BankThink

Online food delivery comes with a side of fraud

Digital payments and remote channels were generally slower to gain traction in the food and beverage sector compared to other retail outlets. Now, though, the industry is making up for that delayed adoption.

Digital channels in the industry now demonstrate rapid YoY growth. Total delivery sales in food service in the U.S. reached $34 billion in 2018, representing a 13% increase compared to the previous year.

Much of that boost took the form of food delivery apps like DoorDash, Uber Eats, Grubhub, or Postmates, as well as merchants’ own individual apps. Overall, food delivery represented roughly 37% of restaurant industry sales.

Chart: Misuse of EMV and mag stripe

Sounds like restaurants—and the apps who work with them—are doing gangbusters, right? Unfortunately, it’s not that simple.

With wider usage of remote channels comes greater risk exposure. The 2019 Fraud Attack Index report from Forter shows a 60% increase in fraud in the food and beverage industry in 2017 and a 79% increase in 2018. There's also 170% increase in policy abuse, much of which can be traced back to friendly fraud.

Not to sound alarmist, but here’s the simple truth: Fraudsters will continue avidly targeting online food ordering. Not only that, but the problem is going to get worse before it gets better.

Not to pay them a compliment, but fraudsters are very creative. They employ numerous methods to take advantage of merchants in every product category. Food and beverage sellers are no exception in that regard.

Fraudsters always work to come up with new avenues of attack against merchants. However, these four stand out as the biggest risk sources:

Card Testing. When fraudsters buy cardholder data in bulk online, they typically engage in card testing to determine which numbers are valid. They might try to run through hundreds of low ticket-value transactions in minutes using an automated process, and restaurants are a common target.

Friendly Fraud. It’s not uncommon for customers who are unsatisfied with some aspect of their meal to simply demand chargebacks rather than ask for refunds. This qualifies as friendly fraud. Some bad actors even place orders with the intent to file a chargeback later. It’s essentially a digital dine-and-dash.

Account Takeover (ATO). This occurs when a fraudster uses complete or partial account information to access a user’s existing account. ATO jumped 300% in 2017 alone and accounted for at least $4 billion in identified losses in 2018. As more food and beverage merchants embrace remote ordering, ATO incidents will continue rising.

Gift Card Fraud. Gift cards are a perennial favorite target for fraudsters. They’re easy to purchase and to resell, and there’s little way to track them. Fraudsters can use stolen cardholder information to purchase a cache of gift cards, then convert them into hundreds or thousands of dollars in cash in a matter of minutes.

Card-not-present transactions naturally incur a greater degree of risk. Merchants can’t verify their buyer’s identity in person, nor do they benefit from fraud mitigation tools like EMV chip technology.

This isn’t a problem limited to the food and beverage industry. However, this vertical does have several unique challenges.

Merchants are under immense pressure to accurately deliver a quality product in as little time as possible. All merchants experience this, but it’s acute in the food industry, where fulfillment is judged on a scale of minutes, not hours or days. The result is merchants can be incentivized to overlook due diligence in fraud detection.

There are other factors at play that actively draw fraudsters toward the food and beverage vertical. The prevalence of gift cards and customer accounts with online ordering apps in that vertical which were touched upon earlier are major draws, and both are difficult to detect.

It’s a difficult problem to address, but also one merchants can’t afford to ignore. More than 20% of shoppers blame the merchant for fraud incidents, even if it’s not their fault. This creates jeopardy for the merchant’s brand prestige.

For reprint and licensing requests for this article, click here.
Payment fraud Retailers Digital payments Mobile payments Risk ISO and agent
MORE FROM AMERICAN BANKER