Article Blog Image

Starbucks & PCI

Alternative Payments

Chapter 19 of our book goes through a number of fun topics, including alternative payment schemes, emerging technologies, and a prediction or two on where we see things going and how you can prepare for these changes. There are a couple that we wanted to expand on here in a blog especially with respect to your obligations with PCI DSS compliance.

In 2013, Branden authored a blog post that got a ton of attention. Starbucks began revolutionizing the way they handled gift cards by allowing for re-charging while giving free drinks as benefits. Of course, it was cool for us techies because we could pay for a coffee with our phones, but it was also really cool for Starbucks when it came to the business reasons for doing so.

The tl;dr is this: Starbucks is a bank that sells coffee and pastries thanks to their reloadable gift card program. Not only does that mean they have a huge account set aside on their balance sheet full of our cash (more than $1.5 Billion worth), but they also have reduced their credit card processing fees tremendously.

Why is this important? Aside from the business case writing itself, the payment infrastructure to manage in-app payments via gift cards is much different than normal payment card acceptance. Starbucks will pay much less in per-transaction fees as people generally reload for more than the price of their typical Starbucks visit. Starbucks realized that this version of micropayments (maybe $1-$5) suddenly becomes cheaper and more beneficial for them to manage if they charge you $25 to load your account, and you work off that balance over time. Obviously regular visitors will see the benefits in free drinks over time as well as speed in payment, but Starbucks wins big too.

In this case, the key part that is in scope for PCI DSS is just the reloading portion of the card. For some extra fun, Starbucks could totally get around this by allowing you to connect your bank account to the app and doing a recharge over ACH. Zero fees there, and no PCI compliance requirements!

This model might look pretty interesting to anyone who has routine transactions they process, and especially if those transactions are on the smaller side. Imagine funding this a number of ways that do not include payment cards. It could be via cryptocurrency, SIM-based payments, or maybe Zelle for business (digital payments that are the same as cash).

Simplicity is the
ultimate Sophistication Leonardo da Vinci

When you are looking at ways to modernize how you accept and process payments, be sure to consider the simplicity that is now afforded to those of us who want to do things other than credit or debit cards. Also consider that you will have to make some guesses on how your customers will react to this. You can leverage nudge theory to try to push your customers into doing what you want, but be sure to build a top-down strategy that explores multiple scenarios with clear cut indicators for success or failure. Saving a few pennies per transaction may not be worth it if less than 1% of your transactions go that route.