Litan added that, for many consumers, the Starbucks security fumble endangers more than the money they have loaded onto their Starbucks stored-value cards. That's because many consumers reuse passwords. "In about 20% of the cases, the password is the same as for their banks," she said. "Consumers reuse their passwords whenever they can." That's a security failing on the consumer end, and not Starbucks' responsibility, of course. But any consumer whose bank account is compromised because of Starbucks' clear-text password storage isn't going to have warm feelings toward the coffee chain. Mozido's Wiggs voiced concern that Starbucks' mobile password carelessness will hurt other mobile-payment efforts. "I don't think that the financial exposure to the consumer or to Starbucks is really material in this case," he said. "The real damage is to consumer perception. On the heels of Target, are fewer consumers going to choose to embrace mobile devices for payment because of this?"
In a column on Tuesday, Jan. 14, I encouraged companies to look at Starbucks and to emulate it's slow-go approach to mobile commerce. I still would argue that that is a good idea, but on this clear-text password thing -- not so much.
Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek and eWeek. Evan can be reached at firstname.lastname@example.org and he can be followed at twitter.com/eschuman. Look for his column every Tuesday.
Read more about security in Computerworld's Security Topic Center.