Fraud and Cybersecurity Trends: What the Restaurant Industry Needs to Know

A lot of people would assume that fraud in the restaurant industry doesn’t extend beyond dine-and-dashers and bad checks, but those with experience in the industry, especially at the level of popular franchises and chains, will tell you that fraud is more common than most people recognize.

The food service industry has had a tough couple of years, and a large part of what has kept restaurants afloat has been a move to digitalization. Most restaurants will have seen an uptick in orders coming through delivery apps like Doordash and Grubhub, and many will have gone cashless or offered services like click and collect or digital menus and self-service kiosks. This has been invaluable, but any ‘card not present’ (CNP) transaction, in which there isn’t a member of staff taking a payment directly from a customer, opens up restaurants to fraud.

Like so much in the modern world, fraud has trends that ebb and flow as the economy, technology and culture change. As our mission is to help merchants prevent chargebacks, we get to see the results of this – there has definitely been a rise in fraud across all industries during the last two years – but we also look ahead to new trends that are on the rise. So, what might affect your restaurant in 2022?

Chargebacks Will Continue to Rise

Dine and dashes might not be possible when orders are made over delivery apps, but unscrupulous diners have found a way: ordering a delivery and initiating a chargeback. While calling a restaurant directly and claiming that an order didn’t arrive can be easily disputed by speaking with the delivery driver, chargebacks can be initiated days or weeks after a payment. Luckily for restaurants, most delivery apps don’t pass on the charge to merchants for chargebacks, but since they are so common you and every other restaurant are effectively ‘paying’ for them through increased fees.

Of course, anyone can visit a restaurant, pay for their food and initiate a chargeback at a later date, claiming that their card was stolen and used, the food was misrepresented, etc. – and this chargeback will be billed directly to your restaurant. Because it will come through a card processor rather from a customer themselves there will be little opportunity to contest it, for example checking security footage to prove that the cardholder did in fact make the order – for most restaurants it would be more trouble to dispute a claim for $30 than to just accept the loss. 

Customer Data Will be at Risk More than Ever

Restaurants don’t seem like a valuable target for hacking, but with increasing digitalization you could find that you are sitting on a goldmine of names, addresses and passwords that sophisticated fraudsters want.

Imagine that your restaurant has an ordering app or a website where diners can book a table. To make things easier you might allow returning customers to log in to your website with an email and password when they want to make another booking – this creates a vulnerability. 65% of people reuse passwords across multiple sites, so if bad actors get access to your list of passwords then they can try them with other sites and potentially do a lot of harm to your customers.

This has been a threat for a long time, but what has changed in the past years and what will come to the fore this year is that the bad actors themselves have been getting more sophisticated and have been sharing their expertise and tools. Now anyone with a Tor Browser and some bitcoins can get access to professional-level tools for taking data from companies like yours, and because larger companies can afford to bolster their digital defenses the only targets left will be smaller companies.

Digitalization Opens up New Avenues of Attack

The restaurant business is more connected than ever, but unfortunately we live in a world where even your lightbulbs can allow people entry into your private networks. With more ‘internet of things’ technology, fast 5G networks rolling out across the world and a rush to get restaurants connected to new sales channels as quickly as possible we are going to find that the vulnerabilities in these networks are going to be exploited, and that will mean an increase in fraud.

We may find more scenarios like those described above, where customer data is taken, but perhaps even more damaging is the potential for ransomware to enter through undefended internet-connected devices. Security researchers don’t mince words when talking about the threat that this represents after a year of high-profile attacks, and one could easily imagine a restaurant chain having its POS systems disabled or its refrigerators turned off and its owners blackmailed. Because ‘ransomware as a service’ is taking off so rapidly the barrier for entry for these type of attacks is much lower.

Securing Your Restaurant in 2022

Although data breaches and ransomware attacks can be devastating and shouldn’t be ignored, the biggest problem your restaurant will face will always be chargebacks – there are simply more people who will regret spending on a restaurant meal than there are sophisticated hacking groups. The idea that chargebacks are simply a cost of doing business like spoiled produce is being shown to be a mistake – it is possible to reduce chargebacks and successfully contest the chargebacks that you do receive. Given how many food service businesses operate on razor-thin profit margins, being able to reduce these costs by even a small percentage could make a big difference in 2022 and beyond.