The Disastrous Rollout of CurrentC

Two weeks ago, most people (myself included) had probably never heard of the Merchant Consumer Exchange (MCX). That is, until some of their members, most notably Rite Aid and CVS, disabled the otherwise functional NFC terminals that allowed Apple Pay to briefly work in favor of their own solution, CurrentC. So our first impression of the group is that of a Mafia-like overlord who dictates to us how we get to make payments at their member stores.

Then the merchants themselves started speaking out. The largest retailer in the world, Wal-Mart, who is a member of MCX, had this to say.

There are certainly a lot of compelling technologies being developed, which is great for the mobile-commerce industry as a whole. Ultimately, what matters is that consumers have a payment option that is widely accepted, secure, and developed with their best interests in mind. MCX member merchants already collectively serve a majority of Americans every day. MCX’s members believe merchants are in the best position to provide a mobile solution because of their deep insights into their customers’ shopping and buying experiences.

This is about a disingenuous as it gets. They don't care about you, what is convenient for you, or about the best experience. They care about their own bottom line, full stop. CurrentC, the MCX payment product, is an end run around credit card companies. Every time you swipe a credit card at a retail store, the retailer pays 2%-3% to the credit card company. CurrentC instead links itself to your bank account correctly, meaning much lower fees for retailers. That's fine, except that funds taken directly from a checking account have far fewer protections in the event of fraud than a credit card. I always use my debit card as credit for this very reason. Retailers have prettymuchproven that they cannot be trusted with our payment information. This is not having consumer's "best interests in mind". And what can "deep insights into their customers’ shopping and buying experiences" possibly mean other than creepy tracking?

So a bad roll out into the public consciousness for MCX. They decided to go on the defensive and wrote a blog post to "answer your questions". They have managed to make things even worse.

Meet or exceed industry-standard consumer fraud protection.

Please don't attempt to meet industry standards, they are terrible. You need to exceed, by a mile. That is what Apple Pay set out to do.

Provide consumers with multiple ways to pay at their favorite merchants, including merchant gift cards, credit cards and debit accounts and personal checking accounts. MCX has plans to add additional forms of payment, including credit cards.

I hate when companies "have plans" to do something. It may never happen. We see this all the time. At least in the US, credit cards are a big deal. Any payment system that does not support them at launch is probably dead in the water.

Empower consumers with full ownership of their decision to engage with merchants – they can choose to limit the information they share through our privacy dashboard, which means they will have the ability turn off location based services and opt out of marketing communications in our app.

Opt out is BS. If you make tracking opt out, the vast majority of consumers will never do it. A small percentage of users will turn this tracking off, but the vast majority will never know it is there. Opt out is a cop out, and they know it.

MCX merchants make their own decisions about what solutions they want to bring to their customers; the choice is theirs. When merchants choose to work with MCX, they choose to do so exclusively and we’re proud of the long list of merchants who have partnered with us. Importantly, if a merchant decides to stop working with MCX, > there are no fines> .

The choice is theirs, unless they choose us, in which case the choice is ours. I hate exclusivity. Imagine if you had to have a Visa, MasterCard, and Amex just because they all required exclusivity. You would never know when walking into a store which card they would accept. Apple and Google chose not to do this. They have no problem coexisting with other mobile payment methods, including each other. But with MCX, its either their way or the highway.

We want to assure you, MCX does not store sensitive customer information in the app. Users’ payment information is instead stored in our secure cloud-hosted network. Removing this sensitive information from the mobile device significantly lowers the risk of it being inappropriately disclosed in a case that the mobile device is hacked, stolen or otherwise compromised.

This is the most jaw-droppingly stupid thing in the entire post. It is literally the opposite of the security model we want to see. The weak point in security is not the device, it is cloud services. Hacking individual devices is difficult and slow. But hacking a server is not only easier, as it is available 24/7 to the whole internet, but also far more damaging as it can, in one fell swoop, lead to millions of accounts being compromised.

This has basically been their launch into the public consciousness, and it has been a disaster so far. If you want to know just how badly MCX has blown any positive feelings, they managed to unite the most viscous warring factions in the tech industry, Android and iOS users. Since Google Wallet also uses NFC, disabling Apple Pay has disabled it too.

But perhaps the biggest problem now is that nearly all tech savvy people are against this group. Those are not the people you want against you. Our friends and family will be asking us about these mobile payment systems and whether they should use them. For CurrentC, it will be a resounding "NO! Run away screaming!" Just look at the reviews for the app in the App Store.


Oh, and while I was writing this piece, news broke that they already had a breach of their data. Just email addresses so far, but still, I know I cannot wait to store all my data in their "secure cloud-hosted network".