The Deep Dish on Food Delivery Fraud
It wasn’t that long ago that if you wanted fast and easy meal delivery, your options were pretty limited: pizza, maybe Chinese food. Thanks to the digital economy, we’re now living in an era of abundant delivery options, with apps that can summon up fine dining or fast food in a matter of minutes.
Unfortunately for merchants, a lot of fraud is getting served up alongside their legitimate orders. For a variety of reasons, the food delivery business is particularly attractive to fraudsters. What can merchants do to minimize food delivery fraud while continuing to give their customers the conveniences they want?
While apps like DoorDash, Grubhub, and Uber Eats have been making inroads into our collective dining habits for several years now, the COVID-19 pandemic of the past year has put a giant spotlight on services that deliver food, groceries, and other necessities of life, allowing shoppers to stay home, minimize outside contact, and avoid coming into contact with the virus.
More than 45 million Americans used food delivery services in 2020, an increase of 25% over the previous year.
Fraud is predictable—it follows the money. Any time an industry sector, like food delivery apps, sees an increase in usage and revenue, it’s a sure bet that fraudsters will be looking for ways to find vulnerabilities and take advantage. In food delivery, fraudsters have found targets that are appealing on a number of levels—and difficult for merchants to protect.
Whether you’re offering your own in-house ordering and delivery system or working through third-party apps, any merchants who offer online takeout and delivery services should learn about the current state of food delivery fraud and develop a plan to identify and weed out fraud to the best extent they can.
What is Food Delivery Fraud?
Food delivery fraud refers to any act of fraud where the targeted merchant is engaged in selling food for takeout or delivery. One of the big things that makes food delivery fraud different from other types of fraud is that the fraudster’s objective isn’t to convert stolen credit card numbers into goods that can be resold for cash—for the most part, food delivery fraudsters have every intention of eating their ill-gotten acquisitions.
Various fraud schemes may be involved in food delivery fraud:
- True Fraud
When a fraudster uses a stolen credit card number to make an unauthorized purchase with an unsuspecting merchant, that’s true fraud. The fraudster simply logs into the restaurant’s ordering system, places an order with somebody else’s credit card, and waits. If the merchant processes the transaction, the fraudster has scored a free meal—and confirmation that the card may be usable for future purchases.
- Account Takeover
Account takeover fraud occurs when a fraudster steals a user’s login credentials for a restaurant website or delivery app. Account takeover attacks can be particularly lucrative when food delivery is involved, because many restaurants and stores have loyalty programs that allow users to pay for meals with accumulated points. Fraudsters like this because they can cash out points to buy meals instead of trying to use stored payment cards, which may require them to know the card’s billing address or CVV.
- Friendly Fraud
Friendly fraud, also known as chargeback fraud, is extremely common in the world of food delivery. The fraudster simply orders a meal on their own card, then disputes the charge by falsely claiming that they never received it. With many delivery services offering no-contact, leave-at-the-door options for coronavirus-wary customers, it can be very difficult to disprove these claims.
Why is Food Delivery Fraud on the Rise?
The main thing driving the increase in food delivery fraud is the considerable growth in third-party options and consumer acceptance, but there are some other factors to consider as well.
One thing about food delivery is that it’s time sensitive—a customer about to order dinner has probably accounted for the likely delivery time, but if any additional delays stack on top of that, they might be looking for other alternatives.
Checkout friction can be a big problem for food merchants serving impatient customers, and anti-fraud screening can add noticeable friction to any checkout process. Some merchants err on the side of minimal friction by cutting back on security, which allows fraudulent transactions to slip by more easily.
This also means that food delivery is a great vehicle for card testing fraud, with the side benefit of getting some free food out of it. Fraudsters frequently buy stolen card credentials in bulk on the dark web, where many of them have already been reported lost or stolen.
“Testing” these cards by making small purchases allows fraudsters to see which ones are still usable, and food delivery is often a quick, low-risk way to try out a new card number.
How Can Merchants Protect Themselves?
For merchants in any industry, it’s tricky to decide how much fraud screening you can engage in before you’re alienating too many of your legitimate customers with friction or false flags.
Food delivery merchants are under a lot of pressure to complete transactions and fulfill orders quickly, but without adequate security you can quickly find your profits devoured by true fraud chargebacks. Analyzing your fraud and chargeback data can help teach you which fraud indicators are the most important to watch out for.
Strong password requirements, push notifications, and two-factor authentication can help reduce account takeover fraud.
When friendly fraud chargebacks arrive, you should fight them through the representment process, using app and transaction data to present compelling evidence that you authorized the transaction appropriately and followed the customer’s instructions.
The recent boom in the food delivery sector has given merchants a lot of new business opportunities, but whenever that happens it’s a sure bet that fraudsters will come to scavenge what they can.
Merchants must apply the best practices for fraud prevention to their food delivery operations and look for ways to reduce customer inconveniences without sacrificing security.
With the right data-driven approach, you can find ways to prevent and fight chargebacks while keeping your loyal customers coming back for the reliable and consistent service they’ve come to expect from you.