MCX, or Merchant Customer Exchange, has had a data breach. So far this only involves email addresses, those of people who are part of the pilot program or signed up to get more information about it. But that's not the only headline MCX made Wednesday.
- There are no fines for merchants who decide to stop working with MCX, but those who do so are doing so exclusively.
- Right now MCX is sticking with QR codes, but could switch later to something like NFC since it's "technology agnostic."
- When asked directly "What's the harm in competition?" CEO Dekkers Davison said there wasn't any harm.
- MCX believes it is the underdog, being attacked (see above) for challenging the status quo.
- No customer information is stored in the app, it lives within a "secure cloud-hosted network."
So far, this hasn't done much to ease concerns about the app or the alliance behind it. In fact, those concerns are even shared by the largest MCX member, Walmart. Former CEO of Walmart, Lee Scott was asked in 2013 how this new payment system could work, given all the failure that had come before that point. His response was: "I don’t know that it will, and I don’t care. As long as Visa suffers."
OK, look. I get that accepting credit cards is an additional fee. And I have no problem with trying to alleviate that. But if your alternative got hacked before you even actually launched, that does not instill confidence in consumers. Nor does the fact that everything touted as a "feature" is only a positive for a merchant with varying degrees of negative for those same consumers.
In fact, Target being part of MCX just shines a brighter spotlight on data protection, since Target was the (ahem) target of the biggest data breach in the history of data breaches. If at this point I'm already wary of handing over my credit card information because of holes like this, what makes it better to hand over bank account info? At least with my credit card, I can dispute the charge and it's zero sum for me. A fraudulent bank charge that cleans out my account can start an overdraft avalanche of fees and headaches that is complicated and expensive to untangle.
Here's what I'd advise MCX to do: Instruct the engineers to build a solution that works with Bluetooth LE, which is supported as far back as the iPhone 4S and Android phones the Nexus 4/5, and Samsung Galaxy S3 and later. Tell the security team to describe how bank account data is stored, being super transparent and using words that regular humans can understand. Have the legal team review agreements, and perhaps see if there's a way to negate previous ones and have the new ones not be exclusive. This way customers have the same choice in mobile payments they have in plastic ones: I can use the debit card tied to my bank account, or I can use a credit card. Maybe if you pair up the bank account option with a loyalty program that automatically grants me a 3-5% discount, I'll be more inclined to use that payment method and CurrentC wins the transaction.
I'm not even going to get into the image problem of one of the world's largest companies leading the "we're the little guy, help out the underdog!" charge. If my eyes rolled any harder I'm afraid they'd get stuck. I am all for competition, but forcing retailers to pick a side is not competing. There are much better ways for MCX to paint itself and its members as offering an alternative, like discounts (above) and being available on more than just the latest model of phone from one company. So far CurrentC is still months away from launch and all anyone knows about it is not to use it even when it is real.