Customers’ Coffee Costs a Latte More; Must Improve Password Maintenance (May 19, 2015)
Starbucks customers last week noticed their purchases were costing a lot more than expected after hackers exploited the Starbucks app’s auto-reload function that’s connected to consumers’ payment cards, according to reports. Apparently, consumers’ accounts (not the Starbucks network) were hacked through stolen passwords, enabling hackers to draw off funds from the Starbucks app every time consumers’ accounts were auto-loaded.
The incident shines a light on the importance of more robust security, according to Rick Oglesby, research director for Double Diamond Group. He tells Paybefore he doesn’t believe the incident will hurt Starbucks or ultimately deter consumers from using mobile payments.
“This isn’t about mobile payments; it’s about passwords and finding a better way to secure any platform that uses them,” Oglesby says. “Better options, such as multi-factor authentication, are being offered by more providers, and biometrics will have a role to play here as well.”
When news of the hack broke, Starbucks in a May 13 press release was quick to shoot down the rumor that the mobile app had been hacked. “Like all major retailers, the company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions,” according to the company. The release also provided tips for consumers to protect their accounts from hackers, such as changing passwords often and using different passwords for different sites—especially those that keep financial information.
See related stories: