First of all, if you have an online account for Starbucks, or Peets, or anything else that’s tied to money you don’t want to throw away, make sure you’re not using a compromised or easy to change password. Go change it now. Really.
And while you’re at it, you might check out haveibeenpwned.com, a site run by Microsoft’s Troy Hunt in his spare time to track where your email address may have been found in a data breach. Some you might be able to guess (Target, Equifax, etc) but others might be a surprise.
Okay? Let’s get the story started then.
Starbucks has had their prepaid cards for over a decade, and they have a pretty usable mobile app that lets you link your cards, your rewards account, and top-up methods together in one place. It’s very convenient for me, living within walking distance of two Starbucks stores and liking to get out of the home office now and then.
A benefit they added in the last couple of years that’s very convenient (and got me over one of my main concerns over the cards themselves) is the option to tip from the app after your purchase posts. If you don’t carry cash but still want to give a little thank-you to your barista squad, it’s convenient, and it’s not connected to you face to face (so they don’t know if you tipped 50 cents or 50 dollars). The option manifests in a pop-up that tells you that “tipping is available until <two hours from now>.”
This feature had an unexpected benefit for me this past weekend. I woke up around 10am on Sunday and checked my phone, finding that “tipping is available until 11:42am” message on my notifications. Quite convenient indeed.
The problem is, I had been asleep for several hours before that. And on top of that, the purchase that I was being allowed to tip for was on East Colfax Avenue in Denver, Colorado. Quite the long sleepwalk from Silicon Valley in California, right?
Well, I found that there were actually two unauthorized charges from Denver… one I hadn’t noticed a couple of days earlier, and one that morning. I logged in to my Starbucks account on the web, reset my password via my password manager, and contacted Starbucks through their web contact form. They told me I’d have to call in to discuss the matter, and I did.
The agent I spoke to got my gold rewards card cancelled/reissued, the unauthorized charges refunded, and the credit transferred to the new card. I have to wait a few days to actually use it, as it will come to me in the mail, but I was able to get an e-card to get me by until then (and still earn my rewards).
Ideally you won’t have a compromised password on your account, but in the event that either your card or your account is compromised, the Starbucks mobile app may give you a not-too-late warning.
You might not be as worried about $25 on your Starbucks account, but if you have auto-reload turned on, it can add up pretty quickly if someone else is brewing with your card.