Yes, I’m that person. The customer who insists on a receipt after every debit card purchase. Sure, it’s a waste of paper. But if my purchase for $ 12.11 shows up on my account as a debit of $ 1211 — what do I have as evidence?
After all, it took Jean Obando two weeks to get back $ 550 in fraudulent charges that came via his Starbucks mobile app.
The Starbucks app needs tightening up, since thieves (who probably don’t even like coffee) are using it as a gateway to rob money from consumer credit cards, bank accounts, and PayPal accounts. And this week, Starbucks admitted it.
“Starbucks acknowledged that criminals have been breaking into individual customer rewards accounts,” according to a story at CNN. “The Starbucks app lets you pay at checkout with your phone. It can also reload Starbucks gift cards by automatically drawing funds from your bank account, credit card, or PayPal.”
According to reports, thieves break into a victim’s Starbucks account online, “add a new gift card, transfer funds over — and repeat the process every time the original card reloads.”
Some bilked customers admit they had pretty accessible passwords that needed to be tougher. However, Starbucks may have work to do, too.
“Starbucks can do more on its end,” explained CNN. “Most respectable online services (like Gmail, Twitter and LinkedIn) let users enable two-step authentication, which sends a text message to your phone whenever you sign in from a new device. This added layer of security would have protected Starbucks customers, said Gavin Reid, an executive with cybersecurity firm Lancope.”
If digital payment systems and mobile pay apps are going to survive, the companies that run them had better get their acts together.
Until that happens, I’m still wary of allowing any entity unfettered access to my bank account or other money accounts. One bold hack by a thief and I could find myself without the rent and standing on a curb begging for a cup of coffee.