Starbucks has had one of the most successful mobile payments strategies to date with more than one in six transactions being conducted via the Starbucks mobile app, which is connected to a reloadable Starbucks gift card. Targeting Starbucks mobile app users and exploiting a setting that automatically reloads the Starbucks gift card, fraudsters are taking over accounts and repeatedly stealing funds.
Consumer security journalist Bob Sullivan was the first to report of these attacks targeting consumers with Starbucks accounts for managing their reloadable card, most often used with in-store mobile payments through the Starbucks mobile app. When paying the consumer opens the Starbucks app to scan a QR code that references and charges the consumer’s closed-loop Starbucks Card. In 2014 Starbucks processed $2 billion in mobile payment transactions via their mobile app, which has over 12 million users.