Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Starbucks caught storing mobile passwords in clear text

Evan Schuman | Jan. 16, 2014
In a case of convenience for users trumping security, Starbucks has been storing the passwords for its mobile-payment app, along with geolocation data, in clear text.

Litan added that, for many consumers, the Starbucks security fumble endangers more than the money they have loaded onto their Starbucks stored-value cards. That's because many consumers reuse passwords. "In about 20% of the cases, the password is the same as for their banks," she said. "Consumers reuse their passwords whenever they can." That's a security failing on the consumer end, and not Starbucks' responsibility, of course. But any consumer whose bank account is compromised because of Starbucks' clear-text password storage isn't going to have warm feelings toward the coffee chain. Mozido's Wiggs voiced concern that Starbucks' mobile password carelessness will hurt other mobile-payment efforts. "I don't think that the financial exposure to the consumer or to Starbucks is really material in this case," he said. "The real damage is to consumer perception. On the heels of Target, are fewer consumers going to choose to embrace mobile devices for payment because of this?"

In a column on Tuesday, Jan. 14, I encouraged companies to look at Starbucks and to emulate it's slow-go approach to mobile commerce. I still would argue that that is a good idea, but on this clear-text password thing — not so much.


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.