The Merchant Customer Exchange (MCX) went on a PR offensive on Wednesday to explain what happened in the hacking attack that saw its testers' emails exposed, why its member retailers banned Apple Pay and Google Wallet, and what makes its CurrentC mobile payment system so great.
Dekkers Davidson, CEO of MCX, which represents 50 of the largest retailers in the US, said during an online press conference that the hacking attack didn't hit the group's servers, but instead was carried out against the firm that supplies MCX's email. He declined to name the company, saying his group would take responsibility.
"Like any consumer experience, we own this," he said. "I can't speculate on cause. It's unfortunate in this internet age that people still think this kind of activity is cool. Any attack is something you learn from and get stronger, and we will get stronger."
Only emails were lost in the attack, he said, and all those affected have been informed. (This Reg hack got his notification first thing this morning.)
As for Apple Pay and Google Wallet getting blocked by MCX members Rite Aid and CVS over the weekend, Davidson said that it was up to individual members to decide which payments systems they wanted to work with. He even went so far as to opine that the mobile payment market needed at least two or three options to drive the tech into popular use.
"We have respect for Apple and Apple Pay," he said. "There is no harm in competition. It should happen. Consumers need to have choice, and we will put choice in consumer's hands. No one has a monopoly on virtue and consumer experience."
Davidson specifically denied a report in The New York Times that any MCX member who used an alternative payment system to CurrentC would face a heavy fine. The paper said it spoke to multiple members of the group who confirmed the arrangement, but Davidson insisted this was not the case.
"Merchants make their own choices about their commitment to MCX and make their own choices about other forms of payment," he said, adding that MCX members can also leave the organization at any time with no penalties.
Davidson also gave more details on the CurrentC system, saying that the software will have a privacy dashboard that will allow users to decide what information they share with the retailer. Users will also have the option to pay anonymously using CurrentC, he said.
But the advantage for consumers, Davidson said, is that they will be able to use the software to accumulate loyalty points, if the retailer offers such a scheme, and also use coupons to get discounts on purchases.
From a retailer's perspective, the software will allow sellers to build "direct relationships" with their customers, Davidson said. The other advantage, which he didn’t mention, is that by linking the retailer directly to the bank, the seller also avoids paying credit card transaction fees.
Then again, MCX is in contact with a couple of credit card companies about adding them to the CurrentC system, Davidson said. But he declined to reveal which ones, saying he didn't want to give away too much to the competition.
He also declined to do a side-by-side security analysis between Apple Pay and CurrentC, for the same reason. But he said the group was confident its system was secure and that all customer data would be stored in a cloud system that was "designed to expect serial attacks."
As for the decision to ignore near-field communications (NFC) technology and opt for QR codes as the data-exchange mechanism for CurrentC, Davidson said the lower-tech system had the advantage of being open to anyone with an Apple or Android smartphone, including older models that lack NFC circuitry. (MCX has no plans to develop a Windows Phone or Blackberry app, he added.)
Nevertheless, Davidson said that the CurrentC platform is technology agnostic. While there are no plans to develop an NFC-based system, he said that MCX is looking at using low-powered Bluetooth connections for some transactions. ®