Starbucks security fail, and why communication is important

Even the big guys can get it wrong. I haven’t written this to call out Starbucks, or anyone else for that matter, rather I intend it to be educational.

But lets start with the story. I had stopped at Starbucks recently to pick up my grande Mocha (why can’t I just call it a medium?) and picked up a business card sized advertisement for their Starbucks Rewards Card.

It was simple enough, letting the consumer know that the “Starbucks Card Rewards = Free Goodies”. But in fine print under the marketing hook it says “when you register at starbucks.com/card”.

Now for a tangent, I believe when going to a Web site there are three distinct types of people out there. The one person who either enters the URL into the search bar / box, the one who types the address as seen, or the other who will go to the main domain name.

Starbucks security error in Firefox 3.5

I typed the URL in exactly as seen and was greeted with a wonderful error, “Alert, starbucks.com uses an invalid security certificate. The certificate is only valid for www.starbucks.com, Error code: ssl_error_bad_cert_domain)”.

Well, that sure isn’t good. Closing out the error dialog leaves me with a blank page and for the less Web savvy consumer the wording may unnecessarily alarm them because of the security warning.

This is why you must review your marketing materials. Someone thought it was important to save the four characters on the printed piece but probably never tested it on the Web. Because the SSL certificate is tied to the domain name with the WWW it is giving people errors when they type this in.

Starbucks security error in Safari 4

I’d like to think someone tested this. The error I am getting is on Firefox 3.5 on a Mac. On the same machine I get a similar error in Safari 4, but it at least redirects me after I press “continue”, even though Safari warns me that I may be connecting to a “website that is pretending to be starbucks.com”. But then I fire up IE 7 and get “There is a problem with this website’s security certificate.”, so either no one tested this or something broke along the way.

Communication is key, and whether it’s an Account Manager or Integration Officer that is reviewing these items – someone skipped a step. Furthermore, while it is ultimately on those people to review everything it should be noted that everyone involved failed as well. The developer that never thought to ask about the SSL certificate setup, the account team that approved the creative, the creative director or designer that laid out the copy and never thought to inquire about the implications of shortening the URL, and every Starbucks employee that sees this card everyday.

That said, I know it’s easy for something like this to slip through the cracks. And this is why the account and creative teams needs to become more tech savvy and why the development team needs to educate others. We no longer live in a world where this is the job of someone else.

Dennis Jenders

With nearly 15 years in the field, Dennis Jenders is a digital marketing strategist with significant experience in analytics, design, development, information architecture and market research. Dennis is a founding board member of the Milwaukee Interactive Marketing Association, currently works at Laughlin Constable and is an adjunct professor at Marquette University.

Website - Twitter - More Posts