By: Linda Vo

Over the past few years, technological advancements have allowed people to streamline just about every aspect of their lives in one convenient place: their smartphones.  Two weeks ago, Apple Pay was launched, enabling consumers to now securely store their credit card information on the new iPhone 6 and iPhone 6 Plus devices to pay for purchases via “Touch ID” (http://money.cnn.com/2014/10/29/technology/security/currentc-app-hacked/) mobile fingerprint versus manual card swiping.  Since the launch of Apple Pay, smartphone wallet competitors have faced intense pressure to gain equal footing with the tech giant.  One rival, CurrentC has faced an even greater setback with its recent data breach (http://www.businessweek.com/articles/2014-10-29/currencs-data-breach-adds-to-awful-week-for-apple-pay-rival), in which hackers were able to gain access to the e-mail addresses of its pilot users.  Backed by the world’s largest private company Walmart, the Merchant Customer Exchange (“MCX”) (http://www.cnet.com/news/apple-pay-rival-currentc-hit-by-hackers/) developed CurrentC as an exclusive mobile payment platform for its more than 50 partners, including popular retailers (http://www.forbes.com/sites/clareoconnor/2014/10/31/apple-pay-vs-walmarts-currentc-what-shoppers-need-to-know/) such as Target, Sears, Best Buy, Lowe’s and CVS.  Directly linked to bank accounts instead of credit cards, MCX specifically designed CurrentC with the intent to eliminate credit card fees charged to retailers per swiped transaction.

 

Last Wednesday, MCX Chief Executive Dekkers Davidson disclosed that CurrentC’s e-mail provider had been hacked multiple times over the last seven or eight days.  Not set to publicly launch until 2015, CurrentC’s beta breach has increased concerns with the issue of data privacy, leaving consumers even more skeptical and wary of the payment app.  Facing other privacy allegations, CurrentC has drawn harsh criticism as it collects personal informationfrom its users, including names, addresses, e-mails, phone numbers, shopping data and GPS locations.  Drawing further scrutiny, CurrentC requires a driver’s license number and social security number to confirm a user’s identity upon sign-up.  Breaches of such sensitive information have led to numerous lawsuits and enforcement by the Federal Trade Commission (“FTC”) (http://us.practicallaw.com/6-502-0467 – a762707).  In the past year alone, the FTC charged a free flashlight mobile app with sharing users’ geolocation with advertisers without providing notice or obtaining consent and settled with a medical billing company that failed to provide adequate security measures to protect consumers’ personal information.

This past year, two big federal privacy laws were introduced: the Personal Data Protection and Breach Accountability Act of 2014 and the Data Broker Accountability and Transparency Act.  The Personal Data Protection and Breach Act of 2014 would require businesses to: (1) put in place a comprehensive program that ensures privacy, security, and confidentiality of personally identifiable information; (2) assess risks of future security breaches with data privacy and security programs to control these risks; and (3) establish federal security breach notification procedures.  See S. 1995, 113th Cong. (2014).  The Data Broker Accountability and Transparency Act would require data brokers to: (1) implement reasonable procedures to ensure maximum accuracy and security of personal information collected; (2) provide consumers with the right to review collected data; and (3) offer an opt-out of having consumers’ personal information shared to third parties for marketing purposes.  See S. 2025, 113th Cong. (2014).  Furthermore, the Federal Trade Commission Act vests the FTC with the authority to bring enforcement actions against business entities that exhibit unfair and deceptive practices in regards to privacy and data security policies.  See 15 U.S.C. §§ 41-58 (2010).

 

Coupled with its recent data breach, CurrentC’s collection of personal information is a recipe for disaster.  Privacy is a fundamental right and privilege that people commonly highly regard and value.  A new study unsurprisingly revealed that two-thirds of consumers (http://www.forbes.com/sites/laurashin/2014/10/30/currentc-scuffle-with-apple-pay-highlights-consumers-security-concerns/) are concerned about their financial data being stolen, as there has been a rise of credit card breaches at several retailers.  Even young consumers, ages 18 to 24, have taken precautions, saying they would rather use cash in stores that have had security breaches.  Since the inception of the U.S. Constitution, the Fourth Amendment “right to privacy” has been heavily debated, along with privacy laws that have emerged through the advancement of technology. The FTC continues to be at the forefront of enforcing privacy and data security laws and regulations.  Unfortunately, CurrentC’s breach in data privacy may ultimately lead to its premature demise.  Averaging one star out of five, reviews of the beta smartphone wallet app have been underwhelming, as many consumers prefer Apple Pay, which they deem to be much more secure.  If CurrentC miraculously survives this backlash and officially launches, the FTC may very well show concerns regarding CurrentC’s data privacy issues.  In either case, the future of CurrentC looks bleak.

 

Bio:     Linda is a Staff Member of the Journal of High Technology Law.  She is currently a 2L and Trustee Academic Scholar at Suffolk University Law School with a concentration in Business Law and Financial Services.  She holds a B.A. in Political Science from the University of Connecticut.