Risky Business with Starbucks App

By Joyce Deuley

As many of you heard, Starbucks has again come into some hot water over security issues—this time regarding customer account breaches through their mobile application. It appears that hackers are accessing customers PayPal and bank accounts through Starbuck’s connected gift card application—sometimes within a few minutes of the customer leaving the store.

These hackers are using the rechargeable services to make continuous reloads or gifts through the Starbucks application, and all the mega-coffee conglomerate can say in response is that customers should be using stronger passwords. While I will agree that users could definitely do more to secure their personal accounts, that doesn’t mean that the coffee giant couldn’t come up with a stronger brew of security.

For instance, many other companies that handle customer payment information are using dual authentication measures that demand verification if the account is being accessed from a new device or IP address. Additionally, Starbucks should have some protocols in place for successive gifts, seeking additional types of permission from users in the event that it isn’t an authorized transaction.

As a result of the breaches, several customers have decided to disable the application and keep it old school—manually loading the cards at the register, which Starbucks has encouraged for the time being. However, the Seattle-born company should be careful. There’s only so much blame they can place on customers’ lack of secure passwords. Instead there should be open dialogue about fixing the problem and Starbucks should take additional measures to prevent this type of breach in the future. If they don’t, customers will definitely leave feeling scalded.