Thursday, October 30, 2014

The Design Flaw in CurrentC

There is a lot of talk about a data breach at CurrentC, the retail mobile payment platform currently being tested by more than 50 U.S. retailers, but there is a more fundamental flaw that may sink the platform, at least in its current form. It goes back to the original reason for the CurrentC platform, which is that retailers want to collect shopping data on their customers. As envisioned, CurrentC will have hundreds or perhaps a thousand retailer members and a single central database of enrolled customers. Every retailer will apparently have full access to the customer database, at least insofar as customers have ever shopped at that retailer. When you think of all the retail data breaches of the past year, not just the POS problems but all the others, what are the chances that a database that’s in the possession of 1,000 retailers will remain secure? No chance at all. A leak could occur at any participating retailer and affect a good fraction of CurrentC customers, if not all of them. If recent experience is a guide, we can expect one or two participating retailers to have a CurrentC customer data leak — per month.

What makes this such a sensitive point is that CurrentC will have a shopper’s checking account number and essentially unlimited access to the funds in the account. When you think about it this way, do you really want to share your banking information, and the potential ability to empty out your checking balance, with hundreds of retailers? I suppose some consumers might decide to take that leap of faith, but you would want to think very carefully before doing so.

This stands in especially stark contrast to Apple Pay, a system in which retailers are never in possession of an actual account number belonging to a shopper. Apple Pay too, though officially launched, is essentially just testing right now; it will need to be expanded somehow if it is ever to be relevant to more than 10 percent of U.S. shoppers, but it nevertheless can serve as a proof of concept. On the surface, Apple Pay looks like a step up in security when compared to a traditional POS card payment, while CurrentC looks like a step down. Collecting and exploiting customer transaction data is a core design principle at CurrentC, and that means it faces a series of security challenges that consumers now know don’t have to be part of a transaction system at all.