Security flaw found in Starbucks gift cards
OTTAWA (KGO) -- A Canadian man claims to know about a substantial security flaw involving mobile telephones and Starbucks gift cards.
Starbucks customer Chris Ewing told CTV Canada that the 16-digit pin number found on the back of unactivated gift cards at the register can be entered into the Starbucks app to generate a barcode. That barcode can later be scanned by baristas in place of the physical card when buying items at Starbucks.
The flaw is the card doesn't need to be activated right away in order for a barcode, known as a Quick Reference code, to be generated by the application, meaning once the card is activated, a thief could use the already-generated QR code on his or her phone to make purchases.
Starbucks gift cards contain PIN numbers that are hidden on the back, but the PIN number doesn't need to be used at the register when paying for beverages through the mobile QR code.
CTV reports it was able to replicate the issue when the station purchased a gift card for its story.
Possible fixes include placing the gift cards behind the counter where customers can't readily access them until purchased, or only allowing the Starbucks app to generate barcodes for cards that have been activated by a cashier.
starbucks, holiday, technology
- San Jose police officer arrested for sexual assault
- Crews fix broken water main in SF's Lower Haight
- Officials investigating acid spill at Tesoro refinery
- Family mourns young woman killed by tree
- High speed chase ends in crash in Richmond
- Report: CVS could face $29M fine for painkillers
- Portland family calls 911 about angry cat
- Fitbit users still looking for answers on Force rashes
- 5-year-old boy, babysitter struck by car in crosswalk
- Stars raise money for SF children's hospital
- Man gets prison time in laser-pointer case
- Petaluma police searching for suspected drive-thru thief
- abcnews: 'The Bachelor' Finale Full Recap
- weather: Bay Area weather forecast for Tuesday