-
One man has shared his Starbucks prepaid card with the world, allowing anyone to spend and reload it using a feature of the card that was once called a security flaw.
August 9
Starbucks Corp. changed its mind about allowing a customer to share his prepaid card with the world.
In July, Jonathan Stark uploaded a screenshot of the Starbucks iPhone app that was linked to his prepaid coffee card. This image included a bar code that can be displayed at the point of sale to make payments – anyone with the image could spend from or reload the account. Stark said last week that for every two people who accessed the account to get free coffee, one person donated funds to reload it.
Starbucks was initially supportive of Stark's experiment, and said by email last week that it is confident that its security measures are enough to protect most customers. Stark told American Banker in a phone interview that because Starbucks adheres to the requirements of the Payment Card Industry data security standard, he has no ability to see the bank account details of anyone who reloads his card.
Stark said in
"We've received hundreds of stories of people doing small things to brighten a stranger's day," he wrote. "So, tonight we lose our bar code. But of course, we never needed it in the first place."
A Starbucks representative told American Banker by email that the company grew "concerned about the potential for fraudulent activity." Starbucks notified Stark in advance before closing his account Friday evening.
The shutdown followed another programmer's move demonstrate how the card's social nature could be exploited. Sam Odio created a script to show when the card has received a substantial donation. Odio could then take the money and transfer it away. Odio
Stark already had a script that broadcast the card's balance over Twitter. He told American Banker last week that monitoring the card's balance would be a poor way to steal or launder money, since so many people have access to the same data.
The card (and the differences of opinion over its purpose) was also the subject of