Slashdot Mirror
Hackers Using Starbucks Gift Cards To Access Credit Cards
jfruh writes: Starbucks inspires loyalty among its heavy users — so much so that they're willing to connect their Starbucks gift cards and phone apps directly to their credit or debit cards, auto-refilling the balance when it runs low. But this has opened up a hole hackers can exploit. Writing about the scheme journalist Bob Sullivan says: "The fraud is a big deal because Starbucks mobile payments are a big deal. Last year, Starbucks said it processed $2 billion in mobile payment transactions, and about 1 in 6 transactions at Starbucks are conducted with the Starbucks app. Maria Nistri, 48, was a victim this week. Criminals stole the Orlando women’s $34.77 in value she had loaded onto her Starbucks app, then another $25 after it was auto-loaded into her card because her balance hit 0. Then, the criminals upped the ante, changing her auto reload amount to $75, and stealing that amount, too. All within 7 minutes."
I don't use it on my phone, didn't use it on my Disney pass, and would not use it for coffee either. None of these organisations have either the security awareness of credit card companies nor the statutory framework requiring them to cover losses where you are not at fault. I like to limit my exposure to the amount I add on
The post didn't even actually say exactly what is going on.... People link their credit card to some star bucks account with auto reload. Hackers just guess the users password or get it some other way. Once inside the you can transfer the money to another card. They then sell that other card to idiots below its account balance. Star bucks then honour it anyway?
This is what's wrong with online payments. To make a credit card payment, the website should just direct me to the website of visa/mc/amex and have me verify myself, and transfer money to the merchant, very similar to how PayPal works. With phones being so ubiquitous, a similar thing could be done for brick and mortar stores. Pop up a QR code at the register, scan it with a visa app, enter your credentials, and the payment is done. We need to fix the system and get rid of these antiquated payment methods.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
RTF linked article. Bad people guess your Starbucks login and transfer your funds to another Starbucks gift card which is the auctioned off on some anonymous dodgy version of Ebay.
You trust the infrastructure between you and the second party, but only in the US (and some tourist areas) is it considered acceptable to hand over your card to a 3rd party who disappear with it for a while. The rest of the world, the third party never, or rarely even touches your card. So you don't have to trust a 3rd party with your card to use it. At most, you trust the infrastructure between you and the credit card company.
Learn to love Alaska
Why can starbucks gift cards be used for anything other than buying starbucks products? Why is the cash accessible in the first place? Anyone stealing starbucks gift cards, hackers or thieves, ought to be stuck with boat-loads of coffee, after having visited a starbucks store. Otherwise, folks, it ain't a gift card, it's a charge card, credit card, or direct-monetary-device -- and since starbucks ain't a bank, you ought not be entrusting them with direct access to your money.
What's the point of a starbucks "gift card" if it operates no differently from the attached credit card?