC doesn’t look like a great app for consumers to trust their information with. “I have additional concerns about CurrentC, but am hoping to hear back from them before disclosing them”.

Share:

  • Ben

    Congratulations on creating the one thing that both Apple and Android fan boys can agree on. The hate for this app and the idea of destroying it before it even hits the general public is bonding even the fiercest of fanboys. This is dead in the water before it gets released but the big box’s will push the hell out of it.
    They need to have a pretty compelling reason to tell consumers why we should get this app to save THEM on credit card fees. Haven’t seen it yet.

  • Al

    This is beyond silly. I would think that this sort of thing wouldn’t even be allowed in the app store (regardless of the existence of ApplePay). I wouldn’t be surprised if Andorid’s official app store would block this as well. Either way, both companies could block it out of spite, in which case, MCX and its partners would lose the battle (although it’s a one-sided battle, because Apple doesn’t have to do anything but wait).

    Common sense says CurrentC will by ancient history in weeks.

  • BrodieTheDog

    Talk about a malicious app. Friends don’t let friends get used by downloading this kind of thing. This is malware at its dirtiest. Spread the word.

  • Paying with QR code, also known as Betamax of the mobile payments industry.

  • MCX must have put on one helluva sales pitch to sign on all these retailers. It boggles my mind they think a QR code-based payment would take off. But hey, anything to bypass credit card fees right??

  • Ryan

    MCX may have HAD good marketing tactics in order to land a lot of big name companies, however right now it’s suffering. Rather then work with their current clientele, and have them perhaps start an incentive program for using their app, rather then Apple and Google’s NFC, they asked their clients to shut down their systems.

    Yes, it’s maybe one of the solutions for now, but they risk losing alot of business because of it (the opposite of what they’re intending). I have a feeling that due to MCX hoping for a monopoly on their “new technology”, their clients may jump ship to another POS provider, leaving them open for a takeover.

    I’m assuming since they have no confidence in their own product, they force it onto the end-user as the only electronic means of payment. People don’t like being forced into things… besides Credit and Bank cards still have a fairly long life ahead of them before any of this technology becomes standard.

    CurrentC will fail, and it’s their own fault for exposing themselves the way they did. Now they will be scrutinized for every detail. They dug their own grave IMO.

Deals