[lusr]

I don't drink coffee, nevermind go to Starbucks. Can somebody explain whether it's normal for Starbucks to allow people to walk in and make purchases with a scanned copy of a card rather than the physical card?!

This to me is the most surprising and questionable aspect of this campaign being legitimate, but since nobody else is surprised I'm guessing it's normal? It seems like a total violation of the physical security embodied by requiring the purchaser to physically possess the card. Furthermore, depending on the transaction processing model they use, it could subject them to be fraud.

[tjbarbour]

This is basically how all of the mobile starbucks card apps work. You install the app on your phone, logon to your account, and then when you pay it shows an image of a card with your barcode. In this case, its just using a static image instead of the one generated by the app. I suppose they were ok with the tradeoff of convenience over the security risks.

[pbhjpbhj]

So you just need an image of a Starbucks card to purchase on that account? Presumably they're not bothered because it's their customers money that they're being free and easy with, the more fraud the more money they make ...?

[schme]

I don't really know per se, because we don't even have Starbucks where I live, but:

I thought the image was pretty indistinguishable from the app when viewed in an image browser. Most of them don't show any borders, so if you walk on the desk with the image ready, you probably couldn't tell the difference?

[rflrob]

I don't drink there often enough to be sure, but I suspect they have an app that displays the card's barcode. At that point, the difference between a live app and a screenshot of the app (which is what was on "Jonathans card") is pretty slim.