CurrentC, the mobile payment system backed by Rite Aid and CVS amongst others, has already been hacked. The system isn’t even officially live for consumer-wide testing, but already it’s coming up against some huge hurdles—and that’s not even counting the major blowback from Apple Pay and Google Wallet users.

The company sent out an email to beta participants this week alerting them to a possible breach; as of now, it sounds like important banking information is safe, though CurrentC says that an unauthorized third party may have accessed e-mail addresses. That, on the surface, might not sound like a huge deal, but the fact that CurrentC taps directly to your bank account doesn’t give us the utmost confidence in the company’s security.

CurrentC is urging users to refrain from opening fishy emails to avoid possible phishing attacks. The company’s service is still in testing, but already it’s off to a really bad start. In addition to security issues, people have criticized CurrentC because of how difficult it is to actually use. CurrentC uses a QR-based system that needs to be scanned by the merchant in order for payments to go through.

Here are a few of the steps.

  • Open the CurrentC app
  • Open the QR code scanner
  • Scan the QR code on the cashier’s screen

And if the QR code method doesn’t work, you can manually enter a numeric code. Compared to Apple Pay, which simply requires you to put your phone next to an NFC reader with your fingerprint over TouchID, CurrentC sounds far more complicated. And the fact that CurrentC keeps your information in the cloud, not in a Secure Element on your phone, will likely scare a lot of people away, especially considering all the credit card attacks against retailers over the past few years.

Other companies part of the Merchant Customer Exchange (MCX) include Walmart, Best Buy, Target and many, many more.