Categories
Finance iOS iPhone News security Software

MCX responds to Apple Pay blocking controversy with questionable responses to issues at hand

applepayicon

The most recent shot in the NFC payment wars has been fired.

And it kind of made MCX look like a bunch of jerks.

Per 9to5Mac, MCX, the retailer consortium behind the CurrentC mobile payment system, has responded to the controversy over its members being required to block Apple Pay or face fines with some unconvincing ‘assurances.’

The first sign of trouble between MCX and Apple Pay was when CVS disabled NFC functionality from its payment terminals. When Rite Aid joined in, consumers responded by threatening to boycott MCX members.

In a blog post which MCX says is designed to “set the record straight,” as it were, MCX responded to some of the recent concerns levied against it.

Responding to the fines issue, the company offered the following comment:

Importantly, if a merchant decides to stop working with MCX, there are no fines.

Nobody has suggested there are. What has been suggested–and which MCX has not denied–is that members are fined if they accept other forms of mobile payment, like Apple Pay, alongside CurrentC.

The consortium gets off to a marginally better start on privacy, with a statement that consumers “can choose to limit the information they share through our privacy dashboard, which means they will have the ability turn off location based services and opt out of marketing communications in our app.” However, that does nothing to limit the storage of other sensitive information, nor to address claims that merchants will share purchasing data amongst themselves.


Claims that pharmacies would collect health data, which would be stored in the CurrentC system, were met with another questionable response:

CurrentC does not collect any information from any other apps, or health information stored in the mobile device.

That is merely stating that health data is not collected from third-party apps, not that it is not collected at all. Still, there’s a link to the Privacy Policy to learn more – a link which is, at the time of writing, broken.

Finally, MCX offered the following comment regarding data security:

We want to assure you, MCX does not store sensitive customer information in the app. Users’ payment information is instead stored in our secure cloud-hosted network.

This claim seems dubious, as past credit card hacks at major retailers, including MCX card member Target, may consider this a vulnerability.

Apple Pay, in contrast, doesn’t even store your credit card number, as the company explains on its webpage.

With Apple Pay, instead of using your actual credit and debit card numbers when you add your card, a unique Device Account Number is assigned, encrypted, and securely stored in the Secure Element, a dedicated chip in iPhone, iPad, and Apple Watch. These numbers are never stored on Apple servers. And when you make a purchase, the Device Account Number, along with a transaction-specific dynamic security code, is used to process your payment. So your actual credit or debit card numbers are never shared by Apple with merchants or transmitted with payment.

On the plus side MCX should be holding a great closing sale within a year and if you were hankering for a cheap Aeron chair, they might just be able to sell it to you on the way out…