MCX: Hackers stole email addresses but never got anywhere near its mobile payment app

On Tuesday hackers managed to obtain email addresses of users beta testing MCX’s mobile payments app CurrentC, but the attack was directed at MCX’s email provider, not directly at the company’s own infrastructure, the big retail consortium revealed on Wednesday at what was perhaps one of the most stilted press conferences I’ve ever attended.

No credit card data or other financial information was compromised, and the CurrentC app was unaffected, MCX CEO Dekkers Davidson said during a press conference this afternoon. While some of the email addresses were for pilot testers and people who had signed up to participate in the pilot, many of the them were placeholders for dummy accounts used for internal tests. Davidson wouldn’t reveal the name of MCX’s email provider or how the attack occurred, saying that MCX would accept full responsibility for the breach.

“I own it,” he said. “CurrentC owns it.” He added that while MCX’s retailers are notifying any customers affected, the attack didn’t reveal any kind of security flaw in its core smartphone apps cloud-based payment authorization system. “We’ll learn from this, but we won’t let it slow us down,” he said.

(Source: MCX)

(Source: MCX)

MCX held the press conference to answer questions about the breach and the growing controversy surrounding its big retailer members refusing to accept to [company]Apple[/company] Pay and other competing mobile wallets. MCX is made up of some of the biggest big box stores, restaurant and pharmacy chains in the country, including [company]Walmart[/company], [company]Best Buy[/company] and [company]CVS[/company], who plan to roll out CurrentC either as a standalone app or integrated into their own affinity apps in early 2015.

But the press conference took on a rather surreal tone as Davidson responded to questions about why MCX was excluding all other payment systems with answers about how the retail industry needs to have multiple competing mobile wallets. He said no MCX member would be fined or penalized for accepting Apple Pay (contrary to an earlier report in the New York Times), while reiterating that member merchants have all agreed to use CurrentC exclusively.

From what I gather based on numerous sidestepped questions asked at the press conference, Davidson feels that MCX retailers are free do whatever they like as long as they quit the consortium, and that competition and third-party innovation are great as long as they’re done at some other retailer’s stores.

I’m not entirely unsympathetic to MCX. Its retail members are protecting their turf just like Apple and Softcard’s carrier members keep other mobile payments services off their phones, but we’re getting a lot of double-speak from MCX.

Big retailers can’t have it both ways. If MCX wants to keep Apple Pay out of its stores, fine (Apple Stores aren’t going to accepting MCX payments any time soon is my guess). But it’s ridiculous for MCX to try to sell us on this idea it’s promoting competition and innovation in the mobile payments space. In fact, it’s plain cynical. Attempts in the past to restrict mobile payments are the main reasons why buying something beyond a cup of Starbucks coffee with a smartphone is almost impossible today.

One of Davidson’s final comments was perhaps the most telling. He said the goal of MCX was for retailers to establish much stronger bonds with their customers, the implication being that Apple, Google or the carriers stand in the way of establishing that bond. “Three’s a crowd,” he said.