Hackers have found a new way to pick your virtual pocket without your bank even noticing. How, you ask? Good question my friends, but via our beloved Starbucks gift cards and the Starbucks app.
That’s right. The gift card you got from your company’s Secret Santa could be burning a hole in your digital wallet. “Starbucks App Hackers” and “Gift Card Hackers” can now tap into your gift card, take the value of the card, and then, using Starbucks’ auto-reload mobile payment app, rip the associated debit or credit card information.
Hackers Turn Points into Payday
Within minutes of hacking a customer’s Starbucks mobile payment app, a hacker transfers what the customer has already loaded into their Starbucks account onto a gift card that the hacker controls. The customer’s mobile app will then immediately auto-reload the account, since the balance has hit zero. That amount then flows straight to the hacker’s card.
Controlling your mobile payment app, the hacker could easily change the auto-reload amount to any amount at all, quickly draining your debit or credit account of hundreds of dollars. This can go on over and over till nothing is left in your bank account or your credit card is maxed out. In rare cases, the bank takes notice and sends the customer an email to change their account password, but it is usually too late, as the transactions happen immediately over and over.
The latest hack is one example of a trendy new form of fraud, which turns prepaid cards and reward programs into liquid cash. Credit card hackers are going after third-party firms that create alternative payment systems, which are much easier to hack than the big financial institutions.
You can find stolen money from these programs in the black market, on online forums where hackers trade gift cards, hotel and travel points for money.
Weak Security for Third Party Payment
This practice is much less risky for hackers, who then don’t have to worry about alarming the sophisticated security software that banks use to detect irregular spending patterns. If the hackers make moderate withdrawals over long periods of time, Starbucks’ auto-reload system won’t be alerted.
Starbucks’ mobile payment system is quite popular, with 16 million active users processing over $2 billion in transactions in 2014.
Starbucks mobile payment system has done very well. They have over 16 million users and have processed more than $2 billion in mobile transactions last year. About one-sixth of these were made with cell phones. Starbucks is pushing this program hard, both because it keeps their customers loyal and because it cuts down on credit card interchange fees.
Starbucks assures us that they are aware of the problem and are working to put safeguards in place. Of course, customers are not held responsible for fraudulent charges.
Currently Starbucks stated they are working on the problem and making sure safeguards are in place to protect their customers and themselves. Customers will not be responsible for charges or transfers they didn’t make.
It is unclear how often this happens. Starbucks denies that the problem is pervasive, but it’s not hard to find complaints about customers Starbucks money and related credit-card fraud on hacking forums. Starbucks has also been dealing with brute-force attacks into their web site from hackers trying to get to customer usernames and passwords.
While auto-reload and other award programs offer convenience and other goodies, the savvy consumer should be wary of them. Treat any card or mobile app linked to their bank account with as much caution as you would treat your credit card information. Check your account regularly for any suspicious transactions.