Considering all the major security breaches of the last year at all kinds of major retailers, online and off, I’ve been pretty surprised to read the news over the past couple of days that tons of major retailers are trying to circumvent the brand new, game-changing Apple Pay along with the increasingly popular Google Wallet, by disabling their NFC payment kiosks, as seen in these leaked documents from Rite-Aid.
– Please see updates at bottom, as they come in –
Evidently the goal in shutting out Apple Pay is that that by next year, they will be able use their own–decidedly inferior–mobile wallet system they’ve been developing called CurrentC instead, which Tech Crunch describes very thoroughly. So if you walk into a Rite-Aid or CVS today and try to use Apple Pay? Not going to work.
A consortium of companies called MCX is involved, including Walmart, Best Buy, CVS, Buy Buy Baby, Lowes, Old Navy, lots of gas stations and restaurant chains, and even my beloved Target. (Sniff.) Let’s just say people are not happy. The tech press is not happy. And as both a tech writer and a mom who loves shopping–and uh, loves the security of my financial accounts and privacy of my personal information–I am most definitely not happy.
If you’ve followed along vaguely, or not at all, here’s a breakdown of the issues and why, as people who shop, this matters to us.
SECURITY AND SAFETY ISSUES
First, retailers should be accepting Apple Pay because it’s about the safest mobile wallet system there is, based on everything I’ve read; including accounts in this CIO article from three top security experts who deem it even safer than using your credit cards.
“Mobile payments have the capability to be far more secure than mag-stripe or even chip and pin credit cards, while being more convenient,” [Neohapsis security consultant Catherine Pearce] says. “I mainly see the advantage as convenience, [but] one-time transaction tokens (like the ones used in Apple Pay) may make direct financial loss from breaches of merchants a thing of the past.”
While Apple Pay is tied to a credit card and encrypted (plus the double security that Touch ID on your device gives you), you actually have a unique device ID number– and that’s all the merchants have access to. So if someone hacks into say, Rite-Aid’s system, there’s not likely to be any financial info about you to steal if you’ve used Apple Pay.
(Of course there are still some potential security issues if you read the full article, but I have confidence that they’ll be addressed fairly well, as Apple tends to do. There’s a reason that iOS is deemed the most secure operating system.)
On the other hand, CurrentC? I’m incredibly skeptical. It was developed specifically to fulfill merchant needs, not to create a safe consumer shopping experience–and the two seem to be at odds. Plus (and this is nuts) you may only tie it to your checking account! That means that’s info the retailers have access to–unless you’re tying it to the retailer’s own gift card services which feels a little extortion-y to me. (Buy a gift card from us or you can’t shop here). More info on that below.
For me, the privacy issues are just as bad–why the heck do I need to input my personal medical information in order to buy school supplies for my kids? Oh right–because those retailers also sell health products and pharmaceuticals and would love to mine some data while they’re at it. Not cool.
image via tech crunch
According to Tech Crunch:
“CurrentC notes it may share info with your device maker, app store, or developer tool makers. Oddly, it will collect health data. Precise location information is used to verify you’re at the retailer where you’re making a transaction, and if you opt in it can be used for marketing or advertising.”
What do you get in exchange for that health data? Financial stats? Location info? Coupons.
Sorry, but $.45 off of toothpaste is not enough for me to hand over my medical records.
Tech Crunch also suggests that “its Terms of Service leaves high liability for fraud to the user” should you lose your phone. Which brings us back to the security issues.
In addition, the system is tied inextricably to store loyalty programs. I’m a member of some of them (I happen to love my 8-foot long CVS Extra Bucks receipts) but I can choose whether or not to scan in that card. If I have no choice but to pay by CurrentC or cash, now you’re talking near-mandatory data harvesting of consumers.
I am glad to see that John Gruber agrees. Because he’s smart:
“Tim Cook was exactly right on stage last month when he introduced Apple Pay: it’s the only mobile payment solution designed around improving the customer experience. CurrentC is designed around the collection of customer data and the ability to offer coupons and other junk.
The reason they don’t want to allow Apple Pay is because Apple Pay doesn’t give them any personal information about the customer… It’s not about money…It’s about data.”
CONVENIENCE AND CHOICE ISSUES
CurrentC is clumsy in execution from all accounts–it requires you to scan a QR code, hold steady and take a picture of it, then hand your device to the person behind the register.
QR codes? Really?
As Gruber says, clearly Apple Pay must be pretty intimidating–and must be working, only a few days in–or the retailers wouldn’t have flat out shut down all NFC terminals this week. Even before their own mobile wallet system is up and running.
But all that aside, as a consumer, I want to be able to pay the way I want to pay.
I don’t want to be forced to use a department store’s own charge card any more than I want to be forced to use CurrentC or have to rely on enough cash for that $640 home reno purchase at Loews. Especially because CurrentC is exclusively tied to the retailer’s own gift cards and your checking account. I want the Membership Rewards of my American Express, and I want my annual expenses all in one report at year’s end. I want to buy myself a few weeks to pay off purchases, or longer to pay off big holiday gifts.
I want my credit cards! I want my Google Wallet and my Apple Pay!
I recognize that the retailers also have an interest in circumventing the 2-3% fees they’re paying on credit card transactions (even though Apple Pay gets its profits from the banks, not the retailers), but for me, those nominal fees the price of doing business and putting your customer’s needs first.
Considering Wal-Mart returned $12.8 billion to shareholders last year, and the six Waltons on the Forbes’ list of wealthiest Americans have a combined net worth of $144.7 billion…right. Pay the fees, open up the options, and accommodate your customers.
CHANGING CONSUMER BEHAVIOR: GET WITH THE PROGRAM!
Oh retailers; haven’t we learned anything from the ghosts of companies past which ignored the changing desires of their customers to adapt to new technologies? Think of how smart Netflix was to move quickly to a streaming model with tons of consumer friendly features (and dump the ridiculous Quikster name) instead of clinging to rentals like Blockbuster did. Or hey, remember Hollywood Video? Exactly.
I’m not so sure that stores are going to be able to strong-arm consumers into changing their purchasing habits–or need for security–by declining to accept popular new forms of mobile payment. And considering iPhone users tend to have higher incomes, and be more comfortable using their phones and apps for purchases, is that the audience that retailers want to alienate?
Not surprisingly, Apple and Android users are banding together to boycott CurrentC terminals which could actually be a huge silver lining for Google Wallet, which will benefit from Apple customers’ evangelism.
You say CurrentC, I say Betamax.
Also, I say Bloomingdales, Macy’s, Duane Reade, Panera, Whole Foods, Sephora, Staples, and other retailers who I’ll be happy to patronize since they’ll continue to accept multiple forms of secure payment–including Apple Pay.
But you know, if anything stands out in my head out of all of this, it’s the allegedly mandatory medical data sharing. I just can’t get past that. Forgive me if I don’t turn over my kids’ birth dates, my mortgage statements, and my pap smear results too, next time I need to refill my tank.
We’ll have more info on MCX, CurrentC, Apple Pay, and how it all affects you, as info unfolds.
-CurrentC beta testers received an email that MCX has already been hacked, and their emails compromised though not their financial information.
-The New York Times revealed that all the retailers signed up for CurrentC will face fines for accepting rival payment options, confirmed by two sources close the company.
-Oddly on the MCX blog, CEO Dekkers Davidson responded to that allegation with a defense of one that wasn’t made. He wrote, “if a merchant decides to stop working with MCX, there are no fines.” (Bold letters theirs.) No one accused MCX of fining merchants who leave the network; only merchants who want to offer multiple options to their customers.
-However in this Tech Crunch article about a 10/29 press conference, MCX contradicts the sources and unequivocally states there never were fines. However, the company did restate that retailers cannot accept Apple Pay if they want to accept CurrentC–after COO Scott Rankin erroneously told Business Insider that retailers could accept both. (Something they now say they may do, “down the road.”
Clearly there is some internal miscommunication at MCX. Or some shuffling going on.
-On Google Play, the CurrentC app for Android currently rates one star, with more than 3,000 reviews. However it’s doubtful that any of them are actually testing the app–and are more likely voicing concerns over safety.