Apple Pay competitor CurrentC hacked, alerts pilot program participants of security breach

MCX, the company behind CurrentC, sent out the email on Wednesday, revealing that its security systems were breached by unauthorized third parties within the last 36 hours. The company says its investigations suggest that only users' email addresses were obtained, but not any additional information.

Multiple AppleInsider readers sent a copy of the note that MCX sent to pilot program participants on Wednesday. Currently in trial, CurrentC is expected to launch at some point in 2015.

The system has found itself in the midst of a controversy over both Apple Pay and Google Wallet, as retailers participating in CurrentC are forbidden from offering alternative mobile payment systems. As a result, both Rite Aid and CVS shut down their NFC-based payment systems this past weekend, blocking the recently launched Apple Pay.

Major CurrentC partners include Walmart and Best Buy, and merchants are onboard because the MCX system utilizes users' bank account information rather than credit cards. If CurrentC were to catch on with consumers, it would allow those retailers to avoid paying credit card transaction fees.

In contrast, Apple's newly launched Apple Pay allows users to scan in their existing credit and debit cards, and use them as they wish. It's also compatible with existing NFC-based tap-to-pay technology, which has been offered by retailers for years with existing services like Google Wallet.

Earlier Wednesday, MCX attempted to defend CurrentC with a blog post in which it noted that sensitive customer data is saved in the cloud rather than on a user's smartphone. Given its own security breach and other recent high-profile consumer data incidents, MCX's insistence that its own cloud-based services are secure are likely to be met with skepticism from consumers.

Apple Pay, on the other hand, is anonymized and does not share customer purchasing metrics with retailers. Facilitated through NFC technology, iPhones users can simply take out their handset and authenticate a purchase via Touch ID. On the backend, a secure NFC module monitors for nearby terminals and sends over tokenized payment data from a secure hardware element without need for additional user interaction.

The full email sent out by MCX on Wednesday reads as follows:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.