As the coronavirus forced consumers to shift their purchasing habits, specifically to ordering food for takeout and delivery only, it also created new opportunities for fraud. To learn more about how restaurants have been targeted and why, HT spoke with Jeff Sakasegaw, Trust & Safety Architect at Sift, to learn how consumer and fraudster behavior is expected to fluctuate and what restaurant owners can expect.
How has COVID-19 changed the way restaurants operate?
The COVID-19 pandemic has permanently changed how the food and beverage industry operates with contactless/cashless payments, curbside pickup, and contactless delivery becoming the norm. As a result of these quick and dramatic shifts, full-service restaurants and QSRs not only saw a massive uptick in online orders at the onset of the pandemic but also an increase in fraud as fraudsters used the increased order volume to hide their fraudulent activity.
What are some examples of fraudulent schemes that have occurred during the pandemic?
Fraudsters ran all sorts of schemes from placing orders with stolen credit cards to taking advantage of social media posts, as depicted by this phony pizza promo. While relying on social media to disseminate information is a great way for restaurants and QSRs to engage with customers, advertising "now offering delivery!" tipped off fraudsters for quick marks to target. Additionally, restaurants saw an increase in “friendly fraud,” where legitimate customers claimed that food didn’t arrive (even if it did) and demanded a refund, as consumers potentially struggled with financial impacts related to the pandemic.
Anecdotally, we’re hearing from our customers that fraudsters are primarily using laptops/desktops, rather than mobile devices, to commit fraud. This channel allows fraudsters to easily run automated scripts, mask their identities, and use online versions of popular delivery apps, such as DoorDash and UberEats.
Why have cybercriminals been so successful in targeting restaurants?
Many restaurants may have little to no online fraud defenses in place because they haven't had to rely on delivery and takeout nearly as much as they do now. Because food orders must be fulfilled within a short period of time, giving a very short window in which restaurants can accept/or reject an order, implementing an automated fraud solution that can handle a high volume of orders at an accelerated rate is key. It is important that businesses take the necessary precautions against fraudsters by monitoring for suspicious behavior, such as exorbitantly large orders from first time customers or from billing zip codes far outside of your delivery area.
How long will restaurants be subject to this type of attack?
We're seeing fraud rates start to fall in this industry after a three week spike as the shift in demand is impacting volume-to-fraud ratios as opposed to there being any significant difference in fraud attempts. With the accelerated changes in consumer behavior since the pandemic restaurants must be diligent in protecting their business -- and their customers -- from online threats as they navigate the “new normal.”