Two friends—both evangelical acolytes of the Church of Apple—have been talking this week about the news that ApplePay and Google Wallet have been turned off by retailers who are backing a not-yet-released payment alternative called CurrentC. (And really, how dare RiteAid try to grab a few cents from each transaction? Clearly that’s only an acceptable business strategy when Silicon Valley does it!)
Especially with today’s news that CurrentC was hacked, the trending meme seems to be that ApplePay is more secure than CurrentC. This may or may not be true, but I don’t find it to be super interesting.
First of all, it’s not interesting because CurrentC hasn’t really launched yet; it’s in beta. Now, from a PR perspective I can see how this hack would be bad news, but from an engineering perspective, it’s not uncommon to leave the windows open while a house is being built.
More importantly, the CurrentC hack isn’t interesting because the relevant comparison shouldn’t be between the security of the next-generation rivals. The real question is, how does each stack up to the security of the mag stripe that’s on the back of every American credit card? By that metric, I would expect Google Wallet, ApplePay, and CurrentC to all do very well: all of them involve active computation, encryption, and the ability to do things like challenge-response. So they should all be way more secure than the mag stripe.
However, I do agree with my devout Apple friends that CurrentC is fighting an uphill battle. I hadn’t heard of CurrentC before this week, but ominously, it sounds like the classic type of industry consortium that is doomed to failure. You’ve seen this movie, too: A bunch of big companies come together to try to innovate, and each company has a slightly differing strategic objective.
Historically, this is not a recipe for oodles of profit.
Early in my career, I worked for one such organization, so I write from experience. In 1995 I was briefly at Taligent, an ill-fated joint venture between Apple, IBM, and Hewlett Packard. It was a mess: Each of our corporate owners had different strategic needs, and sadly “Taligent making a profit” wasn’t on anyone’s list of goals. The company changed direction more frequently than its engineers changed t-shirts. I left before the bitter end but the writing was clearly on the wall.
Over the years, I was a vendor to Americast, a JV between Disney and five phone companies who were going to compete in pay TV with the cable and satellite operators. It failed for the same reason as Taligent. More recently, I watched Polycipher (a JV between several cable companies) struggle and ultimately fail to deliver a software-only conditional access system. And of course there’s also DECE, a consortium between 85 entertainment companies—what could possibly go wrong?—that has developed the Ultraviolet system. I don’t think that one has officially failed yet but it’s clear where it’s heading.
In fact, I can’t think of a single case of one of these industry consortia succeeding by any metric. (Please leave a comment if I’m mistaken.)
So, I wish the CurrentC folks well. The odds are definitely not in their favor.