Starbucks cards make it convenient to purchase coffee and food items at any Starbucks store. Even more convenient is the ability to use an app on your smartphone tied to your Starbucks card. The app has a bar code with the card’s account number on it so when a customer makes a purchase all they have to do is place the screen of the smartphone under the bar code reader. A handy feature that Starbucks often pushes is “auto-reload” where your card is automatically reloaded by an amount that you choose when the balance gets close to zero. To do the auto-reload (or to reload for that matter) your card is tied to your VISA or Mastercard account so that funds are charged automatically to you.
In one example, hackers stole $34.77 from one Starbucks customer, another $25 after it was auto-loaded and another $75 after the hackers changed the auto-load amount. The three transactions took place in less than ten minutes.
If a hacker can obtain the account ID and password, it is fairly easy for him/her to move funds around for their own purposes.
Starbucks recommends that Starbucks card holders, who have registered their cards online, immediately disable the auto-reload function on their account. Also, change the password to a “strong” password. To make your password strong, use 12 or more characters, include lowercase and uppercase characters, numbers and symbols, generate the password randomly, avoid using the same password twice, and avoid using information in the password that might become associated with the user or the account.
Note: With the convenience of paying online also comes a danger of hackers breaking into your accounts. While the amounts in the above example are not earth shattering, it is disturbing to have any amount of money pass on to someone who is not authorized to use your account. A feature such as auto-reload may be convenient to be able to have your caffeine fix on demand, it does allow someone to take funds without you noticing right away.
Currently, the best method to secure your Starbucks account is to have a strong password and to change your password periodically, as much of a pain as that might be.