The recent news of the Starbucks hack is one of the warning signs against increasingly-convenient payment methods. Cybercriminals were able to steal money from Starbucks customers though the Starbucks mobile app without actually obtaining much financial information. The incident shows that hackers are looking to steal from us, indirectly. How else can they do it?
Dining and food apps
Starbucks offers just one of the many food and dining apps that store your information for easy-ordering purposes. Your billing address, delivery address and payment details are kept by these companies that may not be entirely focused on the security of their payment experience.
With Starbucks, hackers were somehow (still unclear) able to obtain customer usernames and passwords that opened up access to payment methods, which were used to refill gift card balances and transfer out gift card funds. Hackers can then sell these gift card balances to other people.
Pizza ordering apps, online food delivery apps, grocery delivery apps and fast food apps are examples of apps that could be vulnerable to similar hacks. They’re not the first things that comes to mind when you think about how cybercriminals would steal money from you, but there’s plenty of credit card information to steal through these apps.
Rewards and loyalty programs
In November 2014, hackers were able to break into the Hilton Honors hotel loyalty rewards program. After cracking into member accounts, crooks sold rewards points on the online underground market.
Imagine having 250,000 Hilton Honors points disappear from your account. Those are your hard-earned points that you saved up to use for free hotel nights and room upgrades. (Free nights start as low as 5,000 Honors points.) Hackers were reportedly selling 250,000 points for just $3.50, when these points are worth much more when used for free hotel stays. Fortunately, Hilton refunded those stolen points to affected members.
If hackers can compromise the rewards program of one of the largest hotel chains in the world, they may be able to carry out similar activities with other rewards and loyalty programs. This goes for airline frequent flyer programs, drugstore and retail loyalty programs.
Remember, they may just be rewards points on paper, but they represent financial savings (e.g., free flights, hotel stays, gift cards, merchandise, etc.).
Video games and entertainment
In 2011, the Sony PlayStation Network suffered a breach that allowed hackers to steal personal and financial information from customers who saved personal information with PlayStation (to make it easier to purchase video game and entertainment content). There were 77 million customer accounts that were vulnerable to the attack.
With that information, hackers could have made fraudulent purchases. Again, card issuers would refund customers for unauthorized purchases, but it was still an inconvenient situation.
Video game and entertainment platforms are being more integrated with convenient payments (think about those in-app purchases on your smartphone) and it is easy to forget that these third-party companies are holding your financial information. It is their job to secure such information. But, if they do a poor job at it, you’re the one in danger.
Simple tips to protect your accounts
Sure, it’s alarming that hackers still find a way to steal from people when there are already many security protocols in place. In the same way that burglars commit crimes based on opportunity (such a window that is left open just half an inch), hackers tend to look for open cyber windows.
Here are some security measures that you should take to minimize the likelihood of becoming a victim to similar hacks:
1. Use strong passwords. A formidable password remains the first line of defense against opportunistic hackers who simply try to log into your accounts by trying common passwords over and over again. An incoherent mix of characters often safer passwords (e.g., “Muney88trx”).
2. Don’t store payment info on rarely used apps. You don’t want information stuck on an ordering app that you rarely use — just choose not to store the card information in these apps. For frequently-used apps that do save your payment information, enable any forms of additional security features that may be offered (e.g., a PIN or biometric authentication such as fingerprint recognition).
3. Hide your payment card info, if possible. PayPal and other secure checkout options have become popular because you don’t need to enter your financial information every single time that you make an online purchase. Furthermore, they hide your financial data from the merchant, so hackers won’t get their hands on that information even if the merchant was hacked. Some banks even let you create temporary account numbers for online shopping.
Was your Starbucks account compromised? Do you still feel safe storing your payment information on mobile apps?
What kind of stories do you want to see more of on MyBankTracker? Let us know in the comments.