elijahnicolas.com

View Original

A Short Rundown of MCX

Mike Issac from the New York Times on MCX.

First announced in 2012, CurrentC is an effort by merchants to build their ideal mobile wallet. CurrentC is designed to link directly to a customer’s bank account instead of a credit card. This is a strategic move, analysts say; in bypassing the credit card companies, merchants can avoid the high fees that they are required to pay on each credit transaction they process.

Apparently the big consortium of retailers forget that US citizens love their credit cards and their in-store branded credit cards more than using their check cards / bank account thus allowing for instant gratification. Using your bank account is like using the cash that more don't have and, in my opinion, will definitely limit what people buy in store or at least make you think twice until your next pay period.

CurrentC would also give retailers the ability to track shopping habits across the dozens of stores that belong to MCX, a data set that has traditionally been held by credit card companies, not merchants. If retailers had access to this data, it could be used to deliver relevant deals and loyalty points to consumers, which could increase these companies’ bottom lines.

The tracking in the app is ridiculous.

Critics of CurrentC say it appears much more difficult to use than Apple Pay. Instead of contactless payment technology, CurrentC will rely on QR codes, a type of bar code that merchants scan to complete the transaction. It will also be an app that users must find and download from Apple’s App store.

Wait what are QR codes? Seriously???

iMore has an even more "In Depth Look" as well as a cluster of articles about the Merchant Customer Exchange (MCX). Some quick highlights include:

On launch, the app immediately does a few things. First, it starts sending pings to https://my.currentc.com/mobile/pinggateway every two seconds or so. No interesting data is sent in the requests and blocking them seems to have no impact on the app. Next, a deviceState request goes out. In the request are your device type (iPhone or iPad) and a unique device identifier. This identifier is stored in the device keychain so even if you delete the app and re-install, it persists, allowing CurrentC to track users across app installs. The third and last request seen on launch is a call to Localytics. Localytics is a mobile analytics company and is used in countless other apps. As with the many other apps using Localytics, this call seems to include a variety of analytics information: not surprising for many apps, and not surprising for CurrentC (though it probably should be for an app seeking to handle payments and personal data).

Exclusivity or be fined for using a competitor's method e.g. Apple Pay, but there are no fees for leaving except the huge $500,000 investment in their tech.

Before you get too excited, think about these other questions that iMore has posed.

Why do they want to retrieve your device's MAC address? (Don't worry, as of iOS 7, the OS returns a fake MAC address of 02:00:00:00:00:00 which is what CurrentC seems to be sending to their servers)

Why do they want to log your device name, WiFi network name, and number of running processes?

Why do they use a unique device ID that persists across multiple installs?

Why do they send pings every 2 seconds?

mcx vs apple pay

Just in case you forgot the highlights of how Apple Pay works, it's quite amazing:

  • Touch ID authentication ensures that only users authorized at the device level can make payments.
  • NFC keeps the transmission distances down to a few inches versus showing a visible QR code.
  • Token-generated single-use card numbers ensure that in the event of a retailer breach, the hackers get a card number that's already worthless instead of your real card number
  • Accessing your credit card gives users additional spending power versus drawing from a cash account, lets users earn points, miles, or whatever perks are on their favorite cards, and adds a layer of intermediation between a security failure and your money.

Wal-Mart, who by the way is the head honcho of the Merchant Customer Exchange (MCX), commented via Business Insider as to why they shut off NFC and use of other technologies. Awful, illogical and archaic. Another reason I don't shop there, although I might have to start avoiding places like Best Buy, CVS, Rite-Aid and whomever else is being bullied by this consortium.

There are certainly a lot of compelling technologies being developed, which is great for the mobile-commerce industry as a whole. Ultimately, what matters is that consumers have a payment option that is widely accepted, secure, and developed with their best interests in mind. MCX member merchants already collectively serve a majority of Americans every day. MCX’s members believe merchants are in the best position to provide a mobile solution because of their deep insights into their customers’ shopping and buying experiences.

I'm done.

update: just shortly after posting this, CurrentC was hacked and users emails were exposed. You have to realize that there were the merchants that lost your credit card information to the hackers last year. Same company. Same technology.