In recent news, it has come to light that CurrentC by MXC may have a contract with many of the big retailers that prohibits them from using other mobile payment operators. This became big news because of the introduction of Apple Pay using NFC. The reasoning behind CurrentC is for merchants to avoid credit card transaction fees by doing ACH transactions directly to a bank account. All security issues aside, I understand retailers desire to get rid of these fees. However, I also realize that it is part of doing business and the convenience for the customer. As Apple is heavily invested with banks and credit card processors right now, I think this is the perfect opportunity for Google to get ahead of the NFC war. Google currently has Google Wallet where a user can put money into, much like a bank account. Using this, Google could potentially offer a much lower transaction fee to merchants as a credit card company does not have to be involved at this point. In return, the merchant could provide more detailed information about the purchase which Google could data mine. While many consumers would be concerned about Google knowing their purchase history, I personally would love for Google to mine my purchase data. A whole new service line could be opened where Google finds better prices on the items you commonly buy and integrated into their current shopping services. NFC isn’t dead just yet, it’s really just beginning.
Welcome to the tech blog. I’ll be writing in here things that I find throughout my life and career about technology. It will include things such as code that I find useful, gadgets that I’ve used, and rants about technology. I hope you enjoy it.
I’ll start with a rant…
My son is in Cub Scouts. Since we have recently moved to North Carolina, we had to find a new pack to join. We found one that appears to be a lot more involved than the pack we were in in Florida. They are even up with the times. They are using a third party website to keep track of the packs activities and events. You can post pictures, look at a calendar, find out information about the other adults, etc. Cub Scout leaders even keep all of the information about the cub scout (including the address) in the website. Here is the problem. The third party website… not so much with the times.
First problem I noticed when I first logged in, not using SSL. This website is hosting information about dozens of children in just our pack. Who knows how many more all over the country. And it is not using SSL to transmit this traffic about children under the age of 13? This information, including passwords is going over the clear on the Internet. If someone were to get a hold of the database, they’d have the addresses of thousands of children.
This is where the second problem comes in. You might say, we the database is probably encrypted. I’d like to think so. Yesterday, I signed into the site, and changed the password from the default one that was given to me in the welcome email. Well, the cub scout leader decided to resend out these welcome emails this morning, in case people did not receive them. I received this email this morning. Inside this email was the password that I had chosen yesterday. So not only is the traffic insecure, now the database is not encrypted in any fashion? You might say they could be using a reversible encryption… but I think we all know that if you hack into the site and steal the database, you’ll be able to just as easily break into the websites pages and steal the salt.
Anyway, I have emailed the site’s tech support team to complain about these very things and hope to get a response. In the meantime, I’ll be considering not using the site, or having incorrect information inputted for both me and my son on purpose. I’ve already changed my password to one that I don’t use on anything else.