Author

Topic: Toronto Man Scammed Over $2,000 by McDonald’s Mobile App (Read 478 times)

hero member
Activity: 1204
Merit: 505
And that's it, nothing was done and McDonald's just got more rich for free, lol. And his not even the only one that has had such problem of money mysteriously stolen from their McDonald's app. McD is just going to keep claiming that it is the work of hackers when they know fir sure that it is a bug in their app. So how would a hacker just hack into your account just to purchase food, lol, that's really funny. Whatever it is that is happening, they know about it and will still be pretending that they don't know anything about it. It's best not to make use of those apps. Just delete your account and be safe.
newbie
Activity: 68
Merit: 0
All these scams, hackers and bad actors are what's making the current cryptocurrency market dry up.

It makes legitimate project like our's harder to find potential interest because of all the many scams out there.

I really don't like it because it turns people away from technology and dampens the advancement of technology whether it's new apps or new cryptocurrencies or just new technology in general.

-------------------------------------------------------------------------------------------------------------------------------
Digital Gem Token - Mainnet 100% Live

A decentralized open source store of value cryptocurrency that is more environmentally friendly and scale able than Bitcoin.

The inflation rate is 0.25% per year and uses the Delegated Proof of Stake consensus mechanism.

Website: http://www.digitalgemtoken.com
Block Explorer: http://www.explorer.digitalgemtoken.com:4200/#/
Wallet: Integrated with the Ark.io Wallet
Discord: https://discord.gg/hNcFgb3
Bitcointalk ANN: https://bitcointalksearch.org/topic/m.51287198
sr. member
Activity: 1540
Merit: 420
www.Artemis.co
Well there are a lot cases will likely to happen specially not all people are aware of the modus operandi of criminals on the internet. As day by day our technology keeps on advancing we need to self educate ourselves and stay vigilant when it comes to securing our identities and financial information.
sr. member
Activity: 994
Merit: 302
Is there anything the man could have done to protect himself when he linked his debit card to the McDonald's app? Like, could he have used a different debit card with a lower cap?

Also with having a crypto-based payment system instead of what Ronald have now, how is that going to be more secure? Someone for example can still just use the login details and pay with the victim's crypto.

The thief will most probably die of serious medical conditions after he ate all those hamburgers. The 2004 documentary Super Size Me followed documentary filmmaker Morgan Spurlock as he ate three meals a day at the fast-food chain for 30 days. He gained almost 25 pounds and was told he suffered from irreversible heart damage. Source : https://www.cosmopolitan.com/food-cocktails/a9231619/mcdonalds-for-five-days-straight/

It just shows you that every payment method has exploitable vulnerabilities and that centralized payment methods have the same problems, because human interaction is part of the problem.  Wink

Serves those thieves right. Hope their arteries are blocked now.

LOL, HAMBURGLAR! That is freaking funny Cheesy I don't know where these people get these nicknames from but that is awesome Cheesy.

Waaaaattt??


This little guy is the first thing that came to my mind when I saw the title.
hero member
Activity: 2044
Merit: 784
Leading Crypto Sports Betting & Casino Platform
I think to adopt blockchain or not in this case is just a small detail. The fact is that Mcdonalds will have to compensate the amount scammed to the victims, doesn't matter if it happend due to the weak passwords or due a total system flaw. The customers won't have any losses.
It's a centralized system, but it works anyway: Mcdonalds will have to improve their app, then they might consider blockchain and bitcoin adoption as a possibility, otherwise they will continue having a fail system which will cause several losses and bad news for their business.
legendary
Activity: 2296
Merit: 2262
BTC or BUST
LOL, HAMBURGLAR! That is freaking funny Cheesy I don't know where these people get these nicknames from but that is awesome Cheesy.

Waaaaattt??
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
The thief will most probably die of serious medical conditions after he ate all those hamburgers. The 2004 documentary Super Size Me followed documentary filmmaker Morgan Spurlock as he ate three meals a day at the fast-food chain for 30 days. He gained almost 25 pounds and was told he suffered from irreversible heart damage. Source : https://www.cosmopolitan.com/food-cocktails/a9231619/mcdonalds-for-five-days-straight/

It just shows you that every payment method has exploitable vulnerabilities and that centralized payment methods have the same problems, because human interaction is part of the problem.  Wink
legendary
Activity: 1484
Merit: 1004
It is regrettable in the incident and we cannot blame it, of course it is true that the application development team must be responsible for the unexpected theft that happened lately, but hopefully this will be a very fast solution and fast handling too and if it will continue, there must be a second layer of security or improve the existing system, not a big problem because accidents are very difficult to predict.
legendary
Activity: 3248
Merit: 1402
Join the world-leading crypto sportsbook NOW!

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.

Countries like sweden which are lean heavily towards cashless societies and RFID implanted chips to execute financial transactions could be vulnerable to the type of attacks exploited in mcdonald's payment app. That's another news story relating to potential vulnerabilities which could use more coverage than its receiving atm.
The discussion you are relating to also shows some struggles with adoption. The Forbes article on acceptance of Bitcoin says that while some big companies accept such payments, they do not admit it. This might suggest that they feel ashamed for doing it as if Bitcoin was a bad thing. Turning to the McDonald's case, I am disappointed that such a huge company is trying to point fingers in other directions instead of compensating the users of their application and investigating the reason behind the attacks. Certainly, hijacking access to a Bitcoin wallet would be harder and this could be a benefit for customers.
hero member
Activity: 2828
Merit: 611
They should be blamed for not working on their app security. And I think some people are really making huge mistake, once I notice things like this happening, I would just give up on it and delete their app before I become their next victim. What if they are the ones doing it?? Maybe there's an error in their app and it keeps debiting users and charging them for orders they never made? You never know. They really should take security serious and stop causing people unnecessary problems unless they are ready to pays back everything that was lost.
If you are to blame them, then you should blame the application developer who gave chance to it. It is actually not so easy though when it comes to application coding, it really requires experts to handle it and even these hackers too are experts whom most of them are usually in the same field with these security experts too,

They all know their coding secret which could be cracked at any time. The only way to avoid this hacking is either the hacker doesn’t have interest in hacking the company or they get guru, I mean guru to handle their project provided they can pay for the guru services.
hero member
Activity: 3164
Merit: 937
I'm sure that the victim of the scam could easily file a chargeback and get his money back.
There are many cases of credit/debit card scam/fraud but unlike crypto frauds the people that were scammed can get their money back.We can't judge that MacDonalds will start implementing blockchain technologies and crypto payments just because of one scam.
sr. member
Activity: 2044
Merit: 314
Vave.com - Crypto Casino
They should be blamed for not working on their app security. And I think some people are really making huge mistake, once I notice things like this happening, I would just give up on it and delete their app before I become their next victim. What if they are the ones doing it?? Maybe there's an error in their app and it keeps debiting users and charging them for orders they never made? You never know. They really should take security serious and stop causing people unnecessary problems unless they are ready to pays back everything that was lost.
That's the problem with the mobile app because it can easily be hacked sad thing is that, if they can't handle higher security then they might stop using cryptocurrency as mode of payment. Mobile apps of any business should be more secured especially with the banks or even fast food chain, I'd rather pay in cash than to use any application which I can't trust the provider of that Apps. This should become a lesson for everyone, you have to limit the amount of transactions on any Mobile apps and never to connect your credit card or any financial system.
hero member
Activity: 1190
Merit: 541
They should be blamed for not working on their app security. And I think some people are really making huge mistake, once I notice things like this happening, I would just give up on it and delete their app before I become their next victim. What if they are the ones doing it?? Maybe there's an error in their app and it keeps debiting users and charging them for orders they never made? You never know. They really should take security serious and stop causing people unnecessary problems unless they are ready to pays back everything that was lost.
member
Activity: 805
Merit: 26
Quote
Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’

This is just another example why many of us feel like nothing can be safe in our interconnected and online world as there will always be weaknesses, vulnerabilities, bugs, back door exploits and similar problems that can affect any system. At the end of the day, the consumers are the ones bearing the burden as these big corporations can take time to solve similar incidents. I am looking forward for the time when the blockchain technology can be utilized to safeguard and secure these payment facilities so that we can enhance the trust and confidence of them...this news is not serving well for the mainstream adoption of bitcoin and the likes as third party infrastructures can be exploited by genius hackers and scammers.
You are right man! this is the disadvantage of online payment. You can easily steal buy scammers and hackers without knowing that your money gone. It is unsafe for us because many people can hide their anonymity and personal identity. In that case, we do not know if we send the right person or not. In addition, they can imitate the other backgrounds or information about the merchandise that we will purchase our stuff. I wish this incident will not happen again.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
It is possible mcdonald's app thieves hang out in a nearby parking lot with a laptop running a WIFI packet sniffer recording all mobile app transactions. The data would be encrypted but depending upon the strength of the encryption utilized it can be vulnerable to attack. Similar methods have been utilized to rip RFID financial data from credit cards and chips with RFID enabled.

Or it all could be far far less complex...
https://gizmodo.com/hungry-hackers-use-mcdonalds-app-to-steal-1-500-in-fas-1834381636

Also, how the hell does someone spend 2 thousand dollars on mcdonalds? Like it is one of the cheapest food places in the whole world, even in countries where food could be more expensive (or cheaper doesn't matter) mcdonalds usually rank at the top of the list for cheap food places.

So, when you spend 2000 dollars on mcdonalds in Canada Toronto that is like probably over 100 burgers, which means either the person didn't actually buy the burgers but there was an inside job where cashiers help him get cash and pay with app and they made some money too, or dude didn't realize he was being robbed for weeks even months before he realized it.

Most likely the gizmodo assumption is correct, they've shared his login details on some website and people just helped themselves


Also, loooooool

Quote
@McDonaldsCanada so now that you've stopped replying to my emails I'm back to Twitter since you have yet to resolve my fraud issue with your stupid app. Glad to know that I'm not crazy now that other people are going though the same bullshit!

legendary
Activity: 3024
Merit: 2148

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.


In centralized payment systems part of the burden of security always lies on the central entity - if they get hacked, the users will suffer, while in decentralized system like Bitcoin the whole burden lies on users - the system as secure as the people who manage private keys. So at the first glance it looks like decentralized system is more secure, but the centralized system can often roll back transaction, block accounts, track money and take other measures - this can be used for bad things, like being overly suspicious and creating obstacles for innocent users, but it can also be used to recover stolen funds or prevent thefts when users make mistakes.

I don't think that we as crypto users are in right position to point fingers at centralized payment systems when it comes to security, when our own security remains very hard - almost every day someone comes to this forum or other platform and wonders why their coins are suddenly gone, only to realize that they've been robbed because they've installed a fake wallet or got malware, and there's 0% chance they'll recover their money.
hero member
Activity: 1414
Merit: 516
I also don't like when this happen, someone withdraw from card the money but somehow the ATM has some error and not get money from and also the bank not give him money because appear as withdraw, but i think crypto is here to solve that problem an more secure to make transaction.
sr. member
Activity: 1176
Merit: 301
This is why I don't trust those kind of services that ask you to put up your card details.
And this is why blockchain should be used in online transaction to secure the users information or account.
They need to upgrade their app's security system to prevent this from happening again.
hero member
Activity: 2842
Merit: 772
This is part and parcels of this kind of technology. Criminals tend to exploit it the minute they found vulnerabilities. But I'm quite surprised how those crooks are really sophisticated. With the advent of new technologies, comes a long a new breed of intelligent criminals playing around with the latest McDonald's app.

Need for those web app developers to step up as well, and for the public to be very very careful with thieves just around the corner.
hero member
Activity: 1022
Merit: 538
Quote
Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’

This is just another example why many of us feel like nothing can be safe in our interconnected and online world as there will always be weaknesses, vulnerabilities, bugs, back door exploits and similar problems that can affect any system. At the end of the day, the consumers are the ones bearing the burden as these big corporations can take time to solve similar incidents. I am looking forward for the time when the blockchain technology can be utilized to safeguard and secure these payment facilities so that we can enhance the trust and confidence of them...this news is not serving well for the mainstream adoption of bitcoin and the likes as third party infrastructures can be exploited by genius hackers and scammers.
They are the problems of themselves, and I see it as all pride, whatever you wished for in this statement has already been covered by bitcoin and that is why satoshi created a more secured system that would make it difficult for any vulnerabilities.

We started having all these issues when many people wants to create their own payment system like satoshi and they don’t seems to get it right, I wonder what need is it for people to still continue to create an online payment apps that are not secured rather than depending on what satoshi has already worked out, I am sure by now, they would have been realizing that bitcoin payment processor is still the safest.
legendary
Activity: 3710
Merit: 1170
www.Crypto.Games: Multiple coins, multiple games
LOL, HAMBURGLAR! That is freaking funny Cheesy I don't know where these people get these nicknames from but that is awesome Cheesy. Also, how the hell does someone spend 2 thousand dollars on mcdonalds? Like it is one of the cheapest food places in the whole world, even in countries where food could be more expensive (or cheaper doesn't matter) mcdonalds usually rank at the top of the list for cheap food places.

So, when you spend 2000 dollars on mcdonalds in Canada Toronto that is like probably over 100 burgers, which means either the person didn't actually buy the burgers but there was an inside job where cashiers help him get cash and pay with app and they made some money too, or dude didn't realize he was being robbed for weeks even months before he realized it.
hero member
Activity: 3178
Merit: 977
www.Crypto.Games: Multiple coins, multiple games
Damn. This is new. I don't think such a small scale attack could make the employers think about adopting BTC as a payment option, but a series of attacks could make them consider it sometime in the future.

Even if the attacks don't happen, I am expecting them to consider offering BTC as a payment option following the lead of other popular retailers like Starbucks etc.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
Read the news as 'Florida Man' due to memes but..

Anyways, I don't think the McDonald's app is at fault in here tbh. It could be something else, and the hackers are just using the card for ordering fast food (which sucks, lol), and it appears that these hackers are fond of McDonalds. Most of the time, I see services just reimburse immediately in order to contain the situation but it seems that they don't want to do something and wanted to know everybody that their app is insecure anyway.

Not sure how the situation is in your country, but I have noticed how banks here started to be less willing to compensate people for their own stupidity, which if you take off your anti bank cap, is understandable.

If you as bank continue to compensate people in every possible way, they won't care about internet security anymore because they automatically assume that the bank will just cough up the money as if nothing happened.

Local banks here do not give out refunds and reimbursements easily even if its clearly their platform's fault. Lost almost a thousand dollars just 2 months ago due to their 'maintenance' and it is only last week that I have received the reimbursement which sucks because why do I need to fight for my money anyways? But then again there are still some people who are just plain stupid and still wants to get a refund to conceal their stupidity, boost their ego and not lost a single penny.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Since most of the time banks reimburse the loss, so they don't care much
Not sure how the situation is in your country, but I have noticed how banks here started to be less willing to compensate people for their own stupidity, which if you take off your anti bank cap, is understandable.

If you as bank continue to compensate people in every possible way, they won't care about internet security anymore because they automatically assume that the bank will just cough up the money as if nothing happened.

That's one of the reasons I like Bitcoin so much, you are pretty much forced to take internet security seriously because if you don't, you could lose your money and there is no one you can complain to.

Same here but we need often to insist to get a refund
- someone steals your card without the PIN code, the bank refunds the loss if any.
- someone steals your card with the PIN code, the bank refuses to refund anything, it considers it's your own fault. (The funny thing is we have insurance on VISA cards including the loss of means of payment etc. Roll Eyes)
But nowadays it can be easy for some to steal the card and get the code (often at the supermarket or ATM) and banks don't get that.
legendary
Activity: 1526
Merit: 1179
Since most of the time banks reimburse the loss, so they don't care much
Not sure how the situation is in your country, but I have noticed how banks here started to be less willing to compensate people for their own stupidity, which if you take off your anti bank cap, is understandable.

If you as bank continue to compensate people in every possible way, they won't care about internet security anymore because they automatically assume that the bank will just cough up the money as if nothing happened.

That's one of the reasons I like Bitcoin so much, you are pretty much forced to take internet security seriously because if you don't, you could lose your money and there is no one you can complain to.
hero member
Activity: 1274
Merit: 519
Coindragon.com 30% Cash Back
This simply means that any business which is connected to an online business app is risky. Everything that involves money online is hackable and we can't take control of that. It's just so sad that it's now hard to entrust and link our debit card to any mobile apps these days. We should just try to get rid of this process but focus on fiat payment method.
hero member
Activity: 2870
Merit: 574
Vave.com - Crypto Casino
First of all, I don't use MyMcD to buy, and I am very aware of using the apps on my mobile phone will give a hole for the attacker to use my private information.
But that will only happen if I install the unknown apps and I don't know if the developer is good or not.
I see on many apps that including the Payment section so the user can add their debit or credit card in the apps and that will give an attacker to try to penetrate the apps and try to steal your money.
It will need awareness from the user itself to add their payment card or let it empty so they can prevent from the attacker.
It is better not to add debit or credit card to any apps, and maybe we could only add the tokens inside the apps, so we only use the tokens without adding the debit or credit card inside the apps.
hero member
Activity: 1120
Merit: 554
The amouht is so small that Mcdonalds will just refund the victim. No payment method will ever be 100 percent safe.  Its really funny that the thief just bought more fast food, so they are the real loser in the end from the bad health effects.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Every new technology comes with new problem types. But I admit $2.000 it's a lot of burgers to eat  Cheesy
There is still a long time before merchants start to use crypto just because of an application failed unfortunately and client too... Since most of the time banks reimburse the loss, so they don't care much
legendary
Activity: 2170
Merit: 1427
On the internet, you must always make sure to take care of all your information and never ever provide it to any unauthorized person.

Peolpe hand over their information to third parties without realizing that it isn't a good thing. I remember that last year there was some sort of a low value shopping voucher you could claim locally, but for that you had to fill in a detailed form requiring pretty much all your information.

The worst part is that it wasn't even one of the participating stores themselves, but a random third party. What I think happened in the background is that people's data has been sold and with a small chunk of that they bought the vouchers to give it to all the participants. Another risk here is that hackers can gain access to their servers and actually abuse it.

Just say no to all that nonsense and don't use public wifi hotspots. Nowadays everyone has high GB data bundles anyway, so why do you need that wifi?
legendary
Activity: 2562
Merit: 1441
These kinds of cases often happen in each and every mobile application/retailer e-commerce apps in the whole world.McDonald's have nothing to do with this case, they are not the one who this O'rourke could point out. However, Mcdonalds must look and search for the person who is doing this. (the Toronto guy)

On the internet, you must always make sure to take care of all your information and never ever provide it to any unauthorized person. This Toronto guy might know O'rourke personally or he already caught O'rourke as his victim using phishing sites or emails.

O'rourke must learn that he has to be more secure in the future to avoid these kinds of cases. Because honestly, if you know or familiar with these kinds of scams and frauds, you could avoid it to happen to you.


It is possible mcdonald's app thieves hang out in a nearby parking lot with a laptop running a WIFI packet sniffer recording all mobile app transactions. The data would be encrypted but depending upon the strength of the encryption utilized it can be vulnerable to attack. Similar methods have been utilized to rip RFID financial data from credit cards and chips with RFID enabled.

Crypto currency payment apps could have an advantage here if they interact only with a retail scanner, bypassing the WIFI or internet connectivity portion of electronic payment systems. That could make them less vulnerable to man-in-the-middle-attacks or financial data being intercepted. It will take time for details to emerge, if they are ever published or publicized.
legendary
Activity: 2492
Merit: 1232
These kinds of cases often happen in each and every mobile application/retailer e-commerce apps in the whole world.McDonald's have nothing to do with this case, they are not the one who this O'rourke could point out. However, Mcdonalds must look and search for the person who is doing this. (the Toronto guy)

On the internet, you must always make sure to take care of all your information and never ever provide it to any unauthorized person. This Toronto guy might know O'rourke personally or he already caught O'rourke as his victim using phishing sites or emails.

O'rourke must learn that he has to be more secure in the future to avoid these kinds of cases. Because honestly, if you know or familiar with these kinds of scams and frauds, you could avoid it to happen to you.
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
This is just another example why many of us feel like nothing can be safe in our interconnected and online world as there will always be weaknesses, vulnerabilities, bugs, back door exploits and similar problems that can affect any system.
True, but pockets have been getting picked since the beginning of pockets.  What we have here is just another form of it.

What amazes me is that these thieves went on a burger binge with the stolen loot--it's almost comical if it didn't suck so bad for the victims.  And I'm not sure if McDonald's is ready for bitcoin yet, for many of the same reasons why most fast food franchises aren't.  Confirmation times is the big one that sticks out in my mind from their side, and network fees are a concern from the consumer side.  We all know that there can be points where the network is congested and both fees and wait times are increased, and that makes it impractical for fast food, fast coffee, or fast anything. 

If anything, McD's would probably create their own coin instead of using bitcoin.  But I'm not sure if they're ready to adopt blockchain tech anytime soon.  We'll see, though.
sr. member
Activity: 1008
Merit: 355
Quote
Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’

This is just another example why many of us feel like nothing can be safe in our interconnected and online world as there will always be weaknesses, vulnerabilities, bugs, back door exploits and similar problems that can affect any system. At the end of the day, the consumers are the ones bearing the burden as these big corporations can take time to solve similar incidents. I am looking forward for the time when the blockchain technology can be utilized to safeguard and secure these payment facilities so that we can enhance the trust and confidence of them...this news is not serving well for the mainstream adoption of bitcoin and the likes as third party infrastructures can be exploited by genius hackers and scammers.
full member
Activity: 952
Merit: 104
★777Coin.com★ Fun BTC Casino!
Quote
Back in February, a Halifax woman claimed the McDonald’s mobile app resulted in a fraudster getting access to her payment details and spending $500 on a fast food bingefest.

Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’.

MobileSyrup’s Patrick O’Rourke is telling everyone to delete the McDonald’s mobile app, as he fell victim to fraudsters spending over $2,000 in fast food using his BMO debit card, linked to the app.


O’Rourke says he discovered the fraud after noticing his mobile orders were unable to complete. The scammers spent his money at various McDonald’s locations in Montreal.

McDonald’s issued the following statement regarding the matter, saying:

“I can tell you that every day, thousands of Canadians order, collect and pay for McDonald’s food and beverages on their smartphone through the My McD’s app. As you know, mobile ordering is quickly growing in popularity with all retailers, especially at McDonald’s.

While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure. McDonald’s also does not collect or store credit card information as My McD’s app only holds a token with the payment provider to allow purchases (I trust given your expertise you understand what “token” means).

Just like any other online activity, we recommend our guests be diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”

For now, O’Rourke says he’s caught in the middle with both McDonald’s and BMO pointing fingers at each other regarding the lost money. He is out $2,000 and it appears a long road is ahead to recover the money. The situation may have been different if a credit card was linked to the account instead of debit, as unauthorized purchases can usually be reversed when disputed, especially when scams are involved.

This does not appear to be an isolated event, as many users on RFD have recently also been saying they have been scammed by the McDonald’s app.

The MyMcD’s iOS app does not feature Apple Pay for in-app payments, but it should, it seems like. Two-factor authentication for logging into the app may be worth considering as well.

How to remove your payment card from the MyMcD’s iOS app? Launch the app, click on the ‘More’ tab, then go to Profile > Payment Methods. Once you see your card, swipe it to the left and you’ll see an option to delete it.

Have you had any issues with the McDonald’s mobile app and someone else spending your money?

https://www.iphoneincanada.ca/news/toronto-man-scammed-2000-mcdonalds/

....


This news story is related to news of starbucks and other large franchises / retailers recently accepting bitcoin transactions:

https://bitcointalksearch.org/topic/starbucks-nordstrom-and-whole-foods-now-accept-bitcoin-5142884

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.

Countries like sweden which are lean heavily towards cashless societies and RFID implanted chips to execute financial transactions could be vulnerable to the type of attacks exploited in mcdonald's payment app. That's another news story relating to potential vulnerabilities which could use more coverage than its receiving atm.

This maybe an isolated case but some large franchise who plan to adopt on blockchain and accept Bitcoin to be their means of payment would surely look for a much higher security. Most of the systems are prone to hacks yet, if they improve their securities then their vulnerability to it will be minimized.
legendary
Activity: 2562
Merit: 1441
Quote
Back in February, a Halifax woman claimed the McDonald’s mobile app resulted in a fraudster getting access to her payment details and spending $500 on a fast food bingefest.

Now, it appears more reports are coming in, with the latest seeing one Toronto man losing $2,000 via the McDonald’s mobile app, by yet another ‘Hamburglar’.

MobileSyrup’s Patrick O’Rourke is telling everyone to delete the McDonald’s mobile app, as he fell victim to fraudsters spending over $2,000 in fast food using his BMO debit card, linked to the app.


O’Rourke says he discovered the fraud after noticing his mobile orders were unable to complete. The scammers spent his money at various McDonald’s locations in Montreal.

McDonald’s issued the following statement regarding the matter, saying:

“I can tell you that every day, thousands of Canadians order, collect and pay for McDonald’s food and beverages on their smartphone through the My McD’s app. As you know, mobile ordering is quickly growing in popularity with all retailers, especially at McDonald’s.

While we are aware that some isolated incidents involving unauthorized purchases have occurred, we are confident in the security of the app. We do take appropriate measures to keep personal information secure. McDonald’s also does not collect or store credit card information as My McD’s app only holds a token with the payment provider to allow purchases (I trust given your expertise you understand what “token” means).

Just like any other online activity, we recommend our guests be diligent online by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”

For now, O’Rourke says he’s caught in the middle with both McDonald’s and BMO pointing fingers at each other regarding the lost money. He is out $2,000 and it appears a long road is ahead to recover the money. The situation may have been different if a credit card was linked to the account instead of debit, as unauthorized purchases can usually be reversed when disputed, especially when scams are involved.

This does not appear to be an isolated event, as many users on RFD have recently also been saying they have been scammed by the McDonald’s app.

The MyMcD’s iOS app does not feature Apple Pay for in-app payments, but it should, it seems like. Two-factor authentication for logging into the app may be worth considering as well.

How to remove your payment card from the MyMcD’s iOS app? Launch the app, click on the ‘More’ tab, then go to Profile > Payment Methods. Once you see your card, swipe it to the left and you’ll see an option to delete it.

Have you had any issues with the McDonald’s mobile app and someone else spending your money?

https://www.iphoneincanada.ca/news/toronto-man-scammed-2000-mcdonalds/

....


This news story is related to news of starbucks and other large franchises / retailers recently accepting bitcoin transactions:

https://bitcointalksearch.org/topic/starbucks-nordstrom-and-whole-foods-now-accept-bitcoin-5142884

Payment processing systems recently rolled out by mcdonald's and others have utilized vulnerable systems and questionable security practices. This could open the door to bitcoin and crypto currency based payment systems which could prove themselves to be more security oriented and reliable over the long term.

Countries like sweden which are lean heavily towards cashless societies and RFID implanted chips to execute financial transactions could be vulnerable to the type of attacks exploited in mcdonald's payment app. That's another news story relating to potential vulnerabilities which could use more coverage than its receiving atm.
Jump to: