Don’t let the app auto-reload funds
Linking bank accounts to auto-reload funds ensures you’ll never hit $0 on the app -- but it’s the biggest concern for Bob Sullivan, the privacy reporter, who covered what he called an “ingenious” scam involving several Starbucks apps users.
Thieves who apparently obtained users’ Starbucks.com login credentials were able to siphon money from them in minutes, by loading their stored funds onto a new gift card and repeating the process every time the auto-reload feature added more money. It was as if the scammers had stolen from users’ credit and debit cards -- but they didn’t need to have access to the card, or even know the account numbers. (In response to the scam, Starbucks encouraged its customers to protect their accounts with unique passwords.)
“Directly linking your bank account gives hackers an easy back door,” Sullivan says. “So even if you’ve taken other security precautions, when you give an app access to your account you’ve circumvented all that. And with auto-reload, criminals can steal again and again and again, as happened with Starbucks.”
Instead, reload funds onto dining apps manually. As with the advice to re-enter your credit card number every time you make a transaction, it’s a tip that adds a step. But the momentary annoyance is much better than getting stuck trying to reimburse stolen funds.
“Coffee chains aren't banks,” Sullivan says. “They have almost no experience dealing with the issues that come up in bank fraud and the clever ways bank hackers steal money.”
Ordering takeout with a single tap is satisfyingly simple, and just plain fun. But keep in mind restaurants won’t -- and can’t -- match your bank’s experience protecting your valuable financial data. Take a few precautions and you’ll be able to chow down with less risk.