Comments on: Stabucks mobile payment app easily scammed by simple screengrab

By: Digimo Group

Digimo Group — Sun, 06 Mar 2011 13:34:00 +0000

Honeycomb is not good Enough for that matter. the reason for that it does not support 100 % of the market (both POS and merchent and both mobile devices ) so how can it be solved ? Mobile payments, marketing, wallet, coupons and others create a lot of buzz. digimo believe that the right solution should create value to all participants of the payments value chain, or echo system. We think the right way to do that is by meeting the customers needs – and it does not matter if you are a bank, retailer, MVNO/MNO, credit card company or other.
The main challenge in creating value and meeting the needs is in bridging between the online and offline worlds – the Digimo http://www.digimo.biz solution is not a cool online informative tool; it is not a technical payment mechanism at the pos; it’s both

By: Eric Klein

Eric Klein — Thu, 10 Feb 2011 20:22:00 +0000

Really? C’mon folks … seriously, this is a non-starter.

By: guest

guest — Thu, 10 Feb 2011 16:54:00 +0000

If someone is paying such close attention to trying to get something off of you, they could just as easily take a pic of your creditcard while you stand at the register holding that in your hand, which could cost you a lot more than a cup of coffee. If you aren’t aware enough to think about what you are doing, you could get “hacked” at anytime in a lot of different ways. Is it the apps fault if you don’t conceal your info? Reminds me of the old “It’s McDonald’s fault I spilled hot coffee on myself”.

By: Andy S.

Andy S. — Thu, 10 Feb 2011 16:39:00 +0000

Seriously? No, go right ahead and try to snap a photo of the screen of the phone of the person standing in front of you in line. In order to get a photo large enough to be scannable, you’ll either need a phone that has a telephoto lens strapped to it (digital zoom will not suffice), or you’ll have to stick your phone practically right on top of your victim’s phone, and I suspect that they’d notice that and maybe cause a ruckus, and you might find yourself with your phone forcefully placed into an orifice.

Moreover, this would require the complicity of the cashier. Unless you can take the time to get a good, full-screen photo of the other person’s screen, where the photo is not off-center, rotated, or showing any reflection off of the other person’s phone, the cashier is going to notice that they are looking at an illicitly-obtained image. And as more people pay with their phones, cashiers are going to become more and more accustomed to what the barcode screen looks like on each phone, and will have an easier time spotting a fake.

In other words, you realistically need physical access to a non-password-protected phone without the owner’s consent, and either enough time to capture a flawless photo, or access to a Starbucks cashier that is willing to scan a captured code. I don’t see this being exploited too frequently, except by the desperate, and only at the expense of the very stupid.

By: Anonymous

Anonymous — Thu, 10 Feb 2011 15:41:00 +0000

Not to dilute the risk of this (I 100% agree, the codes should NOT be the same each time) — This is a not more of a risk than the physical cards. First, those can be stolen and used w/o showing an ID, or anything; Second the same scheme can be done with the keychain cards — the account # copied, bar code created, and printed (or photo shopped into an iphone “app”, and used to steal — however, I think since the app itself can be password protected, it’s a fair bit more secure than the physical card.

By: Anonymous

Anonymous — Thu, 10 Feb 2011 15:41:00 +0000

By: Leona

Leona — Thu, 10 Feb 2011 15:17:00 +0000

Thankful I don’t have an Iphone or buy coffee at StarBucks, phew safe.