Starbucks mobile payment app a new frontier for cybercriminals

Turns out there’s an additional danger to using the Starbucks app besides suffering the silent rage of everyone else in line who’s waiting while you fumble around with your phone to pay.

The Starbucks app, a reloadable form of electronic payment, has become a prime target for hackers recently. It’s part of a growing trend among cybercriminals to hack the e-commerce platforms and rewards programs of major retailers.

Although there has not been an infiltration of the Starbucks app itself, CNBC reports that any number of individual users have had their accounts accessed by criminals.

Maria Nistri, one of 16 million Starbucks customers who use the app, told the financial cable network that just last week she was alerted to unusual activity on her account. It seems an unauthorized user stole the $34.77 that was already on the card and then began reloading it several times and taking more money. The thieves manage to take roughly $200 from Nistri in about seven minutes.

Nistri is one of the growing number of consumers embracing mobile payment apps. Companies like Starbucks encourage customers to pay with these types of apps because it reduces banking transaction fees and encourages repeat business. But cybersecurity experts say mobile payment systems offer a new entry point for hackers.

“Fraud is moving away from banks into big e-commerce companies,” said Avivah Litan, a security analyst for Gartner, speaking to CNBC. “Criminals are learning how to turn rewards programs, points, and prepaid cards into cash.”

Litan said these kinds of mobile payment platforms and rewards programs have a huge appeal for cybercriminals, since they are often easier to crack that banks and other financial institutions. Hackers have also found a way to turn these non-cash commodities into cash, with Deep Web forums available for hackers to sell travel points and other rewards.

It’s unclear just how many Starbucks app users have fallen victim to this sort of theft. The company has issued several statements asserting that the app itself has not been compromised in any way. They also encouraged customers to avoid using the same login credentials that they use for other apps and sites to reduce the chances of their accounts being compromised.

“We take the obligation to protect customers’ information seriously and have safeguards in place to constantly monitor for fraudulent activity, working closely with financial institutions like all major retailers,” Starbucks spokeswoman Maggie Jantzen said. “Our customers’ security is incredibly important to us and we take all these concerns seriously… Customers are not responsible for charges or transfers they didn’t make. If a customer registers their Starbucks Card, their account balance is protected by Starbucks.”

Another alternative might also be to just carry a five on you.

Photo via Nicola/Flickr (CC BY 2.0)

Tim Sampson

Tim Sampson

Tim Sampson is a reporter who focused on the technology, business, and politics beats. He's also an established comedy writer, with work on Comedy Central and in The Onion and ClickHole.