Back in February, a Halifax woman claimed the McDonald’s mobile app resulted in a fraudster getting access to her payment details and spending $500 on a fast food bingefest.
Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’.
MobileSyrup’s Patrick O’Rourke is telling everyone to delete the McDonald’s mobile app, as he fell victim to fraudsters spending over $2,000 in fast food using his BMO debit card, linked to the app.O’Rourke says he discovered the fraud after noticing his mobile orders were unable to complete. The scammers spent his money at various McDonald’s locations in Montreal.
McDonald’s issued the following statement regarding the matter, saying:
“I can tell you that every day, thousands of Canadians order, collect and pay for McDonald’s food and beverages on their smartphone through the My McD’s app. As you know, mobile ordering is quickly growing in popularity with all retailers, especially at McDonald’s.
While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure. McDonald’s also does not collect or store credit card information as My McD’s app only holds a token with the payment provider to allow purchases (I trust given your expertise you understand what “token” means).
Just like any other online activity, we recommend our guests be diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”
For now, O’Rourke says he’s caught in the middle with both McDonald’s and BMO pointing fingers at each other regarding the lost money. He is out $2,000 and it appears a long road is ahead to recover the money. The situation may have been different if a credit card was linked to the account instead of debit, as unauthorized purchases can usually be reversed when disputed, especially when scams are involved.This does not appear to be an isolated event, as many users on RFD have recently also been saying they have been scammed by the McDonald’s app.
The MyMcD’s iOS app does not feature Apple Pay for in-app payments, but it should, it seems like. Two-factor authentication for logging into the app may be worth considering as well.
How to remove your payment card from the MyMcD’s iOS app? Launch the app, click on the ‘More’ tab, then go to Profile > Payment Methods. Once you see your card, swipe it to the left and you’ll see an option to delete it.
Have you had any issues with the McDonald’s mobile app and someone else spending your money?
https://www.iphoneincanada.ca/news/toronto-man-scammed-2000-mcdonalds/ ....
This news story is related to news of starbucks and other large franchises / retailers recently accepting bitcoin transactions:
https://bitcointalksearch.org/topic/starbucks-nordstrom-and-whole-foods-now-accept-bitcoin-5142884Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.
Countries like sweden which are lean heavily towards cashless societies and RFID implanted chips to execute financial transactions could be vulnerable to the type of attacks exploited in mcdonald's payment app. That's another news story relating to potential vulnerabilities which could use more coverage than its receiving atm.