NEW YORK (WABC) -- Mobile apps are a popular form of payment. But how do you ensure that your app doesn't get hacked?
$2,175 dollars. That's a lot of lattes for real estate agent Matt Martin.
He linked his debit card to automatically reload his Starbucks account $25 at a time. But back in May he didn't realize, someone hacked into his mobile app and spent thousands around the country using his credit card. From mid-May to mid-August - someone re-loaded his app - 86 times.
A freeloading free-for-all! The coffee criminal cranked up on caffeine using Matt's mobile app at Starbucks in four separate states, even in Mexico, sometimes reloading three times a day, all on his dime.
"They were buying for their whole office or their whole ring of thieves. I don't know," Martin said.
Martin took his app angst to Starbucks in August and says he was initially told he'd be refunded for the fraud.
"They actually even told me that they issued the refund to the credit card," Martin said.
But when he didn't see the credit for two weeks he called back.
"They were like oh never mind we're not giving you the money back," Martin said.
He's not alone, contract military instructor James Warrick says he 's had several security breaches on his and his wife's Dunkin' Donuts accounts. He says someone siphoned almost $100 out of their mobile app.
He says he tried to ask Double D not just for money back, but to find out how it's app is being compromised.
"When I emailed and said 'I'm done with Dunkin,' they said, 'I'll call you back.' I still haven't gotten that call," Warrick said.
We called both competing companies. Martin received all 86 refunds. One for each coffee con, a total of $2,175.
The big takeaway: If your apps don't have layers of protection, cyber security experts say only use mobile apps that use two-factor authentication. Avoid signing in to public WiFi. Change passwords often, and monitor mobile accounts. Martin didn't do such a great job in that department and that's what led to his big problem.
Corporate Statements:
Starbucks:
"First and foremost, the security of our customer's information is critically important. Occasionally, we find unauthorized activity connected to a customer's account, like the one you shared. This type of activity is not caused by a breach or hack of our website or apps, but rather when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. We remain resolute in protecting our customer's accounts with the help of a team of engineers dedicated to advancing security and fraud prevention. Unauthorized account activity is an industry-wide challenge, and we see only a tiny fraction of one percent of account holders impacted- a level vastly better than industry average. We strongly encourage our customers to follow best practices to protect their accounts and, if we are made aware of any unauthorized activity, we immediately work with our customers directly to ensure that their account remains whole, as we did here."
Dunkin' Donuts:
"We take the security and privacy of our DD Perks members very seriously. Dunkin' Donuts is not aware of any issue with the DD mobile app. We did speak with Mr. Warrick regarding his individual DD Perks account to resolve any issues he may have experienced."
SHARE YOUR STORY
Do you have an issue with a company that you haven't been able to resolve? If so, 7 On Your Side wants to help you!
Send us your questions, issues, and story ideas to by filling out the form above, by emailing 7OnYourSideNina@abc.com, or contact Nina on her Facebook page or tweet her at Twitter @7OnYourSideNY! You can also call the 7 On Your Side Hotline at 917-260-7697.