Over the last few days, CVS and Rite Aid have disabled NFC technology at their retail outlets to prevent customers from using Apple Pay. It's been reported that this is due to an existing deal in place with a system called CurrentC, which involves the use of an app, QR codes, your bank account, and their servers. Walmart recently explained MCX's — the consortium behind CurrentC — position to Business Insider as follows:
There are certainly a lot of compelling technologies being developed, which is great for the mobile-commerce industry as a whole. Ultimately, what matters is that consumers have a payment option that is widely accepted, secure and developed with their best interests in mind. MCX member merchants already collectively serve a majority of Americans every day. MCX's members believe merchants are in the best position to provide a mobile solution because of their deep insights into their customers' shopping and buying experiences.
It's also been suggested that CurrentC will help retailers avoid credit card transaction fees while also letting them mine personal data. With that in mind, here are some questions about MCX and the CurrentC app:
- Why do they want to retrieve your device's MAC address? (Don't worry, as of iOS 7, the OS returns a fake MAC address of 02:00:00:00:00:00 which is what CurrentC seems to be sending to their servers)
- Why do they want to log your device name, WiFi network name, and number of running processes?
- Why do they use a unique device ID that persists across multiple installs?
- Why do they send pings every 2 seconds?
Oh and they send these pings like every 2 seconds because apparently they're super needy. pic.twitter.com/Br7QlqcObGOh and they send these pings like every 2 seconds because apparently they're super needy. pic.twitter.com/Br7QlqcObG— Nick Arnott (@noir) October 28, 2014October 28, 2014
To their credit, CurrentC does employ SSL pinning to protect the application's traffic, but at this point it's hard to know if that's to protect their users, or their questionable data transmissions.
I haven't been able to test with a registered account yet, but at first glance what CurrentC is actually doing seems far more aligned with the vested self-interest of retailers than anything remotely connected to providing a great shopping experience for customers.
