Merchant Customer Exchange (MCX) vs. Apple Pay
MCX and Apple Pay are credit card-less transaction systems that enable users to stop carrying old legacy credit cards with their 1950s magnetic card technologies, which can be easily used to capture Personally Identifiable Information (PII).
Apple Pay has already been able to get a number of retailers and financial institutions to use its product. The transmission of information is performed via NFC (Near Field Communications) and a touch ID in order to provide multi-form factor authentication prior to sending transaction information. Transaction information does not share any credit and debit card account information, but rather unique device information that is created from a combination of bank / credit card and iPhone. Additionally no information, account numbers or transaction numbers are stored on Apple’s servers; however, device and account information is stored on the mobile device with device security solutions implemented to protect them.
MCX is not currently available but is in Beta testing. It has a number of large retailers engaged representing more than 110,000 locations. Rather than using NFC, MCX is designed to use a QR (Quick Response) Code that can then be scanned by or transferred to the POS systems to perform the transaction. Multi-form factor authentication is performed using a PIN in addition to the QR code. The QR code links your MCX application, named “CurrentC”, with your bank accounts to make payment. Based on current information, MCX does store your bank account information in the MCX platform.
MCX is designed to limit any new hardware requirements for retailers. While this may be a benefit to retailers, there are concerns with QR code security as it is an older technology. NFC will require retailers to purchase and implement NFC readers; however, many have already implemented these. While both systems have some potential security risks, they also have the ability to reduce the threat of credit card and PII theft. Which system will win and become the defacto standard is still up in the air as both have large organizations backing them. It is also possible that another hybrid solution using NFC, or some new technology for data transmission, limiting cloud storage of PII data and encrypting all data to be unique and unrepeatable, will come out soon.