Today’s alleged breach at Starbucks is a result of on-going challenges faced by the payments industry; balancing real security with consumer demand for convenience. The technology to avoid such breaches already exists, making breaches such as this increasingly difficult to comprehend, or accept.
The alleged hacking of Starbucks customer accounts is reported to be related to weak passwords; one of the most pervasive entry points for fraudsters over the last 20 years. This unavoidably translates back to the continued use of out-dated user authentication mechanisms on the part of the merchant. Invariably, this lack of security is in an effort to make things as simple and convenient as possible for their customers.
There needs to be a balance between the drive for frictionless and seamless purchasing with pragmatic authentication. While retailers want to drive top line volume, it should not be at the risk of financial or reputational loss. As today’s announcement demonstrates, the risks can be high if criminals find a way to penetrate those customer journeys.
New business processes which drive great consumer experience need to include mechanisms which allow for appropriate authentication. Importantly, that authentication needs to be clearly understood by consumers, trusted by both consumer and the industry, and easily implementable by all stakeholders.
Cardholder PIN, as part of a multi factor authentication approach, clearly has a firm place in the process. Removing barriers to innovation due to security concerns, technology from myPINpad bridges the gap between digital payment advancements and proven, trusted consumer authentication.
Starbucks has been one brand dedicated to improving life for its loyal customers through technology innovation. Safe deployment of this technology can be derailed by many factors, but in the wake of today’s alleged breach, the requirement to secure their customer’s data properly should not be one of them.