While the MCX consortium’s CurrentC mobile payment service isn’t due to launch until next year, it has been carrying out limited trials, facilitated by placing the app in the iTunes store. iPhone owners have been expressing their displeasure at the blocking of Apple Pay by MCX members by rating and reviewing the app.
At the time of writing, the app had accumulated 2,856 1-star reviews against a total of just 30 reviews giving it 2 stars or more …
The movement to boycott merchants who are members of the MCX consortium also seems to be growing in popularity, gaining a Boycott MCX website with a full list of members. When you click on the name of a consortium member (CVS Pharmacy in the example shown below), a list of competing stores who accept or plan to accept Apple Pay is displayed.
Having been criticized for its clunky use of QR codes, MCX said yesterday that CurrentC may “pivot to NFC over time.” The company had earlier said that it was “entirely possible” that it would do a U-turn on its current exclusivity requirement and allow merchants to accept both CurrentC and Apple Pay at some point in the future, though no certainty or timeframe was offered.
MCX CEO Dekkers Davidson also expanded on yesterday’s less than convincing assurances about data security, saying that the recent hack “does not impact the rollout of CurrentC at all” – that the company expected attacks and will “deal with them.”
The company fixed the broken link to its privacy policy, in which it describes the ways in which it shares information collected about consumers using the CurrentC payment system. This confirms that MCX shares information with merchants, as well as with a range of third-parties.
Apple Pay, in contrast, does not even share your card details with merchants.
• To MCX Merchants based on your purchase of goods and services from that MCX Merchant, or participation in that MCX Merchant’s loyalty/rewards program;
• To Third-Party Providers involved in providing the Services;
• To Third-Party Providers using your information on MCX’s behalf in connection with opening a CurrentC™ Account;
• To Third-Party Providers using your information on MCX’s behalf in connection with loading a Payment Account into CurrentC™;
• To Third-Party Providers using your information on MCX’s behalf in connection with a potential or actual Payment Account transaction;
• To Third-Party Providers or MCX Merchants using your information on MCX’s behalf in connection with loading of and use of a Loyalty/Rewards Account in CurrentC™;
• To Third-Party Providers using your information to evaluate and enhance the performance of the Services;
• Based on MCX’s sole discretion that such disclosure is necessary to protect the rights or safety of any person or entity; or
• Based on MCX’s sole discretion that disclosure is necessary to detect or respond to instances of potential or actual fraud or other illegal activities, to respond to a law enforcement agency’s request for information or cooperation in an investigation, or to respond to judicial process or other valid government investigation or process.
The full CurrentC privacy policy can be read below.
Thanks, Marcus
MCX USER PRIVACY POLICY
Version 1.1 Effective September 9, 2014
NOTE: To Access the MCX User Short-Form Privacy Dashboard, Log Into the CurrentC™ App
We at Merchant Customer Exchange LLC, and the subsidiaries we own or control (collectively, “MCX”) respect your privacy. We are publishing this version of the MCX Privacy Policy (the “Policy”) to clearly disclose our practices and approach to data privacy and data protection with respect to any of our Services created or distributed by MCX, including the CurrentC™ mobile wallet app, and with respect to the MCX website. Other terms and conditions governing your use of the MCX Services and CurrentC™ can be found in the MCX User Terms and Conditions located at: CurrentC Terms & Conditions which you are required to review and agree to before using any of our Services.
This Policy describes how we collect, use, transfer, and safeguard information about you and your options regarding accessing or modifying such information. The Policy applies when you:
• Agree to the MCX Terms and Conditions;
• Visit or utilize a website or CurrentC™ on which this Policy is posted;
• Download any MCX Service (such as CurrentC™) to your mobile device;
• Create a CurrentC™ Account through the CurrentC™ mobile app, or any other account for an MCX Service;
• Use any MCX Service to conduct a Payment Account transaction, carry out any MCX Merchant Loyalty/Rewards Account program function (such as point accrual or reward redemption) using an MCX Service, or to opt-in, review or redeem any advertisements or offers through an MCX Service; or
• Interact with MCX’s, off-line, online or mobile Services (defined below).
In this Policy we use the terms “personal information” and “personally identifiable information” or “PII” to describe information that can be associated with an individual and can be used to identify that individual. We do not consider personal information or PII to include information that has been anonymized or aggregated so that it does not identify an individual. You represent that if you give us PII on behalf of someone else, the person providing the PII to you gave you consent to provide their individual information to MCX. If someone else gives us PII on your behalf, you represent that you gave that person consent to provide your PII to MCX.
If you have any questions about this Policy, please submit questions by sending via mail to: privacy@currentc.com.
Or by writing to us directly at:
Privacy Officer Merchant Customer Exchange LLC 160 Gould Street, Suite 205 Needham, MA 02494
Definitions
In this Policy, the following definitions apply:
“CurrentC™” means the MCX standalone mobile wallet app or any payment functionality MCX provides in any separate MCX Merchant app.
“CurrentC™ Account” means the account you create by registering your mobile device to use the Services through either the MCX standalone CurrentC™ app or any separate MCX Merchant app using CurrentC™.
“Feedback” means all feedback, suggestions, and ideas you provide to MCX concerning improvements or enhancements to the Services. “Feedback” may also include your responses to surveys or reporting problems.
“Loyalty/Rewards Account” means a loyalty/rewards account you have with a participating MCX Merchant that you choose to load into your CurrentC™ Account that will be used in conjunction with all of your purchase of goods and services at that participating MCX Merchant unless and until you remove that MCX Merchant’s Loyalty/Rewards Account from CurrentC™.
“MCX” means the Merchant Customer Exchange LLC, the entity responsible for developing and operating CurrentC™ and the MCX Network.
“MCX Merchant” means a merchant that participates in the MCX Network.
“MCX Network” means the mobile payments network developed and managed by MCX, which includes CurrentC™ and any other product or Service created, developed or facilitated by MCX.
“Payment Account” means the payment type or account you load into your CurrentC™ Account to pay for goods and services at participating MCX Merchants.
“Personal Information” or “Personally Identifiable Information” (or “PII”) means information that can be associated with an individual and can be used to identify that individual, and may include Feedback, User Generated Data or any other PII necessary to participate in the Services.
“Services” means the off-line, online or mobile products or services offered by MCX.
“Third-Party Provider” means a third-party service provider retained by MCX whose products, services or support may be used to provide the Services, including Payment Account issuers.
“User Generated Data” means any information generated by your use of the Services, including automatic reporting and other tools that give you the ability to create, post and distribute various forms of content for, and in connection with, the Services, including, but not limited to: payment transaction data; pictures; photographs; videos; and other information, including content generated by you. For pictures, photographs and videos, the User Generated Data includes only those pictures, photographs and videos that you take through CurrentC™, and does not include those pictures, photographs and videos you take via the standard functions on your mobile device, or that you take through any other app not related to MCX.
How We Collect Information
MCX collects information from you regarding your use of the Services in the following ways:
MCX will collect information from you, including PII, when you interact with the Services. For example, you provide information to MCX when you:
• Register for CurrentC™, or update registration information or other of your CurrentC™ information;
• Add a Payment Account to CurrentC™;
• Initiate or complete a Payment Account transaction, a Loyalty/Rewards Account transaction or redeem an offer using the Services (including the location information of the physical point-of-sale terminal where such Payment Account transaction or Loyalty/Rewards Account transaction occurs for MCX’s operational uses, such as transaction record information and fraud detection/prevention);
• Opt-in to receive advertising or offers or other marketing communications as part of the Services;
• Interact with any advertising or offers in the Services;
• Request a coupon or other offer;
• Complete a survey related to the Services; or
• Receive customer support.
In addition, MCX may collect other information through the Services. For example, MCX collects data through use of technologies such as:
• If you opt-in to location-based services, location detection technology, such as GPS signals, sent by your mobile device (**Please note that failure to opt-in for location-based services using your mobile device may reduce or eliminate some of the CurrentC™ features or other Services available to you);
• Device identifiers (such as unique device identifiers or device fingerprint);
• Data analytics (such as analyzing anonymized and aggregated data generated by the Services);
• Services analytics (such as diagnostics to improve the functionality of the Services); or
• Point-of-sale terminal physical location for advertising and marketing Services that you opt-in to receive.
MCX sometimes obtains PII from other sources, such as through mergers and acquisitions with other companies, as well as through commercial arrangements with Third-Party Providers, business partners, and other sources. Information MCX receives from a third party is subject to your separate agreement with such third party, unless you enter into a separate agreement with MCX or otherwise give MCX your permission to use such information. MCX may merge information MCX receives from third parties with information MCX has collected or will collect subject to such limitations.
Some elements of MCX’s Services such as events, websites, apps and offers may be co-branded and offered in conjunction with an MCX Merchant. For example, MCX may provide the Services through an MCX Merchant via the Merchant’s own branded app. If you provide information in these instances, both MCX and the MCX Merchant involved in the transaction may receive information from that transaction and may use the information according to each entity’s privacy policy and any other agreement each MCX Merchant may separately have with you.
Information We Collect
Information that MCX Actively Collects From You
You must provide MCX with the following information in order to use the Services if requested:
• Your name, physical address, email address, and mobile device number;
• Payment transaction data and details for payments made for goods and services at participating MCX Merchants;
• Payment Account data you choose to enter into CurrentC™, as well as information needed to complete Payment Account transactions. Payment Account data may include your bank account information, credit or debit account or gift card or stored value account details, related security codes or other payment credentials;
• Additional PII required for authentication of Payment Accounts you choose to enter into CurrentC™, such as driver’s license number, Social Security number, date of birth, or answers to challenge and response questions used to authenticate your identity. **Please note driver’s license number, Social Security number, date of birth and challenge and response question information is only used for authentication by MCX’s authentication Third-Party Provider or by a Payment Account issuer where you instruct MCX to load your Payment Account with the Issuer into your CurrentC™ Account. Such information is not retained by MCX, is not used for marketing purposes by MCX or any of its Third-Party Providers, and is not shared with or disclosed to any other unaffiliated third parties. If you would like to access the privacy policy for MCX’s authentication Third-Party Provider, please contact MCX Customer Care at 1-855-772-8773, or by submitting an email to: customercare@currentc.com.
• Loyalty/Rewards Account IDs or account numbers;
• Interest in and use of advertising, marketing and offers in conjunction with use of CurrentC™;
• Responses to survey questions regarding the Services (if you participate in surveys, MCX will collect the information you provide to MCX, which may include PII);
• Your user preferences, product and Services interests, communication choices, and other user profile information, including Feedback and User Generated Data; and
• Your protected health information, claims or other information used to measure your health or wellness if such information is included in your Payment Account transactions. **Please note that while direct protected health information is not normally required for a Payment Account transaction, some protected health information, such as the number of prescriptions you purchase each month, or the location of the pharmacy or store where you purchase prescriptions, may be included in information generated in conjunction with a Payment Account transaction.
General Information Automatically Collected by MCX When You Use the Services
MCX uses location detection technology to determine your approximate location, nearby Wi-Fi access points, and cell towers. When you use the Services, MCX automatically collects and stores certain information in activity logs such as details of how you used the Services.
Special information is automatically collected for certain of the Services. For example, if you use the Services in connection with a mobile device or mobile application, MCX will automatically collect additional information about you, your use of your device, and the Services on your device such as:
• Mobile device settings and operating information (such as system and version; screen resolution; services version (e.g. 1.0, 2.0, etc.); and device type, identifiers or capabilities);
• System activity;
• Hardware settings;
• Total amount of time spent in the Services;
• User creation time; or
• Length of Services session.
Information That Is Unique Information Generated By Your Use Of The Services
MCX also collects certain types of unique information generated by your use of the Services such as:
• Application identifiers;
• Session ID and User ID in connection with use of CurrentC™ Account;
• Information, including usage information, such as frequency of use or average number of minutes for use, generated through use of the CurrentC™ Account;
• Date and time;
• Location of purchases to complete a Payment Account transaction;
• Internet Protocol (IP) address;
• Other transaction data such as amount of purchase, store name or register number;
• If you opt-in for certain location-based advertising and marketing Services, your location to provide location-based marketing, advertising or other Services (for example, such information will be used to “recognize” you within a store or specific geographic location to serve up relevant ads and offers, or in conjunction with an MCX Merchant’s loyalty/rewards program or customer appreciation activities);
• If you opt-in for other location-based services, location information necessary to provide such Services (for example, store locators and directions);
• If you opt-in for Services involving advertising or offers, transaction data for marketing purposes that is used to generate relevant advertising and offers, which may be used in conjunction with such advertising or offers; or
• If you opt-in and register your Loyalty/Rewards Accounts with a participating MCX Merchant, information necessary for you to participate in such loyalty/rewards program. **Please note that MCX will automatically transmit information regarding any loyalty/rewards benefits based upon the rules of the specific MCX Merchant’s loyalty/rewards program. Information about these loyalty/rewards is shared only with the MCX Merchant or issuer owning or operating the loyalty/rewards program. Use of your information is governed by the MCX Merchant or issuer owning or operating the loyalty/rewards program; refer to their terms and conditions governing use of your information.
How We Use Information We Collect
We use information we collect to: conduct business and improve the effectiveness of MCX Services; develop new products and Services; provide information and support for the Services; conduct research and analysis, including focus groups and surveys; better understand your needs and interests; personalize communications and advertising/offers; promote a quality experience for users of Services; and to perform other business activities related to the Services as needed or as otherwise described in this Policy.
For example, we will use your information to:
• Create and maintain your CurrentC™ Account(s);
• Communicate, interact and build the MCX relationship with you;
• Gather transaction statistics relating to your use of CurrentC™ in order to collect information to measure, analyze and improve the Services;
• Manage dispute resolution and perform customer service activities;
• Customize the content, products, and features (including marketing offers that you opt-in to receive) that are offered to you in the Services;
• Process, fulfill, and follow up on transactions and requests for products, services, support, and information via the Services;
• Engage in market research and analysis;
• Comply with legal requirements;
• Enforce our agreements; and
• Deter, detect, and prevent fraud and other prohibited or illegal activities.
How We Share and Disclose Information
MCX may share or disclose your information as follows:
Cookies and “Do Not Track”
CurrentC™
MCX does not track your activities on other mobile apps. MCX does not allow Third-Party Providers or other third parties that we have agreements with to track your activities across different mobile apps when you use CurrentC™. MCX may share information with software companies that power your mobile device, app stores and companies that provide common tools and information for apps about consumers.
MCX Websites
When you use the MCX websites (CurrentC™, My CurrentC™ Account Online, or MCX), we will place a “cookie” on your web browser. A cookie is a very small text file that is sent to a customer’s browser from a web server and stored on the customer’s computer hard drive. It assigns the computer a unique identifier. The cookie stores information on your hard drive so we can communicate with you more efficiently, respond to you based on prior sessions at which you provided information about you or your preferences to us and understand what you prefer to view on our website. We do not use cookies to store passwords or Payment Account information. Cookies do not tell us your individual identity unless you have chosen to provide it to us.
Your browser may be set to allow you to be notified when a cookie is to be placed on your browser, decline the cookie or delete cookies that have been placed on your browser. For general information regarding opt-out, you can visit the Networking Advertising Initiative (NAI) at http://www.networkadvertising.org/. You can also find specific information regarding opting out of interest-based advertising that uses web browser and cookie information at this specific NAI webpage: http://www.networkadvertising.org/choices/. You may also check your web browser’s instructions. Some functions of our website may not work or may work slowly if a cookie is refused.
Our website uses third party service providers to serve and host our advertisements. These third parties may place cookies on your computer if you click on or access the advertising. The third party cookies are used to track whether the site was accessed from the advertisement. The cookies generated from the advertisements do not contain PII. We do not control these cookies and they may not follow the rules we have set for our own cookies.
We also use invisible pixels, sometimes called web beacons, on our website to count how many people visit certain web pages and to collect other website usage information. Information collected from invisible pixels is used and reported in the aggregate without the use of a customer’s Personally Identifiable Information.
We do not respond to web browser “do not track” signals at this time. We await the result of work by the policy community and industry to determine when such a response is appropriate and what form it should take. We do allow you to exercise choice regarding the collection of information by third parties about your online activities over time and across third-party websites or online services for online interest based advertising purposes by going to http://www.networkadvertising.org/choices/ or http://www.aboutads.info/choices/.
Your Rights To Opt-Out and Effect on the Services
There are certain elements of PII that you must provide MCX in order to use the basic Payment Account transaction functionality Services, or Loyalty/Rewards Account Services, in CurrentC™ If you are not provided with an opt-out choice for the particular use of PII, then MCX has determined that such PII must be provided by all MCX Users for that particular Payment Account or Loyalty/Rewards Account to function for CurrentC™ transactions.
If you are provided with a choice to opt-out of collection of certain PII, MCX has determined that such PII is not necessary to provide the basic MCX Payment Account transaction functions using a particular Payment Account type or Loyalty/Rewards Account type, but may be necessary to provide certain additional MCX Services. For example, if you opt-out of receiving relevant advertising and offers, you will still be able to conduct Payment Account transactions, but you will not receive any advertising or marketing offers or coupons from MCX Merchants.
MCX has also determined that an MCX user may opt-out of the collection of some PII, and the result will be that while a particular Service or feature may be utilized, it will not be utilized in an optimal manner. For example, if you opt-in to receive relevant advertising and offers, but you opt-out of sharing your mobile device geo-location information, you may receive advertising and offers based upon your interests and prior purchases, but you will not receive advertising and offers based upon your current location or proximity to a particular MCX Merchant.
Children’s Privacy
Use of our Services is only available to individuals who are of legal age to contract in their applicable state of residence. MCX’s Services are not directed to children under 13 years of age. If that policy changes, we will obtain consent from a parent or guardian before we knowingly collect data from anyone under the age of 13.
Enforcement of this Policy
MCX regularly reviews its compliance with this Policy. Please submit any questions or concerns regarding this Policy or MCX’s treatment of PII, by submitting via mail to: privacy@currentc.com.
Changes to this Policy
Please note that this Policy may change from time to time. We will post any Policy changes on this page and, if the changes are significant or reduce your rights in any material manner, we will provide a more prominent notice. We will also keep prior versions of this Policy in an archive for your review.
Our Commitment to Security
We have put in place appropriate administrative, technical, and physical safeguards to help prevent unauthorized access, maintain data security and correctly use the information we collect. No system can be completely secure, however, and we do not guarantee that unauthorized disclosures and access will not happen.
Access, Accuracy and Retention of Your Information
We aim to maintain the accuracy of your contact information and PII. In order to keep your personal information accurate and complete, you can access or update some of it in the following ways:
• You can log into My CurrentC™ Account Online and update your CurrentC™ Account information, including, but not limited to: contact information; mobile device information; and Payment Account information. We encourage you to review, update, and correct the personal information that we maintain about you.
• If you have any additional questions about your information, you can contact us with your current contact information and questions by submitting via mail to: privacy@currentc.com.
We will provide you the personal information requested if reasonably available, or will describe the types of personal information we typically collect. We will make reasonable efforts to respond to your question as soon as possible.
Before we provide access to any data, including PII, or make any changes to it we will ask you to verify your identity or provide other details before we are able to provide you with any information, correct any inaccuracies, or delete any information. We may keep a copy of information for our records. Your right to review, update, correct, and delete your PII may be limited, subject to the law of your jurisdiction of residence: (i) if your requests are abusive or unreasonably excessive, (ii) where the rights or safety of another person or persons would be encroached upon, or (iii) if the information or material you request relates to existing or anticipated legal proceedings between you and us, or providing access to you would prejudice negotiations between us or an investigation of possible unlawful activity. Your right to review, update, correct and delete your information is also subject to our records retention policies and applicable law, including any statutory retention requirements.
Conclusion
We are committed to privacy and are involved in current industry initiatives to promote privacy and protect PII. Our privacy practices will evolve to meet new requirements, standards, technologies, and customer preferences. We welcome your opinions and insights on this evolution.
V 1.1 September 9, 2014