Fighting Fast Food Fraud

Fast food fraud has seen a 45-percent increase in the last year or so, largely driven by a digital transformation sea change that has made these restaurants more vulnerable, according to data from fraud prevention company Forter. Fast food restaurants are all about convenience with the latest step in providing convenience for guests being the welcoming of digital payments and corresponding loyalty apps. Unfortunately, the very same convenience that has been extended to consumers has also opened the door for bad actors.

To learn what restaurants need to know to better protect themselves from fraud, Modern Restaurant Manangement (MRM) magazine reached out to Doriel Abrahams, Principal Technologist at Forter.

Why is fast food fraud on the rise? Is there an idea that this is somewhat of a victimless crime?

There are two factors that make fast food fraud so appealing to fraudsters. First, reward programs turn physical goods into digital goods that are easy to move around, have no upper-value limit, and barely need monetization. Additionally, these schemes are extremely easy to scale up – making them a good basis for a “business.”

While some might view fast food fraud as a victimless crime, the reality is quite different as it negatively impacts both restaurants and genuine customers. Not only can fraudulent activities disrupt the customer experience, but they can lead to significant financial losses for both consumers and businesses. 

Without giving out too many specifics that might encourage bad actors, what are some common frauds restaurants experience?

There are a few common forms of fraud that restaurants are experiencing. The first is account takeover (ATO), which allows fraudsters to gain unauthorized access to accounts with stored funds, change the password, sell the account or use the account’s funds themselves. Fraudsters can also create multiple accounts and add funds to them using stolen payment methods.

When leveraging ATO and accounts with stolen payment methods, fraudsters can either sell the entire account or use the stolen payment methods to sell goods at a “discounted” price to unsuspecting consumers, particularly those that frequent groups focused on couponing, frugal living, etc. It’s become much more common to see bad actors setting up “businesses” on social media platforms offering these discounted services, with the excuse that they pay less when they buy in bulk or that they can’t use the account themselves anymore. These crimes are extremely lucrative – in fact, accounts with funds are 6.5x more likely to be targeted.

Fraudsters are also drawn to special offers – known as promotions abuse. Restaurants often offer deals like “first burger on us” or “refer a friend and you both get $25.” These exclusive offers incentivise bad actors to open multiple accounts to take advantage of them. While one or two incidents might not be perceived as a big deal, the numbers add up quickly and can amount to millions of dollars in discounts given to untrustworthy shoppers. 

What should restaurant operators/managers look out for to prevent fraud? How can they incorporate fraud prevention into their training processes?

A common misconception is that fraud is less likely to occur in a restaurant due to low order values and the inability to resell stolen products. While luxury retailers in contrast might be a more obvious target for fraud, restaurants are still lucrative for bad actors. Being acutely aware of the risk restaurants face is the first step. Having these fraud scenarios in mind will naturally change the way restaurants introduce new offerings and how they train their teams.  

Restaurant operators and managers need to stay vigilant for any type of fraudulent activity, including irregular login attempts, suspicious online behavior, and patterns of unauthorized access and regularly update security protocols to stay ahead of emerging forms of fraud. 

What should restaurant owners do to protect themselves from fraud?

The restaurant business relies on everything happening quickly which means operators have to prioritize automated, real-time fraudprevention. Customer experience is king, and creating unnecessary delays because of slow fraud decisioning could result in lost business.

Restaurants should also rely on fraud prevention that focuses not only on the singular transaction/interaction, but on the actual identity that is transacting. Knowing who is behind a transaction – regardless of name, IP address or other easily manipulated attributes – is the key to stopping ATO and promotions abuse. 

The right fraud prevention process will allow owners to challenge suspicious identities, so that when an unrecognized activity is detected, an MFA step up challenge can verify the user.

How can loyalty programs be improved to better prevent fraud?

Above all else, restaurants can implement stricter verification processes, enable multi-factor authentication for loyalty accounts, and limit the number of active accounts that a user can have. But the trick is to only require additional verification for suspicious identities. That way, trustworthy customers continue to have a seamless experience. 

Over 85 percent of bad actors that have committed fast food fraud are “returning fraudsters,” showing that they are finding methods that work for them. By tracking and analyzing patterns in user behavior, teams will get better at identifying these returning fraudsters and removing them from their platforms – even if they’re using a different IP address, location, device, etc.