Is Starbucks Mobile Payment Vulnerable to Hackers?

By Daniel B.

While the numbers are small -- perhaps just a handful of users -- some Starbucks mobile payment customers have been hacked.

The breaches, which were first reported by journalist and author Bob Sullivan, target people who use the auto-reload feature on the company's app-linked gift cards. Starbucks spokesperson Maggie Jantzen acknowledged the security breaches in a call with The Motley Fool,but said that they were not widespread, and that any specific problems brought to the company's attention were quickly resolved:

Continue Reading Below

The Starbucks incidents, which are the subject of a thread on Reddit, are not a major hack like the Target or Home Depot breaches, and they do not suggest the company has a security problem with its app. What they do show is that all companies and users have vulnerabilities.

What happened to the Starbucks customersStarbucks' vulnerability is not a systemwide issue. Instead, it's caused by consumers having their usernames and passwords stolen, which allow the criminal to steal money through the company's auto-reload feature, which is linked to a credit card. Sullivan detailed one instance of the theft on his site:

Once a hacker has access to a person's Starbucks account, he or she can move balances to an account they control and continue to do so when the account auto-reloads.

Sullivan wrote:

The Starbucks app allows you to pay from your phone.

Safety recommendations from the coffee giantWhile Starbucks does not go as far as telling consumers to disable the autoreload feature, Jantzen did suggest users of the app follow "several best practices to ensure their information is as protected as possible." She suggested strong passwords as one method to ensure security. She also pointed out that customers are not responsible for charges or transfers they did not make, and noted that balances on registered cards (or cards tied to the mobile app) are protected.

"If a customer sees unauthorized activity on their account, we encourage them to contact us immediately," she said.

Starbucks also issued a press release in which it specifically stated that news reports that said its app had been hacked were "false." The company did acknowledge that it sometimes "receives reports from customers of unauthorized activity on their online account."

This, the company wrote, is "primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks." To stop that from happening, the coffee chain recommends a number of best practices:

  • Passwords:Creating passwords made up of long phrases or sentences that mix capital and lowercase letters, numbers, and symbols. Using different passwords for different sites, especially those that keep financial information. Changing passwords often.
  • Lost or Stolen Device: If a customer believes his device has been lost or stolen, immediately change passwords for financial and personal accounts to prevent any identity theft or fraud.
  • Stay Alert:Regularly review bank statements for suspicious activity. If something is in error, immediately report that to your financial institution.

These are sensible strategies for any app linked to a credit card, and they make sense for anyone who uses mobile payment.

What this means for businesses and consumersThe biggest threat here is that consumers lose faith in the safety of the Starbucks app. The coffee giant said in October 2014 that "roughly 16% of its U.S. sales now occur through a mobile device, with the company now handling about seven million mobile payments each week," GeekWirereported.It also controlled about 90% of all mobile payment transactions last year, according to the tech site.

Mobile payment is a key part of Starbucks' strategy, with things like ordering in advance via phone or tablet being tested and slowly rolled out around the country. The chain has succeeded in getting people to use its app well beyond any other retailer, and maintaining trust is key.

Consumers should be reassured that hackers are working on an individual basis, not on a broad, companywide one. Using the Starbucks app is safe, provided you follow the best practices listed above.

Starbucks has done well to get in front of this and stop it from becoming a crisis. For now, that should stop the panic and perhaps get more customers to be smart about their passwords and monitor their accounts more diligently.

The article Is Starbucks Mobile Payment Vulnerable to Hackers? originally appeared on

Daniel Kline owns shares of Apple. He uses the Starbucks app and has itautoreload. The Motley Fool recommendsApple, Home Depot, and Starbucks. The Motley Fool owns shares of Apple and Starbucks. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

Copyright 1995 - 2015 The Motley Fool, LLC. All rights reserved. The Motley Fool has a disclosure policy.