CurrentC vs. ApplePay

October 29, 2014 at 10:22 pm Leave a comment

CurrentC – So far, I haven’t found official details, but as I understand it, they require your name, social security number, drivers license number, and linked bank account details.  They keep a history of your purchases, including medical (though offer a way to opt-out of that).  It works by scanning a QR code with your phone, then allowing the merchant to scan your payment QR code.  At some point, you enter your 4 digit PIN code.  I’m not sure if the payment code is dynamic or static.   The merchant can then perform a withdrawal directly from your linked bank account.  Your data is stored securely in the cloud, not on your phone.

EDIT:  The requirements of SSN, DL, and linked bank account are in question.  The folks from CurrentC haven’t spelled out how the process works, but I’ve seen at least one article where they claim the SSN & DL requirements were just for the beta.  I’m guessing they saw the outrage, and the fact that Apple Pay doesn’t have such onerous requirements, and so they changed theirs.

ApplePay – Take a photo of your credit card to add it.  It recognizes your card number, expiration date, etc.  Once registered, your card number (and photo) isn’t even stored on your phone.  A unique device account number is assigned, which is encrypted and stored in a dedicated chip in your phone.  When you make a purchase, you validate the purchase with your fingerprint.  The merchant gets your device account number along with a transaction specific dynamic security code.  They don’t get your card number.  In fact, they don’t even get your name.  The charge goes against your credit card, just like if you paid via the mag-stripe card.  You get the same protections afford using your card.

My take:
Perhaps it is secure, but CurrentC seems like a huge data breach disaster waiting to happen.  Imagine all that data falling into the hands of the wrong person.  Further, with your bank account details, a bad actor could conceivably drain your account, forcing you to fight your bank to get your own money back.  If a data breach happened with ApplePay and your data was compromised, you still have the protection of the credit card in place.

Lastly, there are a log of big name retailers behind CurrentC.  I can’t help but notice that one of those big names is Target.  With the size of the data breach that happened at Target one year ago, I’m certain I don’t want them having direct access to my bank accounts.


Entry filed under: General.

Palo Alto 6.1.0 released HOWTO: Radius Authentication on CradlePoint

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


October 2014
« Sep   Nov »

Most Recent Posts

%d bloggers like this: