Starbucks scam targets coffee chain consumers: How to protect yourself

The auto-reload function on Starbucks gift cards has opened the door for criminals to steal up to thousands of dollars from victims' bank accounts. 

|
Lucy Nicholson/Reuters/Files
A Starbucks logo on a store in Los Angeles, Calif., in March 2015.

Starbucks card users beware: A scam has hackers using Starbucks loyalty cards and mobile payments to steal hundreds, and even thousands, of dollars from victims' credit cards in a scheme one consumer advocate calls "so ingenious they don’t even need to know the account number of the card they are hacking."

While it's unclear how much criminals have stolen so far, the problem is widespread and the potential for scammers is significant: Starbucks said it processed $2 billion in mobile payment transactions last year, according to reports.

The key to the Starbucks scam is the auto-reload function, which allows Starbucks gift card or mobile payment users to automatically reload their Starbucks card from a linked credit or debit card once the Starbucks card dips below $10.

As such, criminals are able to steal money from bank accounts – without knowing a consumer's account number, username, or password – by using Starbucks cards linked to those accounts.

In the case of one victim, who wrote about her experience in an article for the now-defunct blog Gigaom titled, "How scammers drained $1,700 from my bank account using Starbucks cards," scammers repeatedly transferred her automatically-reloaded Starbucks card balance onto a card of their own in $30 and $60 increments until they had depleted $1,700 from her account. 

In a statement, Starbucks said, "We have safeguards in place to constantly monitor for fraudulent activity and work closely with financial institutions to make sure our customers are protected."

But consumer advocates like Bob Sullivan are suggesting Starbucks card users immediately disable the auto-reload function on their Starbucks cards and mobile payments.

The  scam is representative of a recent shift in consumer hacking. Criminals have begun focusing less on banks and financial institutions, which now have more protections in place and are therefore harder to hack, and more on third-party retailers.

“Fraud is moving away from banks into big ecommerce companies,” Avivah Litan, a fraud analyst at consultancy Gartner, told Mr. Sullivan. “Criminals are learning how to turn rewards programs, points, and prepaid cards into cash.”

Cardholders can control their security, however. Consumer advocates are advising those who use merchant cards to use strong passwords, change passwords often, monitor their accounts closely, and turn off auto reload options on their accounts.

Meanwhile, Starbucks has assured consumers that it is aware of the problem, and that card users won't be on the hook for unauthorized charges.

"[C]ustomers are not responsible for charges or transfers they didn’t make. If a customer registers their Starbucks Card, their account balance is protected by Starbucks," spokeswoman Maggie Jantzen said in a statement. "As soon as we were contacted by the customer of this activity, we worked quickly to resolve her concerns."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Starbucks scam targets coffee chain consumers: How to protect yourself
Read this article in
https://www.csmonitor.com/Business/The-Bite/2015/0513/Starbucks-scam-targets-coffee-chain-consumers-How-to-protect-yourself
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe