Sunday, February 13, 2011

Starbucks Mobile Card App Major Flaw

Starbucks has taken another step further into the smartphone technology universe by creating a new app that allows users to pay for their coffee with their smartphone device. For iPhone users like myself, my life is in my phone from email to photos to music and apps that make my life easier. Why not throw my wallet in there too? According to the coffee-giant, users can download an app that works similarly to the Starbucks Card. The app can be loaded with funds that are linked to an account (i.e. debit card) and when it comes time it pay, they just pull up a barcode image on their phone and scan it. TRANSACTION COMPLETE!



At first thought, this idea seems pretty impressive. No need to fumble through my HUGE purse looking for my wallet to pay for my morning coffee. Convenient right? But after looking further into this new app it has become very clear that this new technology has a major design flaw. In the time it takes for you to come back from the bathroom, a hacker can compromise your Starbucks. This can be done due to the fact that your Starbucks account is not password protected and there is no identity verification at the time of purchase. Within minutes your account is depleted with something as simple as a screen shot of your barcode.

CONVENIENCE VS. SAEFTY

This brings about another concern. If it is so easy to gain access to deplete my funds, how easy will it be for hackers to compromise the account that is linked to the Starbucks account. Although you can link your Starbucks account with PayPal, many users will most likely opt to use their debit and credit cards which can make hem sitting ducks for hackers that prey on that type of information.

So question is: Are you willing to compromise your finanicial safety in order to get out of Starbucks a bit quicker or carry around less?

Sources:
http://www.mobilecommercedaily.com/2011/02/09/how-to-compromise-the-starbucks-rewards-card-app-in-90-seconds
http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2011/01/05/investopedia49861.DTL

http://www.wired.com/epicenter/2011/01/stabucks-mobile-app-goes-national-digital-wallet-advances/#
Posted by Alexa@ at 11:06 AM

3 comments:

  1. Anna MFebruary 13, 2011 at 2:11 PM

    Hey there!

    Alexa, you are raising a valid point, we are not safe from hackers - "electronic robbers" as well as from old-fashioned physical theft these days.

    However, it is not easy to steal funds directly from your bank account using the new Starbucks mobile payments app. The app is actually linked to your Starbucks card, which then is linked to your bank account.

    In order to add funds to the app, you actually need to go online and do it yourself through a secured account. There may be settings that you could use such as add funds automatically every time the balance goes lower than $5 for example (like Skype does) but you can also avoid that option.

    Besides that, the app includes a user name and a password, so you can lock it. The passcode will have to be entered every time before using the application, just like a debit card.

    Therefore, even if someone gets a hold of your phone, and figure out the first password, they potentially could only use the funds currently available on the Starbucks account (usually less than $50?), which is actually not that scary. Imagine if someone gets a hold of your real wallet, they could potentially steal all your cash as well as use all your credit cards.

    Here is actually some info directly from the FAQs on the Starbucks website:

    "To protect the balance on your Starbucks Card, set up a Starbucks Card Account via your device or at starbucks.com/card. This way if you lose your phone, you can report your lost Starbucks Card using the procedure for Lost Cards and you'll receive full balance protection. Treat Starbucks Card Mobile much like you would your other credit and debit cards – if you notice any suspicious activity on your account please notify Starbucks customer service at 1-800-STARBUC (782-7282)"

    More useful info on protecting your Starbucks account can be found here:

    http://www.starbucks.com/customer-service/faqs/coffeehouse#mobile-card-iphone-app

    Hope my review had been useful! :)

    ReplyDelete
  2. maribela21February 13, 2011 at 6:48 PM

    Wow, very true. The app is very convenient, but as you say, how much are people willing to risk for convenience. As it is, even using your debit card at a gas pump or ATM can bring some risk to identity theft. My sister used her debit card at a private ATM and lost hundreds because it was hacked. The same for me, my card information was stolen from a gas station pump. So to attempt to be naive and think that this app is nothing but good things would be foolish. Now days nothing is secured anymore, it is up to the person to be an educated and smart consumer.

    ReplyDelete
  3. Cinthya V MorenoFebruary 13, 2011 at 8:07 PM

    Everything will have its pros and cons. It's up to the consumer to make the smartest decision and to be informed before making a purchase.

    I believe that where there is a flaw, there is an opportunity and as an example I have FaceCash. I posted on my blog information about how to avoid the Starbucks' flaw. A company based in California came up with a mobile payment method that as soon as the merchant scans the barcode from your phone; your picture will pop up in their screen. Assuring the account holders' identity and privacy.

    I wish we could have it here in Miami and see how many shops actually implement this!

    ReplyDelete

Subscribe to: Post Comments (Atom)