Delivery Fraud: Fighting Scams to Protect Your Restaurant

Restaurant operators need to be aware of a number of  scams that food delivery apps  are dealing with now including:

• Promotional abuse – Bad actors using advanced fraud technology to abuse promos like “15% off when you sign up”
• Driver fraud – Verified drivers doing things like renting out their accounts to illegitimate drivers or spoofing their location
• Collusion – Harder to spot because most of the fraud happens off the app but can include a person ordering food, the driver delivering it and then the customer claiming they never got the food to get a refund

To learn more about these frauds and what restaurant operators can do to protect their businesses, Modern Restaurant Managemet (MRM) magazine reached out to Andre Ferraz, co-founder and CEO of Incognia, which provides next-generation identity solutions designed to enable secure and seamless digital experiences.

What are some common fraud activities you are seeing that affect restaurants?

In 2023, over 1.5 million restaurants in the U.S. were registered on food delivery platforms like Grubhub, DoorDash, and Uber Eats. These multi-sided businesses are complex and come with their own unique set of fraud challenges.

A big one is promotion abuse. Platforms will use promotions to incentivise different stakeholders, including consumers, drivers and restaurants. For example, an app might offer 15% off your first order. Legitimate users might use both their work and personal emails to take advantage of this once, but fraudsters will scale that approach to a whole different level. They will create multiple fake accounts in bulk and then sell them to those looking for a discount on food. When done on a large scale, this wastes the platform’s marketing budget and eventually leads them to cut down on promotions, slowing order volumes for restaurants. 

Promotion abuse can take other forms as well. One of the most complex is what we call “collusion”. In this fraud scheme, bad actors use different account types to simulate a legitimate order. They create a restaurant account, multiple driver accounts and many consumer accounts and manipulate the app by using these accounts to complete numerous fake orders. When collusion goes undetected, the platforms lose money and legitimate restaurants feel the downstream effect in numerous ways.

What are the consequences of this type of delivery fraud for the legitimate restaurants listed on the platform? 

Collusion fraud on delivery platforms severely impacts legitimate restaurants by distorting competition and damaging their reputation. Fake orders can lead to lower ratings and poor customer reviews, which diminishes the credibility of genuine restaurants and reduces consumer trust. Additionally, the inflated order volumes from fraudulent accounts can push legitimate restaurants lower in search rankings, causing them to lose visibility and customers. The financial strain is compounded when restaurants feel compelled to offer more promotions to keep up with artificially boosted competitors, which erodes profit margins.

Operational challenges also arise as fake orders overwhelm customer support and cause supply chain issues, such as overstocking or running out of popular items due to misleading demand patterns. Moreover, legitimate restaurants face increased transaction fees, penalties, and payment holds as platforms attempt to counteract fraud. These collective issues lead to a challenging environment, affecting not just the individual restaurants’ ability to compete fairly but also harming their long-term sustainability and profitability.

What factors are fueling food-app fraud?

The technology used to commit fraud is exponentially more advanced than it was just 10 years ago. Fraudsters have the necessary tools to scale their schemes at a rate that is detrimental to the restaurants and food delivery apps involved. For example, in promo abuse, technologies like Parallel Space and App Cloner enable fraudsters to sign into different accounts simultaneously and change certain features in the source code, allowing them to scale exponentially. 

But it doesn’t stop there. Bad acting couriers use GPS spoofing applications to give them the upper hand when competing for deliveries. Using this tool they can manipulate the location data their device shares with the delivery platform, allowing them to appear in a higher-fare area or claim a ride that is outside of the radius set by the platform. This results in customers waiting longer for their delivery and negatively impacts legitimate drivers operating without this unfair advantage. 

The sophistication of fraudsters, as a result of the tools used to scale their schemes, and the food delivery industry’s inability to keep up with evolving bad actors have fueled much of the fraudulent activity we’ve seen in this industry. In order to combat it, third-party food delivery providers need a persistent device fingerprint solution that takes a comprehensive approach to fraud prevention, combining device recognition signals, location analysis, and tamper detection features.

What are the third-party delivery providers doing to prevent fraud?

There are many metaphors to describe the relationship between fraudsters and fraud prevention teams—cat and mouse, tug of war, etc. When you boil it down, though, the truth is that fraudsters are fast. The most important thing to remember in fraud prevention is that you have to be just as fast as they are. The only real way to do that is to use technology solutions that can help you automate detection.

One of the most effective strategies is to implement a strong device ID provider. These solutions profile each device that engages with your app so that it can be uniquely identified. Pairing this device-level solution with others, like tamper detection, which evaluates whether the device has been manipulated, and behavior analysis, like location intelligence, which helps to identify the user regardless of which device they are using, can result in more accurate identification of repeat offenders, even after they try to mask their identities using methods like device factory reseting. Additionally, risk signals like location intelligence can enable food delivery providers to group bad accounts together, enabling a more effective approach to systematic fraud prevention.

What should restaurant operators do to be proactive about fraud prevention?

Restaurant operators can take several proactive steps to mitigate fraud risks on delivery platforms and protect their business:

1. Monitor Orders for Unusual Patterns

• Regularly review order details and look for signs of fraud, such as high-value transactions, multiple orders from the same address, or orders placed at odd hours. Setting up alerts for abnormal patterns can help quickly identify and address fraudulent activity.

2. Collaborate with Platform Support and Use Available Tools

• Leverage any fraud detection tools or dashboards provided by the delivery platforms to track potential risks. Building a relationship with the platform’s support team can also help expedite resolution when fraudulent activity is detected, and operators should report any suspicious behavior immediately.

3. Strengthen Account Security

• Secure access to the restaurant’s account by using strong, unique passwords, enabling two-factor authentication (2FA), and regularly updating account credentials. Limit account access to trusted personnel and review permissions periodically to prevent unauthorized changes.

4. Educate Staff on Fraud Awareness

• Train staff to recognize and respond to signs of fraud, both in online transactions and in the restaurant itself. Employees should know how to spot fake orders, unauthorized use of promotional codes, and other red flags, and they should be empowered to report concerns without delay.

5. Regularly Reconcile Transactions

• Stay on top of financial reconciliation by regularly comparing platform payouts with actual order history. Identifying discrepancies quickly can help catch potential fraud early and provide accurate data to support any claims made to the platform.

How can operators train staff to be cognizant of fraud?

It goes back to education. The restaurant staff needs to know what fraud looks like in their industry because it isn’t always easily recognizable. Resources like webinars and fraud prevention platform demos can help these individuals better understand what they should be looking for.

Additionally, having uniform policies will help with fraud detection and prevention. Having a clear refund policy can help staff detect suspicious behavior. Creating a plan for if fraud occurs for everyone to follow, with specific roles and responsibilities of each individual, can enable staff to feel empowered to react to fraud when they see it.